Amazon Simple Systems Manager (SSM)

2017/07/06 - Amazon Simple Systems Manager (SSM) - 9 updated api methods

Changes  Amazon EC2 Systems Manager now expands Patching support to Amazon Linux, Red Hat and Ubuntu in addition to the already supported Windows Server.

CreatePatchBaseline (updated) Link ¶
Changes (request)
{'ApprovalRules': {'PatchRules': {'ComplianceLevel': 'CRITICAL | HIGH | MEDIUM '
                                                     '| LOW | INFORMATIONAL | '
                                                     'UNSPECIFIED',
                                  'PatchFilterGroup': {'PatchFilters': {'Key': ['SEVERITY',
                                                                                'PRIORITY',
                                                                                'SECTION']}}}},
 'ApprovedPatchesComplianceLevel': 'CRITICAL | HIGH | MEDIUM | LOW | '
                                   'INFORMATIONAL | UNSPECIFIED',
 'GlobalFilters': {'PatchFilters': {'Key': ['SEVERITY',
                                            'PRIORITY',
                                            'SECTION']}},
 'OperatingSystem': 'WINDOWS | AMAZON_LINUX | UBUNTU | REDHAT_ENTERPRISE_LINUX'}

Creates a patch baseline.

See also: AWS API Documentation

Request Syntax

client.create_patch_baseline(
    OperatingSystem='WINDOWS'|'AMAZON_LINUX'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX',
    Name='string',
    GlobalFilters={
        'PatchFilters': [
            {
                'Key': 'PRODUCT'|'CLASSIFICATION'|'MSRC_SEVERITY'|'PATCH_ID'|'SECTION'|'PRIORITY'|'SEVERITY',
                'Values': [
                    'string',
                ]
            },
        ]
    },
    ApprovalRules={
        'PatchRules': [
            {
                'PatchFilterGroup': {
                    'PatchFilters': [
                        {
                            'Key': 'PRODUCT'|'CLASSIFICATION'|'MSRC_SEVERITY'|'PATCH_ID'|'SECTION'|'PRIORITY'|'SEVERITY',
                            'Values': [
                                'string',
                            ]
                        },
                    ]
                },
                'ComplianceLevel': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED',
                'ApproveAfterDays': 123
            },
        ]
    },
    ApprovedPatches=[
        'string',
    ],
    ApprovedPatchesComplianceLevel='CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED',
    RejectedPatches=[
        'string',
    ],
    Description='string',
    ClientToken='string'
)
type OperatingSystem

string

param OperatingSystem

Defines the operating system the patch baseline applies to. Supported operating systems include WINDOWS, AMAZON_LINUX, UBUNTU and REDHAT_ENTERPRISE_LINUX. The Default value is WINDOWS.

type Name

string

param Name

[REQUIRED]

The name of the patch baseline.

type GlobalFilters

dict

param GlobalFilters

A set of global filters used to exclude patches from the baseline.

  • PatchFilters (list) -- [REQUIRED]

    The set of patch filters that make up the group.

    • (dict) --

      Defines a patch filter.

      • Key (string) -- [REQUIRED]

        The key for the filter (PRODUCT, CLASSIFICATION, MSRC_SEVERITY, PATCH_ID)

      • Values (list) -- [REQUIRED]

        The value for the filter key.

        • (string) --

type ApprovalRules

dict

param ApprovalRules

A set of rules used to include patches in the baseline.

  • PatchRules (list) -- [REQUIRED]

    The rules that make up the rule group.

    • (dict) --

      Defines an approval rule for a patch baseline.

      • PatchFilterGroup (dict) -- [REQUIRED]

        The patch filter group that defines the criteria for the rule.

        • PatchFilters (list) -- [REQUIRED]

          The set of patch filters that make up the group.

          • (dict) --

            Defines a patch filter.

            • Key (string) -- [REQUIRED]

              The key for the filter (PRODUCT, CLASSIFICATION, MSRC_SEVERITY, PATCH_ID)

            • Values (list) -- [REQUIRED]

              The value for the filter key.

              • (string) --

      • ComplianceLevel (string) --

        A compliance severity level for all approved patches in a patch baseline. Valid compliance severity levels include the following: Unspecified, Critical, High, Medium, Low, and Informational.

      • ApproveAfterDays (integer) -- [REQUIRED]

        The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline.

type ApprovedPatches

list

param ApprovedPatches

A list of explicitly approved patches for the baseline.

  • (string) --

type ApprovedPatchesComplianceLevel

string

param ApprovedPatchesComplianceLevel

Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid compliance severity levels include the following: CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.

type RejectedPatches

list

param RejectedPatches

A list of explicitly rejected patches for the baseline.

  • (string) --

type Description

string

param Description

A description of the patch baseline.

type ClientToken

string

param ClientToken

User-provided idempotency token.

This field is autopopulated if not provided.

rtype

dict

returns

Response Syntax

{
    'BaselineId': 'string'
}

Response Structure

  • (dict) --

    • BaselineId (string) --

      The ID of the created patch baseline.

DescribeEffectivePatchesForPatchBaseline (updated) Link ¶
Changes (response)
{'EffectivePatches': {'PatchStatus': {'ComplianceLevel': 'CRITICAL | HIGH | '
                                                         'MEDIUM | LOW | '
                                                         'INFORMATIONAL | '
                                                         'UNSPECIFIED'}}}

Retrieves the current effective patches (the patch and the approval state) for the specified patch baseline. Note that this API applies only to Windows patch baselines.

See also: AWS API Documentation

Request Syntax

client.describe_effective_patches_for_patch_baseline(
    BaselineId='string',
    MaxResults=123,
    NextToken='string'
)
type BaselineId

string

param BaselineId

[REQUIRED]

The ID of the patch baseline to retrieve the effective patches for.

type MaxResults

integer

param MaxResults

The maximum number of patches to return (per page).

type NextToken

string

param NextToken

The token for the next set of items to return. (You received this token from a previous call.)

rtype

dict

returns

Response Syntax

{
    'EffectivePatches': [
        {
            'Patch': {
                'Id': 'string',
                'ReleaseDate': datetime(2015, 1, 1),
                'Title': 'string',
                'Description': 'string',
                'ContentUrl': 'string',
                'Vendor': 'string',
                'ProductFamily': 'string',
                'Product': 'string',
                'Classification': 'string',
                'MsrcSeverity': 'string',
                'KbNumber': 'string',
                'MsrcNumber': 'string',
                'Language': 'string'
            },
            'PatchStatus': {
                'DeploymentStatus': 'APPROVED'|'PENDING_APPROVAL'|'EXPLICIT_APPROVED'|'EXPLICIT_REJECTED',
                'ComplianceLevel': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED',
                'ApprovalDate': datetime(2015, 1, 1)
            }
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • EffectivePatches (list) --

      An array of patches and patch status.

      • (dict) --

        The EffectivePatch structure defines metadata about a patch along with the approval state of the patch in a particular patch baseline. The approval state includes information about whether the patch is currently approved, due to be approved by a rule, explicitly approved, or explicitly rejected and the date the patch was or will be approved.

        • Patch (dict) --

          Provides metadata for a patch, including information such as the KB ID, severity, classification and a URL for where more information can be obtained about the patch.

          • Id (string) --

            The ID of the patch (this is different than the Microsoft Knowledge Base ID).

          • ReleaseDate (datetime) --

            The date the patch was released.

          • Title (string) --

            The title of the patch.

          • Description (string) --

            The description of the patch.

          • ContentUrl (string) --

            The URL where more information can be obtained about the patch.

          • Vendor (string) --

            The name of the vendor providing the patch.

          • ProductFamily (string) --

            The product family the patch is applicable for (for example, Windows).

          • Product (string) --

            The specific product the patch is applicable for (for example, WindowsServer2016).

          • Classification (string) --

            The classification of the patch (for example, SecurityUpdates, Updates, CriticalUpdates).

          • MsrcSeverity (string) --

            The severity of the patch (for example Critical, Important, Moderate).

          • KbNumber (string) --

            The Microsoft Knowledge Base ID of the patch.

          • MsrcNumber (string) --

            The ID of the MSRC bulletin the patch is related to.

          • Language (string) --

            The language of the patch if it's language-specific.

        • PatchStatus (dict) --

          The status of the patch in a patch baseline. This includes information about whether the patch is currently approved, due to be approved by a rule, explicitly approved, or explicitly rejected and the date the patch was or will be approved.

          • DeploymentStatus (string) --

            The approval status of a patch (APPROVED, PENDING_APPROVAL, EXPLICIT_APPROVED, EXPLICIT_REJECTED).

          • ComplianceLevel (string) --

            The compliance severity level for a patch.

          • ApprovalDate (datetime) --

            The date the patch was approved (or will be approved if the status is PENDING_APPROVAL).

    • NextToken (string) --

      The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

DescribePatchBaselines (updated) Link ¶
Changes (response)
{'BaselineIdentities': {'OperatingSystem': 'WINDOWS | AMAZON_LINUX | UBUNTU | '
                                           'REDHAT_ENTERPRISE_LINUX'}}

Lists the patch baselines in your AWS account.

See also: AWS API Documentation

Request Syntax

client.describe_patch_baselines(
    Filters=[
        {
            'Key': 'string',
            'Values': [
                'string',
            ]
        },
    ],
    MaxResults=123,
    NextToken='string'
)
type Filters

list

param Filters

Each element in the array is a structure containing:

Key: (string, "NAME_PREFIX" or "OWNER")

Value: (array of strings, exactly 1 entry, between 1 and 255 characters)

  • (dict) --

    Defines a filter used in Patch Manager APIs.

    • Key (string) --

      The key for the filter.

    • Values (list) --

      The value for the filter.

      • (string) --

type MaxResults

integer

param MaxResults

The maximum number of patch baselines to return (per page).

type NextToken

string

param NextToken

The token for the next set of items to return. (You received this token from a previous call.)

rtype

dict

returns

Response Syntax

{
    'BaselineIdentities': [
        {
            'BaselineId': 'string',
            'BaselineName': 'string',
            'OperatingSystem': 'WINDOWS'|'AMAZON_LINUX'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX',
            'BaselineDescription': 'string',
            'DefaultBaseline': True|False
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • BaselineIdentities (list) --

      An array of PatchBaselineIdentity elements.

      • (dict) --

        Defines the basic information about a patch baseline.

        • BaselineId (string) --

          The ID of the patch baseline.

        • BaselineName (string) --

          The name of the patch baseline.

        • OperatingSystem (string) --

          Defines the operating system the patch baseline applies to. Supported operating systems include WINDOWS, AMAZON_LINUX, UBUNTU and REDHAT_ENTERPRISE_LINUX. The Default value is WINDOWS.

        • BaselineDescription (string) --

          The description of the patch baseline.

        • DefaultBaseline (boolean) --

          Whether this is the default baseline. Note that Systems Manager supports creating multiple default patch baselines. For example, you can create a default patch baseline for each operating system.

    • NextToken (string) --

      The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

DescribePatchGroups (updated) Link ¶
Changes (request, response)
Request
{'Filters': [{'Key': 'string', 'Values': ['string']}]}
Response
{'Mappings': {'BaselineIdentity': {'OperatingSystem': 'WINDOWS | AMAZON_LINUX '
                                                      '| UBUNTU | '
                                                      'REDHAT_ENTERPRISE_LINUX'}}}

Lists all patch groups that have been registered with patch baselines.

See also: AWS API Documentation

Request Syntax

client.describe_patch_groups(
    MaxResults=123,
    Filters=[
        {
            'Key': 'string',
            'Values': [
                'string',
            ]
        },
    ],
    NextToken='string'
)
type MaxResults

integer

param MaxResults

The maximum number of patch groups to return (per page).

type Filters

list

param Filters

One or more filters. Use a filter to return a more specific list of results.

  • (dict) --

    Defines a filter used in Patch Manager APIs.

    • Key (string) --

      The key for the filter.

    • Values (list) --

      The value for the filter.

      • (string) --

type NextToken

string

param NextToken

The token for the next set of items to return. (You received this token from a previous call.)

rtype

dict

returns

Response Syntax

{
    'Mappings': [
        {
            'PatchGroup': 'string',
            'BaselineIdentity': {
                'BaselineId': 'string',
                'BaselineName': 'string',
                'OperatingSystem': 'WINDOWS'|'AMAZON_LINUX'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX',
                'BaselineDescription': 'string',
                'DefaultBaseline': True|False
            }
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • Mappings (list) --

      Each entry in the array contains:

      PatchGroup: string (between 1 and 256 characters, Regex: ^([p{L}p{Z}p{N}_.:/=+-@]*)$)

      PatchBaselineIdentity: A PatchBaselineIdentity element.

      • (dict) --

        The mapping between a patch group and the patch baseline the patch group is registered with.

        • PatchGroup (string) --

          The name of the patch group registered with the patch baseline.

        • BaselineIdentity (dict) --

          The patch baseline the patch group is registered with.

          • BaselineId (string) --

            The ID of the patch baseline.

          • BaselineName (string) --

            The name of the patch baseline.

          • OperatingSystem (string) --

            Defines the operating system the patch baseline applies to. Supported operating systems include WINDOWS, AMAZON_LINUX, UBUNTU and REDHAT_ENTERPRISE_LINUX. The Default value is WINDOWS.

          • BaselineDescription (string) --

            The description of the patch baseline.

          • DefaultBaseline (boolean) --

            Whether this is the default baseline. Note that Systems Manager supports creating multiple default patch baselines. For example, you can create a default patch baseline for each operating system.

    • NextToken (string) --

      The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

GetDefaultPatchBaseline (updated) Link ¶
Changes (both)
{'OperatingSystem': 'WINDOWS | AMAZON_LINUX | UBUNTU | REDHAT_ENTERPRISE_LINUX'}

Retrieves the default patch baseline. Note that Systems Manager supports creating multiple default patch baselines. For example, you can create a default patch baseline for each operating system.

See also: AWS API Documentation

Request Syntax

client.get_default_patch_baseline(
    OperatingSystem='WINDOWS'|'AMAZON_LINUX'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'
)
type OperatingSystem

string

param OperatingSystem

Returns the default patch baseline for the specified operating system.

rtype

dict

returns

Response Syntax

{
    'BaselineId': 'string',
    'OperatingSystem': 'WINDOWS'|'AMAZON_LINUX'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'
}

Response Structure

  • (dict) --

    • BaselineId (string) --

      The ID of the default patch baseline.

    • OperatingSystem (string) --

      The operating system for the returned patch baseline.

GetDeployablePatchSnapshotForInstance (updated) Link ¶
Changes (response)
{'Product': 'string'}

Retrieves the current snapshot for the patch baseline the instance uses. This API is primarily used by the AWS-RunPatchBaseline Systems Manager document.

See also: AWS API Documentation

Request Syntax

client.get_deployable_patch_snapshot_for_instance(
    InstanceId='string',
    SnapshotId='string'
)
type InstanceId

string

param InstanceId

[REQUIRED]

The ID of the instance for which the appropriate patch snapshot should be retrieved.

type SnapshotId

string

param SnapshotId

[REQUIRED]

The user-defined snapshot ID.

rtype

dict

returns

Response Syntax

{
    'InstanceId': 'string',
    'SnapshotId': 'string',
    'SnapshotDownloadUrl': 'string',
    'Product': 'string'
}

Response Structure

  • (dict) --

    • InstanceId (string) --

      The ID of the instance.

    • SnapshotId (string) --

      The user-defined snapshot ID.

    • SnapshotDownloadUrl (string) --

      A pre-signed Amazon S3 URL that can be used to download the patch snapshot.

    • Product (string) --

      Returns the specific operating system (for example Windows Server 2012 or Amazon Linux 2015.09) on the instance for the specified patch snapshot.

GetPatchBaseline (updated) Link ¶
Changes (response)
{'ApprovalRules': {'PatchRules': {'ComplianceLevel': 'CRITICAL | HIGH | MEDIUM '
                                                     '| LOW | INFORMATIONAL | '
                                                     'UNSPECIFIED',
                                  'PatchFilterGroup': {'PatchFilters': {'Key': ['SEVERITY',
                                                                                'PRIORITY',
                                                                                'SECTION']}}}},
 'ApprovedPatchesComplianceLevel': 'CRITICAL | HIGH | MEDIUM | LOW | '
                                   'INFORMATIONAL | UNSPECIFIED',
 'GlobalFilters': {'PatchFilters': {'Key': ['SEVERITY',
                                            'PRIORITY',
                                            'SECTION']}},
 'OperatingSystem': 'WINDOWS | AMAZON_LINUX | UBUNTU | REDHAT_ENTERPRISE_LINUX'}

Retrieves information about a patch baseline.

See also: AWS API Documentation

Request Syntax

client.get_patch_baseline(
    BaselineId='string'
)
type BaselineId

string

param BaselineId

[REQUIRED]

The ID of the patch baseline to retrieve.

rtype

dict

returns

Response Syntax

{
    'BaselineId': 'string',
    'Name': 'string',
    'OperatingSystem': 'WINDOWS'|'AMAZON_LINUX'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX',
    'GlobalFilters': {
        'PatchFilters': [
            {
                'Key': 'PRODUCT'|'CLASSIFICATION'|'MSRC_SEVERITY'|'PATCH_ID'|'SECTION'|'PRIORITY'|'SEVERITY',
                'Values': [
                    'string',
                ]
            },
        ]
    },
    'ApprovalRules': {
        'PatchRules': [
            {
                'PatchFilterGroup': {
                    'PatchFilters': [
                        {
                            'Key': 'PRODUCT'|'CLASSIFICATION'|'MSRC_SEVERITY'|'PATCH_ID'|'SECTION'|'PRIORITY'|'SEVERITY',
                            'Values': [
                                'string',
                            ]
                        },
                    ]
                },
                'ComplianceLevel': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED',
                'ApproveAfterDays': 123
            },
        ]
    },
    'ApprovedPatches': [
        'string',
    ],
    'ApprovedPatchesComplianceLevel': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED',
    'RejectedPatches': [
        'string',
    ],
    'PatchGroups': [
        'string',
    ],
    'CreatedDate': datetime(2015, 1, 1),
    'ModifiedDate': datetime(2015, 1, 1),
    'Description': 'string'
}

Response Structure

  • (dict) --

    • BaselineId (string) --

      The ID of the retrieved patch baseline.

    • Name (string) --

      The name of the patch baseline.

    • OperatingSystem (string) --

      Returns the operating system specified for the patch baseline.

    • GlobalFilters (dict) --

      A set of global filters used to exclude patches from the baseline.

      • PatchFilters (list) --

        The set of patch filters that make up the group.

        • (dict) --

          Defines a patch filter.

          • Key (string) --

            The key for the filter (PRODUCT, CLASSIFICATION, MSRC_SEVERITY, PATCH_ID)

          • Values (list) --

            The value for the filter key.

            • (string) --

    • ApprovalRules (dict) --

      A set of rules used to include patches in the baseline.

      • PatchRules (list) --

        The rules that make up the rule group.

        • (dict) --

          Defines an approval rule for a patch baseline.

          • PatchFilterGroup (dict) --

            The patch filter group that defines the criteria for the rule.

            • PatchFilters (list) --

              The set of patch filters that make up the group.

              • (dict) --

                Defines a patch filter.

                • Key (string) --

                  The key for the filter (PRODUCT, CLASSIFICATION, MSRC_SEVERITY, PATCH_ID)

                • Values (list) --

                  The value for the filter key.

                  • (string) --

          • ComplianceLevel (string) --

            A compliance severity level for all approved patches in a patch baseline. Valid compliance severity levels include the following: Unspecified, Critical, High, Medium, Low, and Informational.

          • ApproveAfterDays (integer) --

            The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline.

    • ApprovedPatches (list) --

      A list of explicitly approved patches for the baseline.

      • (string) --

    • ApprovedPatchesComplianceLevel (string) --

      Returns the specified compliance severity level for approved patches in the patch baseline.

    • RejectedPatches (list) --

      A list of explicitly rejected patches for the baseline.

      • (string) --

    • PatchGroups (list) --

      Patch groups included in the patch baseline.

      • (string) --

    • CreatedDate (datetime) --

      The date the patch baseline was created.

    • ModifiedDate (datetime) --

      The date the patch baseline was last modified.

    • Description (string) --

      A description of the patch baseline.

GetPatchBaselineForPatchGroup (updated) Link ¶
Changes (both)
{'OperatingSystem': 'WINDOWS | AMAZON_LINUX | UBUNTU | REDHAT_ENTERPRISE_LINUX'}

Retrieves the patch baseline that should be used for the specified patch group.

See also: AWS API Documentation

Request Syntax

client.get_patch_baseline_for_patch_group(
    PatchGroup='string',
    OperatingSystem='WINDOWS'|'AMAZON_LINUX'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'
)
type PatchGroup

string

param PatchGroup

[REQUIRED]

The name of the patch group whose patch baseline should be retrieved.

type OperatingSystem

string

param OperatingSystem

Returns he operating system rule specified for patch groups using the patch baseline.

rtype

dict

returns

Response Syntax

{
    'BaselineId': 'string',
    'PatchGroup': 'string',
    'OperatingSystem': 'WINDOWS'|'AMAZON_LINUX'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'
}

Response Structure

  • (dict) --

    • BaselineId (string) --

      The ID of the patch baseline that should be used for the patch group.

    • PatchGroup (string) --

      The name of the patch group.

    • OperatingSystem (string) --

      The operating system rule specified for patch groups using the patch baseline.

UpdatePatchBaseline (updated) Link ¶
Changes (request, response)
Request
{'ApprovalRules': {'PatchRules': {'ComplianceLevel': 'CRITICAL | HIGH | MEDIUM '
                                                     '| LOW | INFORMATIONAL | '
                                                     'UNSPECIFIED',
                                  'PatchFilterGroup': {'PatchFilters': {'Key': ['SEVERITY',
                                                                                'PRIORITY',
                                                                                'SECTION']}}}},
 'ApprovedPatchesComplianceLevel': 'CRITICAL | HIGH | MEDIUM | LOW | '
                                   'INFORMATIONAL | UNSPECIFIED',
 'GlobalFilters': {'PatchFilters': {'Key': ['SEVERITY',
                                            'PRIORITY',
                                            'SECTION']}}}
Response
{'ApprovalRules': {'PatchRules': {'ComplianceLevel': 'CRITICAL | HIGH | MEDIUM '
                                                     '| LOW | INFORMATIONAL | '
                                                     'UNSPECIFIED',
                                  'PatchFilterGroup': {'PatchFilters': {'Key': ['SEVERITY',
                                                                                'PRIORITY',
                                                                                'SECTION']}}}},
 'ApprovedPatchesComplianceLevel': 'CRITICAL | HIGH | MEDIUM | LOW | '
                                   'INFORMATIONAL | UNSPECIFIED',
 'GlobalFilters': {'PatchFilters': {'Key': ['SEVERITY',
                                            'PRIORITY',
                                            'SECTION']}},
 'OperatingSystem': 'WINDOWS | AMAZON_LINUX | UBUNTU | REDHAT_ENTERPRISE_LINUX'}

Modifies an existing patch baseline. Fields not specified in the request are left unchanged.

See also: AWS API Documentation

Request Syntax

client.update_patch_baseline(
    BaselineId='string',
    Name='string',
    GlobalFilters={
        'PatchFilters': [
            {
                'Key': 'PRODUCT'|'CLASSIFICATION'|'MSRC_SEVERITY'|'PATCH_ID'|'SECTION'|'PRIORITY'|'SEVERITY',
                'Values': [
                    'string',
                ]
            },
        ]
    },
    ApprovalRules={
        'PatchRules': [
            {
                'PatchFilterGroup': {
                    'PatchFilters': [
                        {
                            'Key': 'PRODUCT'|'CLASSIFICATION'|'MSRC_SEVERITY'|'PATCH_ID'|'SECTION'|'PRIORITY'|'SEVERITY',
                            'Values': [
                                'string',
                            ]
                        },
                    ]
                },
                'ComplianceLevel': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED',
                'ApproveAfterDays': 123
            },
        ]
    },
    ApprovedPatches=[
        'string',
    ],
    ApprovedPatchesComplianceLevel='CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED',
    RejectedPatches=[
        'string',
    ],
    Description='string'
)
type BaselineId

string

param BaselineId

[REQUIRED]

The ID of the patch baseline to update.

type Name

string

param Name

The name of the patch baseline.

type GlobalFilters

dict

param GlobalFilters

A set of global filters used to exclude patches from the baseline.

  • PatchFilters (list) -- [REQUIRED]

    The set of patch filters that make up the group.

    • (dict) --

      Defines a patch filter.

      • Key (string) -- [REQUIRED]

        The key for the filter (PRODUCT, CLASSIFICATION, MSRC_SEVERITY, PATCH_ID)

      • Values (list) -- [REQUIRED]

        The value for the filter key.

        • (string) --

type ApprovalRules

dict

param ApprovalRules

A set of rules used to include patches in the baseline.

  • PatchRules (list) -- [REQUIRED]

    The rules that make up the rule group.

    • (dict) --

      Defines an approval rule for a patch baseline.

      • PatchFilterGroup (dict) -- [REQUIRED]

        The patch filter group that defines the criteria for the rule.

        • PatchFilters (list) -- [REQUIRED]

          The set of patch filters that make up the group.

          • (dict) --

            Defines a patch filter.

            • Key (string) -- [REQUIRED]

              The key for the filter (PRODUCT, CLASSIFICATION, MSRC_SEVERITY, PATCH_ID)

            • Values (list) -- [REQUIRED]

              The value for the filter key.

              • (string) --

      • ComplianceLevel (string) --

        A compliance severity level for all approved patches in a patch baseline. Valid compliance severity levels include the following: Unspecified, Critical, High, Medium, Low, and Informational.

      • ApproveAfterDays (integer) -- [REQUIRED]

        The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline.

type ApprovedPatches

list

param ApprovedPatches

A list of explicitly approved patches for the baseline.

  • (string) --

type ApprovedPatchesComplianceLevel

string

param ApprovedPatchesComplianceLevel

Assigns a new compliance severity level to an existing patch baseline.

type RejectedPatches

list

param RejectedPatches

A list of explicitly rejected patches for the baseline.

  • (string) --

type Description

string

param Description

A description of the patch baseline.

rtype

dict

returns

Response Syntax

{
    'BaselineId': 'string',
    'Name': 'string',
    'OperatingSystem': 'WINDOWS'|'AMAZON_LINUX'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX',
    'GlobalFilters': {
        'PatchFilters': [
            {
                'Key': 'PRODUCT'|'CLASSIFICATION'|'MSRC_SEVERITY'|'PATCH_ID'|'SECTION'|'PRIORITY'|'SEVERITY',
                'Values': [
                    'string',
                ]
            },
        ]
    },
    'ApprovalRules': {
        'PatchRules': [
            {
                'PatchFilterGroup': {
                    'PatchFilters': [
                        {
                            'Key': 'PRODUCT'|'CLASSIFICATION'|'MSRC_SEVERITY'|'PATCH_ID'|'SECTION'|'PRIORITY'|'SEVERITY',
                            'Values': [
                                'string',
                            ]
                        },
                    ]
                },
                'ComplianceLevel': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED',
                'ApproveAfterDays': 123
            },
        ]
    },
    'ApprovedPatches': [
        'string',
    ],
    'ApprovedPatchesComplianceLevel': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED',
    'RejectedPatches': [
        'string',
    ],
    'CreatedDate': datetime(2015, 1, 1),
    'ModifiedDate': datetime(2015, 1, 1),
    'Description': 'string'
}

Response Structure

  • (dict) --

    • BaselineId (string) --

      The ID of the deleted patch baseline.

    • Name (string) --

      The name of the patch baseline.

    • OperatingSystem (string) --

      The operating system rule used by the updated patch baseline.

    • GlobalFilters (dict) --

      A set of global filters used to exclude patches from the baseline.

      • PatchFilters (list) --

        The set of patch filters that make up the group.

        • (dict) --

          Defines a patch filter.

          • Key (string) --

            The key for the filter (PRODUCT, CLASSIFICATION, MSRC_SEVERITY, PATCH_ID)

          • Values (list) --

            The value for the filter key.

            • (string) --

    • ApprovalRules (dict) --

      A set of rules used to include patches in the baseline.

      • PatchRules (list) --

        The rules that make up the rule group.

        • (dict) --

          Defines an approval rule for a patch baseline.

          • PatchFilterGroup (dict) --

            The patch filter group that defines the criteria for the rule.

            • PatchFilters (list) --

              The set of patch filters that make up the group.

              • (dict) --

                Defines a patch filter.

                • Key (string) --

                  The key for the filter (PRODUCT, CLASSIFICATION, MSRC_SEVERITY, PATCH_ID)

                • Values (list) --

                  The value for the filter key.

                  • (string) --

          • ComplianceLevel (string) --

            A compliance severity level for all approved patches in a patch baseline. Valid compliance severity levels include the following: Unspecified, Critical, High, Medium, Low, and Informational.

          • ApproveAfterDays (integer) --

            The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline.

    • ApprovedPatches (list) --

      A list of explicitly approved patches for the baseline.

      • (string) --

    • ApprovedPatchesComplianceLevel (string) --

      The compliance severity level assigned to the patch baseline after the update completed.

    • RejectedPatches (list) --

      A list of explicitly rejected patches for the baseline.

      • (string) --

    • CreatedDate (datetime) --

      The date when the patch baseline was created.

    • ModifiedDate (datetime) --

      The date when the patch baseline was last modified.

    • Description (string) --

      A description of the Patch Baseline.