From 1735d523968ac9585854980fa017db89c772def7 Mon Sep 17 00:00:00 2001
From: xpk <xpk@headdesk.me>
Date: Wed, 28 Jan 2026 16:10:13 +0800
Subject: [PATCH] feat: a couple of starter ssm documents which uses aws:loop

---
 aws.ssm-documents/LoopWithCsv.yaml      | 51 +++++++++++++++++++++++++
 aws.ssm-documents/OrgAccountsPrint.yaml | 32 ++++++++++++++++
 2 files changed, 83 insertions(+)
 create mode 100644 aws.ssm-documents/LoopWithCsv.yaml
 create mode 100644 aws.ssm-documents/OrgAccountsPrint.yaml

diff --git a/aws.ssm-documents/LoopWithCsv.yaml b/aws.ssm-documents/LoopWithCsv.yaml
new file mode 100644
index 0000000..3defef9
--- /dev/null
+++ b/aws.ssm-documents/LoopWithCsv.yaml
@@ -0,0 +1,51 @@
+schemaVersion: '0.3'
+mainSteps:
+  - name: GetParameter
+    action: aws:executeAwsApi
+    nextStep: ConvertInputToList
+    isEnd: false
+    # parameter contains comma separated ids (i.e. 111111111111,222222222222)
+    inputs:
+      Service: ssm
+      Api: GetParameter
+      Name: some-parameter
+    outputs:
+      - Name: Accounts
+        Selector: $.Parameter.Value
+        Type: String
+  # input needs to be transformed to a list of string in order to be used by aws:loop
+  - name: ConvertInputToList
+    action: aws:executeScript
+    nextStep: Loop
+    isEnd: false
+    inputs:
+      Runtime: python3.11
+      Handler: script_handler
+      InputPayload:
+        accounts: '{{ GetParameter.Accounts }}'
+      Script: |
+        def script_handler(events, context):
+          return events['accounts'].split(',')
+    outputs:
+      - Name: AccountList
+        Selector: $.Payload
+        Type: StringList
+  - name: Loop
+    action: aws:loop
+    isEnd: true
+    inputs:
+      Iterators: '{{ ConvertInputToList.AccountList }}'
+      IteratorDataType: String
+      Steps:
+        - name: PrintInput
+          action: aws:executeScript
+          isEnd: true
+          inputs:
+            Runtime: python3.11
+            Handler: script_handler
+            InputPayload:
+              accountId: '{{Loop.CurrentIteratorValue}}'
+            Script: |
+              def script_handler(events,context):
+                return {"accountId": events.get('accountId')}
+
diff --git a/aws.ssm-documents/OrgAccountsPrint.yaml b/aws.ssm-documents/OrgAccountsPrint.yaml
new file mode 100644
index 0000000..bd75070
--- /dev/null
+++ b/aws.ssm-documents/OrgAccountsPrint.yaml
@@ -0,0 +1,32 @@
+schemaVersion: '0.3'
+mainSteps:
+  - name: ListAccounts
+    action: aws:executeAwsApi
+    nextStep: Loop
+    isEnd: false
+    inputs:
+      Service: organizations
+      Api: ListAccounts
+    outputs:
+      - Type: StringList
+        Name: Accounts
+        Selector: $.Accounts..Id
+  - name: Loop
+    action: aws:loop
+    isEnd: true
+    inputs:
+      Iterators: '{{ ListAccounts.Accounts }}'
+      IteratorDataType: StringList
+      Steps:
+        - name: PrintInput
+          action: aws:executeScript
+          isEnd: true
+          inputs:
+            Runtime: python3.11
+            Handler: script_handler
+            InputPayload:
+              accountId: '{{Loop.CurrentIteratorValue}}'
+            Script: |
+              def script_handler(events,context):
+                return {"accountId": events.get('accountId')}
+