Amazon Simple Systems Manager (SSM)

2020/10/19 - Amazon Simple Systems Manager (SSM) - 1 updated api methods

Changes  This Patch Manager release now supports Common Vulnerabilities and Exposure (CVE) Ids for missing packages via the DescribeInstancePatches API.

DescribeInstancePatches (updated) Link ΒΆ
Changes (response)
{'Patches': {'CVEIds': 'string'}}

Retrieves information about the patches on the specified instance and their state relative to the patch baseline being used for the instance.

See also: AWS API Documentation

Request Syntax

            'Key': 'string',
            'Values': [
type InstanceId


param InstanceId


The ID of the instance whose patch state information should be retrieved.

type Filters


param Filters

An array of structures. Each entry in the array is a structure containing a Key, Value combination. Valid values for Key are Classification | KBId | Severity | State .

  • (dict) --

    Defines a filter used in Patch Manager APIs.

    • Key (string) --

      The key for the filter.

    • Values (list) --

      The value for the filter.

      • (string) --

type NextToken


param NextToken

The token for the next set of items to return. (You received this token from a previous call.)

type MaxResults


param MaxResults

The maximum number of patches to return (per page).




Response Syntax

    'Patches': [
            'Title': 'string',
            'KBId': 'string',
            'Classification': 'string',
            'Severity': 'string',
            'InstalledTime': datetime(2015, 1, 1),
            'CVEIds': 'string'
    'NextToken': 'string'

Response Structure

  • (dict) --

    • Patches (list) --

      Each entry in the array is a structure containing:

      Title (string)

      KBId (string)

      Classification (string)

      Severity (string)

      State (string, such as "INSTALLED" or "FAILED")

      InstalledTime (DateTime)

      InstalledBy (string)

      • (dict) --

        Information about the state of a patch on a particular instance as it relates to the patch baseline used to patch the instance.

        • Title (string) --

          The title of the patch.

        • KBId (string) --

          The operating system-specific ID of the patch.

        • Classification (string) --

          The classification of the patch (for example, SecurityUpdates, Updates, CriticalUpdates).

        • Severity (string) --

          The severity of the patch (for example, Critical, Important, Moderate).

        • State (string) --

          The state of the patch on the instance, such as INSTALLED or FAILED.

          For descriptions of each patch state, see About patch compliance in the AWS Systems Manager User Guide .

        • InstalledTime (datetime) --

          The date/time the patch was installed on the instance. Note that not all operating systems provide this level of information.

        • CVEIds (string) --

          The IDs of one or more Common Vulnerabilities and Exposure (CVE) issues that are resolved by the patch.

    • NextToken (string) --

      The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.