We recommend new projects start with resources from the AWS provider.
We recommend new projects start with resources from the AWS provider.
Resource Type definition for AWS::SSM::PatchBaseline
Example Usage
Example
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AwsNative = Pulumi.AwsNative;
return await Deployment.RunAsync(() =>
{
var myPatchBaseline = new AwsNative.Ssm.PatchBaseline("myPatchBaseline", new()
{
Name = "myPatchBaseline",
Description = "Baseline containing all updates approved for Windows instances",
OperatingSystem = AwsNative.Ssm.PatchBaselineOperatingSystem.Windows,
PatchGroups = new[]
{
"myPatchGroup",
},
ApprovalRules = new AwsNative.Ssm.Inputs.PatchBaselineRuleGroupArgs
{
PatchRules = new[]
{
new AwsNative.Ssm.Inputs.PatchBaselineRuleArgs
{
PatchFilterGroup = new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterGroupArgs
{
PatchFilters = new[]
{
new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
{
Values = new[]
{
"Critical",
"Important",
"Moderate",
},
Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.MsrcSeverity,
},
new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
{
Values = new[]
{
"SecurityUpdates",
"CriticalUpdates",
},
Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.Classification,
},
new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
{
Values = new[]
{
"WindowsServer2019",
},
Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.Product,
},
},
},
ApproveAfterDays = 7,
ComplianceLevel = AwsNative.Ssm.PatchBaselineRuleComplianceLevel.Critical,
},
new AwsNative.Ssm.Inputs.PatchBaselineRuleArgs
{
PatchFilterGroup = new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterGroupArgs
{
PatchFilters = new[]
{
new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
{
Values = new[]
{
"Critical",
"Important",
"Moderate",
},
Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.MsrcSeverity,
},
new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
{
Values = new[]
{
"*",
},
Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.Classification,
},
new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
{
Values = new[]
{
"APPLICATION",
},
Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.PatchSet,
},
new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
{
Values = new[]
{
"Active Directory Rights Management Services Client 2.0",
},
Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.Product,
},
new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
{
Values = new[]
{
"Active Directory",
},
Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.ProductFamily,
},
},
},
ApproveAfterDays = 7,
ComplianceLevel = AwsNative.Ssm.PatchBaselineRuleComplianceLevel.Critical,
},
},
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws-native/sdk/go/aws/ssm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ssm.NewPatchBaseline(ctx, "myPatchBaseline", &ssm.PatchBaselineArgs{
Name: pulumi.String("myPatchBaseline"),
Description: pulumi.String("Baseline containing all updates approved for Windows instances"),
OperatingSystem: ssm.PatchBaselineOperatingSystemWindows,
PatchGroups: pulumi.StringArray{
pulumi.String("myPatchGroup"),
},
ApprovalRules: &ssm.PatchBaselineRuleGroupArgs{
PatchRules: ssm.PatchBaselineRuleArray{
&ssm.PatchBaselineRuleArgs{
PatchFilterGroup: &ssm.PatchBaselinePatchFilterGroupArgs{
PatchFilters: ssm.PatchBaselinePatchFilterArray{
&ssm.PatchBaselinePatchFilterArgs{
Values: pulumi.StringArray{
pulumi.String("Critical"),
pulumi.String("Important"),
pulumi.String("Moderate"),
},
Key: ssm.PatchBaselinePatchFilterKeyMsrcSeverity,
},
&ssm.PatchBaselinePatchFilterArgs{
Values: pulumi.StringArray{
pulumi.String("SecurityUpdates"),
pulumi.String("CriticalUpdates"),
},
Key: ssm.PatchBaselinePatchFilterKeyClassification,
},
&ssm.PatchBaselinePatchFilterArgs{
Values: pulumi.StringArray{
pulumi.String("WindowsServer2019"),
},
Key: ssm.PatchBaselinePatchFilterKeyProduct,
},
},
},
ApproveAfterDays: pulumi.Int(7),
ComplianceLevel: ssm.PatchBaselineRuleComplianceLevelCritical,
},
&ssm.PatchBaselineRuleArgs{
PatchFilterGroup: &ssm.PatchBaselinePatchFilterGroupArgs{
PatchFilters: ssm.PatchBaselinePatchFilterArray{
&ssm.PatchBaselinePatchFilterArgs{
Values: pulumi.StringArray{
pulumi.String("Critical"),
pulumi.String("Important"),
pulumi.String("Moderate"),
},
Key: ssm.PatchBaselinePatchFilterKeyMsrcSeverity,
},
&ssm.PatchBaselinePatchFilterArgs{
Values: pulumi.StringArray{
pulumi.String("*"),
},
Key: ssm.PatchBaselinePatchFilterKeyClassification,
},
&ssm.PatchBaselinePatchFilterArgs{
Values: pulumi.StringArray{
pulumi.String("APPLICATION"),
},
Key: ssm.PatchBaselinePatchFilterKeyPatchSet,
},
&ssm.PatchBaselinePatchFilterArgs{
Values: pulumi.StringArray{
pulumi.String("Active Directory Rights Management Services Client 2.0"),
},
Key: ssm.PatchBaselinePatchFilterKeyProduct,
},
&ssm.PatchBaselinePatchFilterArgs{
Values: pulumi.StringArray{
pulumi.String("Active Directory"),
},
Key: ssm.PatchBaselinePatchFilterKeyProductFamily,
},
},
},
ApproveAfterDays: pulumi.Int(7),
ComplianceLevel: ssm.PatchBaselineRuleComplianceLevelCritical,
},
},
},
})
if err != nil {
return err
}
return nil
})
}
Example coming soon!
import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";
const myPatchBaseline = new aws_native.ssm.PatchBaseline("myPatchBaseline", {
name: "myPatchBaseline",
description: "Baseline containing all updates approved for Windows instances",
operatingSystem: aws_native.ssm.PatchBaselineOperatingSystem.Windows,
patchGroups: ["myPatchGroup"],
approvalRules: {
patchRules: [
{
patchFilterGroup: {
patchFilters: [
{
values: [
"Critical",
"Important",
"Moderate",
],
key: aws_native.ssm.PatchBaselinePatchFilterKey.MsrcSeverity,
},
{
values: [
"SecurityUpdates",
"CriticalUpdates",
],
key: aws_native.ssm.PatchBaselinePatchFilterKey.Classification,
},
{
values: ["WindowsServer2019"],
key: aws_native.ssm.PatchBaselinePatchFilterKey.Product,
},
],
},
approveAfterDays: 7,
complianceLevel: aws_native.ssm.PatchBaselineRuleComplianceLevel.Critical,
},
{
patchFilterGroup: {
patchFilters: [
{
values: [
"Critical",
"Important",
"Moderate",
],
key: aws_native.ssm.PatchBaselinePatchFilterKey.MsrcSeverity,
},
{
values: ["*"],
key: aws_native.ssm.PatchBaselinePatchFilterKey.Classification,
},
{
values: ["APPLICATION"],
key: aws_native.ssm.PatchBaselinePatchFilterKey.PatchSet,
},
{
values: ["Active Directory Rights Management Services Client 2.0"],
key: aws_native.ssm.PatchBaselinePatchFilterKey.Product,
},
{
values: ["Active Directory"],
key: aws_native.ssm.PatchBaselinePatchFilterKey.ProductFamily,
},
],
},
approveAfterDays: 7,
complianceLevel: aws_native.ssm.PatchBaselineRuleComplianceLevel.Critical,
},
],
},
});
import pulumi
import pulumi_aws_native as aws_native
my_patch_baseline = aws_native.ssm.PatchBaseline("myPatchBaseline",
name="myPatchBaseline",
description="Baseline containing all updates approved for Windows instances",
operating_system=aws_native.ssm.PatchBaselineOperatingSystem.WINDOWS,
patch_groups=["myPatchGroup"],
approval_rules={
"patch_rules": [
{
"patch_filter_group": {
"patch_filters": [
{
"values": [
"Critical",
"Important",
"Moderate",
],
"key": aws_native.ssm.PatchBaselinePatchFilterKey.MSRC_SEVERITY,
},
{
"values": [
"SecurityUpdates",
"CriticalUpdates",
],
"key": aws_native.ssm.PatchBaselinePatchFilterKey.CLASSIFICATION,
},
{
"values": ["WindowsServer2019"],
"key": aws_native.ssm.PatchBaselinePatchFilterKey.PRODUCT,
},
],
},
"approve_after_days": 7,
"compliance_level": aws_native.ssm.PatchBaselineRuleComplianceLevel.CRITICAL,
},
{
"patch_filter_group": {
"patch_filters": [
{
"values": [
"Critical",
"Important",
"Moderate",
],
"key": aws_native.ssm.PatchBaselinePatchFilterKey.MSRC_SEVERITY,
},
{
"values": ["*"],
"key": aws_native.ssm.PatchBaselinePatchFilterKey.CLASSIFICATION,
},
{
"values": ["APPLICATION"],
"key": aws_native.ssm.PatchBaselinePatchFilterKey.PATCH_SET,
},
{
"values": ["Active Directory Rights Management Services Client 2.0"],
"key": aws_native.ssm.PatchBaselinePatchFilterKey.PRODUCT,
},
{
"values": ["Active Directory"],
"key": aws_native.ssm.PatchBaselinePatchFilterKey.PRODUCT_FAMILY,
},
],
},
"approve_after_days": 7,
"compliance_level": aws_native.ssm.PatchBaselineRuleComplianceLevel.CRITICAL,
},
],
})
Example coming soon!
Example
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AwsNative = Pulumi.AwsNative;
return await Deployment.RunAsync(() =>
{
var myPatchBaseline = new AwsNative.Ssm.PatchBaseline("myPatchBaseline", new()
{
Name = "myPatchBaseline",
Description = "Baseline containing all updates approved for Windows instances",
OperatingSystem = AwsNative.Ssm.PatchBaselineOperatingSystem.Windows,
PatchGroups = new[]
{
"myPatchGroup",
},
ApprovalRules = new AwsNative.Ssm.Inputs.PatchBaselineRuleGroupArgs
{
PatchRules = new[]
{
new AwsNative.Ssm.Inputs.PatchBaselineRuleArgs
{
PatchFilterGroup = new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterGroupArgs
{
PatchFilters = new[]
{
new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
{
Values = new[]
{
"Critical",
"Important",
"Moderate",
},
Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.MsrcSeverity,
},
new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
{
Values = new[]
{
"SecurityUpdates",
"CriticalUpdates",
},
Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.Classification,
},
new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
{
Values = new[]
{
"WindowsServer2019",
},
Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.Product,
},
},
},
ApproveAfterDays = 7,
ComplianceLevel = AwsNative.Ssm.PatchBaselineRuleComplianceLevel.Critical,
},
new AwsNative.Ssm.Inputs.PatchBaselineRuleArgs
{
PatchFilterGroup = new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterGroupArgs
{
PatchFilters = new[]
{
new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
{
Values = new[]
{
"Critical",
"Important",
"Moderate",
},
Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.MsrcSeverity,
},
new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
{
Values = new[]
{
"*",
},
Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.Classification,
},
new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
{
Values = new[]
{
"APPLICATION",
},
Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.PatchSet,
},
new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
{
Values = new[]
{
"Active Directory Rights Management Services Client 2.0",
},
Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.Product,
},
new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
{
Values = new[]
{
"Active Directory",
},
Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.ProductFamily,
},
},
},
ApproveAfterDays = 7,
ComplianceLevel = AwsNative.Ssm.PatchBaselineRuleComplianceLevel.Critical,
},
},
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws-native/sdk/go/aws/ssm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ssm.NewPatchBaseline(ctx, "myPatchBaseline", &ssm.PatchBaselineArgs{
Name: pulumi.String("myPatchBaseline"),
Description: pulumi.String("Baseline containing all updates approved for Windows instances"),
OperatingSystem: ssm.PatchBaselineOperatingSystemWindows,
PatchGroups: pulumi.StringArray{
pulumi.String("myPatchGroup"),
},
ApprovalRules: &ssm.PatchBaselineRuleGroupArgs{
PatchRules: ssm.PatchBaselineRuleArray{
&ssm.PatchBaselineRuleArgs{
PatchFilterGroup: &ssm.PatchBaselinePatchFilterGroupArgs{
PatchFilters: ssm.PatchBaselinePatchFilterArray{
&ssm.PatchBaselinePatchFilterArgs{
Values: pulumi.StringArray{
pulumi.String("Critical"),
pulumi.String("Important"),
pulumi.String("Moderate"),
},
Key: ssm.PatchBaselinePatchFilterKeyMsrcSeverity,
},
&ssm.PatchBaselinePatchFilterArgs{
Values: pulumi.StringArray{
pulumi.String("SecurityUpdates"),
pulumi.String("CriticalUpdates"),
},
Key: ssm.PatchBaselinePatchFilterKeyClassification,
},
&ssm.PatchBaselinePatchFilterArgs{
Values: pulumi.StringArray{
pulumi.String("WindowsServer2019"),
},
Key: ssm.PatchBaselinePatchFilterKeyProduct,
},
},
},
ApproveAfterDays: pulumi.Int(7),
ComplianceLevel: ssm.PatchBaselineRuleComplianceLevelCritical,
},
&ssm.PatchBaselineRuleArgs{
PatchFilterGroup: &ssm.PatchBaselinePatchFilterGroupArgs{
PatchFilters: ssm.PatchBaselinePatchFilterArray{
&ssm.PatchBaselinePatchFilterArgs{
Values: pulumi.StringArray{
pulumi.String("Critical"),
pulumi.String("Important"),
pulumi.String("Moderate"),
},
Key: ssm.PatchBaselinePatchFilterKeyMsrcSeverity,
},
&ssm.PatchBaselinePatchFilterArgs{
Values: pulumi.StringArray{
pulumi.String("*"),
},
Key: ssm.PatchBaselinePatchFilterKeyClassification,
},
&ssm.PatchBaselinePatchFilterArgs{
Values: pulumi.StringArray{
pulumi.String("APPLICATION"),
},
Key: ssm.PatchBaselinePatchFilterKeyPatchSet,
},
&ssm.PatchBaselinePatchFilterArgs{
Values: pulumi.StringArray{
pulumi.String("Active Directory Rights Management Services Client 2.0"),
},
Key: ssm.PatchBaselinePatchFilterKeyProduct,
},
&ssm.PatchBaselinePatchFilterArgs{
Values: pulumi.StringArray{
pulumi.String("Active Directory"),
},
Key: ssm.PatchBaselinePatchFilterKeyProductFamily,
},
},
},
ApproveAfterDays: pulumi.Int(7),
ComplianceLevel: ssm.PatchBaselineRuleComplianceLevelCritical,
},
},
},
})
if err != nil {
return err
}
return nil
})
}
Example coming soon!
import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";
const myPatchBaseline = new aws_native.ssm.PatchBaseline("myPatchBaseline", {
name: "myPatchBaseline",
description: "Baseline containing all updates approved for Windows instances",
operatingSystem: aws_native.ssm.PatchBaselineOperatingSystem.Windows,
patchGroups: ["myPatchGroup"],
approvalRules: {
patchRules: [
{
patchFilterGroup: {
patchFilters: [
{
values: [
"Critical",
"Important",
"Moderate",
],
key: aws_native.ssm.PatchBaselinePatchFilterKey.MsrcSeverity,
},
{
values: [
"SecurityUpdates",
"CriticalUpdates",
],
key: aws_native.ssm.PatchBaselinePatchFilterKey.Classification,
},
{
values: ["WindowsServer2019"],
key: aws_native.ssm.PatchBaselinePatchFilterKey.Product,
},
],
},
approveAfterDays: 7,
complianceLevel: aws_native.ssm.PatchBaselineRuleComplianceLevel.Critical,
},
{
patchFilterGroup: {
patchFilters: [
{
values: [
"Critical",
"Important",
"Moderate",
],
key: aws_native.ssm.PatchBaselinePatchFilterKey.MsrcSeverity,
},
{
values: ["*"],
key: aws_native.ssm.PatchBaselinePatchFilterKey.Classification,
},
{
values: ["APPLICATION"],
key: aws_native.ssm.PatchBaselinePatchFilterKey.PatchSet,
},
{
values: ["Active Directory Rights Management Services Client 2.0"],
key: aws_native.ssm.PatchBaselinePatchFilterKey.Product,
},
{
values: ["Active Directory"],
key: aws_native.ssm.PatchBaselinePatchFilterKey.ProductFamily,
},
],
},
approveAfterDays: 7,
complianceLevel: aws_native.ssm.PatchBaselineRuleComplianceLevel.Critical,
},
],
},
});
import pulumi
import pulumi_aws_native as aws_native
my_patch_baseline = aws_native.ssm.PatchBaseline("myPatchBaseline",
name="myPatchBaseline",
description="Baseline containing all updates approved for Windows instances",
operating_system=aws_native.ssm.PatchBaselineOperatingSystem.WINDOWS,
patch_groups=["myPatchGroup"],
approval_rules={
"patch_rules": [
{
"patch_filter_group": {
"patch_filters": [
{
"values": [
"Critical",
"Important",
"Moderate",
],
"key": aws_native.ssm.PatchBaselinePatchFilterKey.MSRC_SEVERITY,
},
{
"values": [
"SecurityUpdates",
"CriticalUpdates",
],
"key": aws_native.ssm.PatchBaselinePatchFilterKey.CLASSIFICATION,
},
{
"values": ["WindowsServer2019"],
"key": aws_native.ssm.PatchBaselinePatchFilterKey.PRODUCT,
},
],
},
"approve_after_days": 7,
"compliance_level": aws_native.ssm.PatchBaselineRuleComplianceLevel.CRITICAL,
},
{
"patch_filter_group": {
"patch_filters": [
{
"values": [
"Critical",
"Important",
"Moderate",
],
"key": aws_native.ssm.PatchBaselinePatchFilterKey.MSRC_SEVERITY,
},
{
"values": ["*"],
"key": aws_native.ssm.PatchBaselinePatchFilterKey.CLASSIFICATION,
},
{
"values": ["APPLICATION"],
"key": aws_native.ssm.PatchBaselinePatchFilterKey.PATCH_SET,
},
{
"values": ["Active Directory Rights Management Services Client 2.0"],
"key": aws_native.ssm.PatchBaselinePatchFilterKey.PRODUCT,
},
{
"values": ["Active Directory"],
"key": aws_native.ssm.PatchBaselinePatchFilterKey.PRODUCT_FAMILY,
},
],
},
"approve_after_days": 7,
"compliance_level": aws_native.ssm.PatchBaselineRuleComplianceLevel.CRITICAL,
},
],
})
Example coming soon!
Create PatchBaseline Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new PatchBaseline(name: string, args?: PatchBaselineArgs, opts?: CustomResourceOptions);@overload
def PatchBaseline(resource_name: str,
args: Optional[PatchBaselineArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def PatchBaseline(resource_name: str,
opts: Optional[ResourceOptions] = None,
approval_rules: Optional[PatchBaselineRuleGroupArgs] = None,
approved_patches: Optional[Sequence[str]] = None,
approved_patches_compliance_level: Optional[PatchBaselineApprovedPatchesComplianceLevel] = None,
approved_patches_enable_non_security: Optional[bool] = None,
available_security_updates_compliance_status: Optional[PatchBaselineAvailableSecurityUpdatesComplianceStatus] = None,
default_baseline: Optional[bool] = None,
description: Optional[str] = None,
global_filters: Optional[PatchBaselinePatchFilterGroupArgs] = None,
name: Optional[str] = None,
operating_system: Optional[PatchBaselineOperatingSystem] = None,
patch_groups: Optional[Sequence[str]] = None,
rejected_patches: Optional[Sequence[str]] = None,
rejected_patches_action: Optional[PatchBaselineRejectedPatchesAction] = None,
sources: Optional[Sequence[PatchBaselinePatchSourceArgs]] = None,
tags: Optional[Sequence[_root_inputs.TagArgs]] = None)func NewPatchBaseline(ctx *Context, name string, args *PatchBaselineArgs, opts ...ResourceOption) (*PatchBaseline, error)public PatchBaseline(string name, PatchBaselineArgs? args = null, CustomResourceOptions? opts = null)
public PatchBaseline(String name, PatchBaselineArgs args)
public PatchBaseline(String name, PatchBaselineArgs args, CustomResourceOptions options)
type: aws-native:ssm:PatchBaseline
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args PatchBaselineArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PatchBaselineArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PatchBaselineArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PatchBaselineArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PatchBaselineArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
PatchBaseline Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The PatchBaseline resource accepts the following input properties:
- Approval
Rules Pulumi.Aws Native. Ssm. Inputs. Patch Baseline Rule Group - A set of rules used to include patches in the baseline.
- Approved
Patches List<string> - A list of explicitly approved patches for the baseline.
- Approved
Patches Pulumi.Compliance Level Aws Native. Ssm. Patch Baseline Approved Patches Compliance Level - Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. The default value is UNSPECIFIED.
- Approved
Patches boolEnable Non Security - Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is 'false'. Applies to Linux instances only.
- Available
Security Pulumi.Updates Compliance Status Aws Native. Ssm. Patch Baseline Available Security Updates Compliance Status - The compliance status for vendor recommended security updates that are not approved by this patch baseline.
- Default
Baseline bool - Set the baseline as default baseline. Only registering to default patch baseline is allowed.
- Description string
- The description of the patch baseline.
- Global
Filters Pulumi.Aws Native. Ssm. Inputs. Patch Baseline Patch Filter Group - A set of global filters used to include patches in the baseline.
- Name string
- The name of the patch baseline.
- Operating
System Pulumi.Aws Native. Ssm. Patch Baseline Operating System - Defines the operating system the patch baseline applies to. The Default value is WINDOWS.
- Patch
Groups List<string> - PatchGroups is used to associate instances with a specific patch baseline
- Rejected
Patches List<string> - A list of explicitly rejected patches for the baseline.
- Rejected
Patches Pulumi.Action Aws Native. Ssm. Patch Baseline Rejected Patches Action - The action for Patch Manager to take on patches included in the RejectedPackages list.
- Sources
List<Pulumi.
Aws Native. Ssm. Inputs. Patch Baseline Patch Source> - Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
-
List<Pulumi.
Aws Native. Inputs. Tag> - Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways.
- Approval
Rules PatchBaseline Rule Group Args - A set of rules used to include patches in the baseline.
- Approved
Patches []string - A list of explicitly approved patches for the baseline.
- Approved
Patches PatchCompliance Level Baseline Approved Patches Compliance Level - Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. The default value is UNSPECIFIED.
- Approved
Patches boolEnable Non Security - Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is 'false'. Applies to Linux instances only.
- Available
Security PatchUpdates Compliance Status Baseline Available Security Updates Compliance Status - The compliance status for vendor recommended security updates that are not approved by this patch baseline.
- Default
Baseline bool - Set the baseline as default baseline. Only registering to default patch baseline is allowed.
- Description string
- The description of the patch baseline.
- Global
Filters PatchBaseline Patch Filter Group Args - A set of global filters used to include patches in the baseline.
- Name string
- The name of the patch baseline.
- Operating
System PatchBaseline Operating System - Defines the operating system the patch baseline applies to. The Default value is WINDOWS.
- Patch
Groups []string - PatchGroups is used to associate instances with a specific patch baseline
- Rejected
Patches []string - A list of explicitly rejected patches for the baseline.
- Rejected
Patches PatchAction Baseline Rejected Patches Action - The action for Patch Manager to take on patches included in the RejectedPackages list.
- Sources
[]Patch
Baseline Patch Source Args - Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
-
Tag
Args - Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways.
- approval
Rules PatchBaseline Rule Group - A set of rules used to include patches in the baseline.
- approved
Patches List<String> - A list of explicitly approved patches for the baseline.
- approved
Patches PatchCompliance Level Baseline Approved Patches Compliance Level - Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. The default value is UNSPECIFIED.
- approved
Patches BooleanEnable Non Security - Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is 'false'. Applies to Linux instances only.
- available
Security PatchUpdates Compliance Status Baseline Available Security Updates Compliance Status - The compliance status for vendor recommended security updates that are not approved by this patch baseline.
- default
Baseline Boolean - Set the baseline as default baseline. Only registering to default patch baseline is allowed.
- description String
- The description of the patch baseline.
- global
Filters PatchBaseline Patch Filter Group - A set of global filters used to include patches in the baseline.
- name String
- The name of the patch baseline.
- operating
System PatchBaseline Operating System - Defines the operating system the patch baseline applies to. The Default value is WINDOWS.
- patch
Groups List<String> - PatchGroups is used to associate instances with a specific patch baseline
- rejected
Patches List<String> - A list of explicitly rejected patches for the baseline.
- rejected
Patches PatchAction Baseline Rejected Patches Action - The action for Patch Manager to take on patches included in the RejectedPackages list.
- sources
List<Patch
Baseline Patch Source> - Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
- List<Tag>
- Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways.
- approval
Rules PatchBaseline Rule Group - A set of rules used to include patches in the baseline.
- approved
Patches string[] - A list of explicitly approved patches for the baseline.
- approved
Patches PatchCompliance Level Baseline Approved Patches Compliance Level - Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. The default value is UNSPECIFIED.
- approved
Patches booleanEnable Non Security - Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is 'false'. Applies to Linux instances only.
- available
Security PatchUpdates Compliance Status Baseline Available Security Updates Compliance Status - The compliance status for vendor recommended security updates that are not approved by this patch baseline.
- default
Baseline boolean - Set the baseline as default baseline. Only registering to default patch baseline is allowed.
- description string
- The description of the patch baseline.
- global
Filters PatchBaseline Patch Filter Group - A set of global filters used to include patches in the baseline.
- name string
- The name of the patch baseline.
- operating
System PatchBaseline Operating System - Defines the operating system the patch baseline applies to. The Default value is WINDOWS.
- patch
Groups string[] - PatchGroups is used to associate instances with a specific patch baseline
- rejected
Patches string[] - A list of explicitly rejected patches for the baseline.
- rejected
Patches PatchAction Baseline Rejected Patches Action - The action for Patch Manager to take on patches included in the RejectedPackages list.
- sources
Patch
Baseline Patch Source[] - Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
- Tag[]
- Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways.
- approval_
rules PatchBaseline Rule Group Args - A set of rules used to include patches in the baseline.
- approved_
patches Sequence[str] - A list of explicitly approved patches for the baseline.
- approved_
patches_ Patchcompliance_ level Baseline Approved Patches Compliance Level - Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. The default value is UNSPECIFIED.
- approved_
patches_ boolenable_ non_ security - Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is 'false'. Applies to Linux instances only.
- available_
security_ Patchupdates_ compliance_ status Baseline Available Security Updates Compliance Status - The compliance status for vendor recommended security updates that are not approved by this patch baseline.
- default_
baseline bool - Set the baseline as default baseline. Only registering to default patch baseline is allowed.
- description str
- The description of the patch baseline.
- global_
filters PatchBaseline Patch Filter Group Args - A set of global filters used to include patches in the baseline.
- name str
- The name of the patch baseline.
- operating_
system PatchBaseline Operating System - Defines the operating system the patch baseline applies to. The Default value is WINDOWS.
- patch_
groups Sequence[str] - PatchGroups is used to associate instances with a specific patch baseline
- rejected_
patches Sequence[str] - A list of explicitly rejected patches for the baseline.
- rejected_
patches_ Patchaction Baseline Rejected Patches Action - The action for Patch Manager to take on patches included in the RejectedPackages list.
- sources
Sequence[Patch
Baseline Patch Source Args] - Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
-
Sequence[Tag
Args] - Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways.
- approval
Rules Property Map - A set of rules used to include patches in the baseline.
- approved
Patches List<String> - A list of explicitly approved patches for the baseline.
- approved
Patches "CRITICAL" | "HIGH" | "MEDIUM" | "LOW" | "INFORMATIONAL" | "UNSPECIFIED"Compliance Level - Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. The default value is UNSPECIFIED.
- approved
Patches BooleanEnable Non Security - Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is 'false'. Applies to Linux instances only.
- available
Security "NON_COMPLIANT" | "COMPLIANT"Updates Compliance Status - The compliance status for vendor recommended security updates that are not approved by this patch baseline.
- default
Baseline Boolean - Set the baseline as default baseline. Only registering to default patch baseline is allowed.
- description String
- The description of the patch baseline.
- global
Filters Property Map - A set of global filters used to include patches in the baseline.
- name String
- The name of the patch baseline.
- operating
System "WINDOWS" | "AMAZON_LINUX" | "AMAZON_LINUX_2" | "AMAZON_LINUX_2022" | "AMAZON_LINUX_2023" | "UBUNTU" | "REDHAT_ENTERPRISE_LINUX" | "SUSE" | "CENTOS" | "ORACLE_LINUX" | "DEBIAN" | "MACOS" | "RASPBIAN" | "ROCKY_LINUX" | "ALMA_LINUX" - Defines the operating system the patch baseline applies to. The Default value is WINDOWS.
- patch
Groups List<String> - PatchGroups is used to associate instances with a specific patch baseline
- rejected
Patches List<String> - A list of explicitly rejected patches for the baseline.
- rejected
Patches "ALLOW_AS_DEPENDENCY" | "BLOCK"Action - The action for Patch Manager to take on patches included in the RejectedPackages list.
- sources List<Property Map>
- Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
- List<Property Map>
- Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways.
Outputs
All input properties are implicitly available as output properties. Additionally, the PatchBaseline resource produces the following output properties:
Supporting Types
PatchBaselineApprovedPatchesComplianceLevel, PatchBaselineApprovedPatchesComplianceLevelArgs
- Critical
CRITICAL- High
HIGH- Medium
MEDIUM- Low
LOW- Informational
INFORMATIONAL- Unspecified
UNSPECIFIED
- Patch
Baseline Approved Patches Compliance Level Critical CRITICAL- Patch
Baseline Approved Patches Compliance Level High HIGH- Patch
Baseline Approved Patches Compliance Level Medium MEDIUM- Patch
Baseline Approved Patches Compliance Level Low LOW- Patch
Baseline Approved Patches Compliance Level Informational INFORMATIONAL- Patch
Baseline Approved Patches Compliance Level Unspecified UNSPECIFIED
- Critical
CRITICAL- High
HIGH- Medium
MEDIUM- Low
LOW- Informational
INFORMATIONAL- Unspecified
UNSPECIFIED
- Critical
CRITICAL- High
HIGH- Medium
MEDIUM- Low
LOW- Informational
INFORMATIONAL- Unspecified
UNSPECIFIED
- CRITICAL
CRITICAL- HIGH
HIGH- MEDIUM
MEDIUM- LOW
LOW- INFORMATIONAL
INFORMATIONAL- UNSPECIFIED
UNSPECIFIED
- "CRITICAL"
CRITICAL- "HIGH"
HIGH- "MEDIUM"
MEDIUM- "LOW"
LOW- "INFORMATIONAL"
INFORMATIONAL- "UNSPECIFIED"
UNSPECIFIED
PatchBaselineAvailableSecurityUpdatesComplianceStatus, PatchBaselineAvailableSecurityUpdatesComplianceStatusArgs
- Non
Compliant NON_COMPLIANT- Compliant
COMPLIANT
- Patch
Baseline Available Security Updates Compliance Status Non Compliant NON_COMPLIANT- Patch
Baseline Available Security Updates Compliance Status Compliant COMPLIANT
- Non
Compliant NON_COMPLIANT- Compliant
COMPLIANT
- Non
Compliant NON_COMPLIANT- Compliant
COMPLIANT
- NON_COMPLIANT
NON_COMPLIANT- COMPLIANT
COMPLIANT
- "NON_COMPLIANT"
NON_COMPLIANT- "COMPLIANT"
COMPLIANT
PatchBaselineOperatingSystem, PatchBaselineOperatingSystemArgs
- Windows
WINDOWS- Amazon
Linux AMAZON_LINUX- Amazon
Linux2 AMAZON_LINUX_2- Amazon
Linux2022 AMAZON_LINUX_2022- Amazon
Linux2023 AMAZON_LINUX_2023- Ubuntu
UBUNTU- Redhat
Enterprise Linux REDHAT_ENTERPRISE_LINUX- Suse
SUSE- Centos
CENTOS- Oracle
Linux ORACLE_LINUX- Debian
DEBIAN- Macos
MACOS- Raspbian
RASPBIAN- Rocky
Linux ROCKY_LINUX- Alma
Linux ALMA_LINUX
- Patch
Baseline Operating System Windows WINDOWS- Patch
Baseline Operating System Amazon Linux AMAZON_LINUX- Patch
Baseline Operating System Amazon Linux2 AMAZON_LINUX_2- Patch
Baseline Operating System Amazon Linux2022 AMAZON_LINUX_2022- Patch
Baseline Operating System Amazon Linux2023 AMAZON_LINUX_2023- Patch
Baseline Operating System Ubuntu UBUNTU- Patch
Baseline Operating System Redhat Enterprise Linux REDHAT_ENTERPRISE_LINUX- Patch
Baseline Operating System Suse SUSE- Patch
Baseline Operating System Centos CENTOS- Patch
Baseline Operating System Oracle Linux ORACLE_LINUX- Patch
Baseline Operating System Debian DEBIAN- Patch
Baseline Operating System Macos MACOS- Patch
Baseline Operating System Raspbian RASPBIAN- Patch
Baseline Operating System Rocky Linux ROCKY_LINUX- Patch
Baseline Operating System Alma Linux ALMA_LINUX
- Windows
WINDOWS- Amazon
Linux AMAZON_LINUX- Amazon
Linux2 AMAZON_LINUX_2- Amazon
Linux2022 AMAZON_LINUX_2022- Amazon
Linux2023 AMAZON_LINUX_2023- Ubuntu
UBUNTU- Redhat
Enterprise Linux REDHAT_ENTERPRISE_LINUX- Suse
SUSE- Centos
CENTOS- Oracle
Linux ORACLE_LINUX- Debian
DEBIAN- Macos
MACOS- Raspbian
RASPBIAN- Rocky
Linux ROCKY_LINUX- Alma
Linux ALMA_LINUX
- Windows
WINDOWS- Amazon
Linux AMAZON_LINUX- Amazon
Linux2 AMAZON_LINUX_2- Amazon
Linux2022 AMAZON_LINUX_2022- Amazon
Linux2023 AMAZON_LINUX_2023- Ubuntu
UBUNTU- Redhat
Enterprise Linux REDHAT_ENTERPRISE_LINUX- Suse
SUSE- Centos
CENTOS- Oracle
Linux ORACLE_LINUX- Debian
DEBIAN- Macos
MACOS- Raspbian
RASPBIAN- Rocky
Linux ROCKY_LINUX- Alma
Linux ALMA_LINUX
- WINDOWS
WINDOWS- AMAZON_LINUX
AMAZON_LINUX- AMAZON_LINUX2
AMAZON_LINUX_2- AMAZON_LINUX2022
AMAZON_LINUX_2022- AMAZON_LINUX2023
AMAZON_LINUX_2023- UBUNTU
UBUNTU- REDHAT_ENTERPRISE_LINUX
REDHAT_ENTERPRISE_LINUX- SUSE
SUSE- CENTOS
CENTOS- ORACLE_LINUX
ORACLE_LINUX- DEBIAN
DEBIAN- MACOS
MACOS- RASPBIAN
RASPBIAN- ROCKY_LINUX
ROCKY_LINUX- ALMA_LINUX
ALMA_LINUX
- "WINDOWS"
WINDOWS- "AMAZON_LINUX"
AMAZON_LINUX- "AMAZON_LINUX_2"
AMAZON_LINUX_2- "AMAZON_LINUX_2022"
AMAZON_LINUX_2022- "AMAZON_LINUX_2023"
AMAZON_LINUX_2023- "UBUNTU"
UBUNTU- "REDHAT_ENTERPRISE_LINUX"
REDHAT_ENTERPRISE_LINUX- "SUSE"
SUSE- "CENTOS"
CENTOS- "ORACLE_LINUX"
ORACLE_LINUX- "DEBIAN"
DEBIAN- "MACOS"
MACOS- "RASPBIAN"
RASPBIAN- "ROCKY_LINUX"
ROCKY_LINUX- "ALMA_LINUX"
ALMA_LINUX
PatchBaselinePatchFilter, PatchBaselinePatchFilterArgs
Defines which patches should be included in a patch baseline.- Key
Pulumi.
Aws Native. Ssm. Patch Baseline Patch Filter Key The key for the filter.
For information about valid keys, see PatchFilter in the AWS Systems Manager API Reference .
- Values List<string>
The value for the filter key.
For information about valid values for each key based on operating system type, see PatchFilter in the AWS Systems Manager API Reference .
- Key
Patch
Baseline Patch Filter Key The key for the filter.
For information about valid keys, see PatchFilter in the AWS Systems Manager API Reference .
- Values []string
The value for the filter key.
For information about valid values for each key based on operating system type, see PatchFilter in the AWS Systems Manager API Reference .
- key
Patch
Baseline Patch Filter Key The key for the filter.
For information about valid keys, see PatchFilter in the AWS Systems Manager API Reference .
- values List<String>
The value for the filter key.
For information about valid values for each key based on operating system type, see PatchFilter in the AWS Systems Manager API Reference .
- key
Patch
Baseline Patch Filter Key The key for the filter.
For information about valid keys, see PatchFilter in the AWS Systems Manager API Reference .
- values string[]
The value for the filter key.
For information about valid values for each key based on operating system type, see PatchFilter in the AWS Systems Manager API Reference .
- key
Patch
Baseline Patch Filter Key The key for the filter.
For information about valid keys, see PatchFilter in the AWS Systems Manager API Reference .
- values Sequence[str]
The value for the filter key.
For information about valid values for each key based on operating system type, see PatchFilter in the AWS Systems Manager API Reference .
- key "ADVISORY_ID" | "ARCH" | "BUGZILLA_ID" | "CLASSIFICATION" | "CVE_ID" | "EPOCH" | "MSRC_SEVERITY" | "NAME" | "PATCH_ID" | "PATCH_SET" | "PRIORITY" | "PRODUCT" | "PRODUCT_FAMILY" | "RELEASE" | "REPOSITORY" | "SECTION" | "SECURITY" | "SEVERITY" | "VERSION"
The key for the filter.
For information about valid keys, see PatchFilter in the AWS Systems Manager API Reference .
- values List<String>
The value for the filter key.
For information about valid values for each key based on operating system type, see PatchFilter in the AWS Systems Manager API Reference .
PatchBaselinePatchFilterGroup, PatchBaselinePatchFilterGroupArgs
The patch filter group that defines the criteria for the rule.- Patch
Filters List<Pulumi.Aws Native. Ssm. Inputs. Patch Baseline Patch Filter> - The set of patch filters that make up the group.
- Patch
Filters []PatchBaseline Patch Filter - The set of patch filters that make up the group.
- patch
Filters List<PatchBaseline Patch Filter> - The set of patch filters that make up the group.
- patch
Filters PatchBaseline Patch Filter[] - The set of patch filters that make up the group.
- patch_
filters Sequence[PatchBaseline Patch Filter] - The set of patch filters that make up the group.
- patch
Filters List<Property Map> - The set of patch filters that make up the group.
PatchBaselinePatchFilterKey, PatchBaselinePatchFilterKeyArgs
- Advisory
Id ADVISORY_ID- Arch
ARCH- Bugzilla
Id BUGZILLA_ID- Classification
CLASSIFICATION- Cve
Id CVE_ID- Epoch
EPOCH- Msrc
Severity MSRC_SEVERITY- Name
NAME- Patch
Id PATCH_ID- Patch
Set PATCH_SET- Priority
PRIORITY- Product
PRODUCT- Product
Family PRODUCT_FAMILY- Release
RELEASE- Repository
REPOSITORY- Section
SECTION- Security
SECURITY- Severity
SEVERITY- Version
VERSION
- Patch
Baseline Patch Filter Key Advisory Id ADVISORY_ID- Patch
Baseline Patch Filter Key Arch ARCH- Patch
Baseline Patch Filter Key Bugzilla Id BUGZILLA_ID- Patch
Baseline Patch Filter Key Classification CLASSIFICATION- Patch
Baseline Patch Filter Key Cve Id CVE_ID- Patch
Baseline Patch Filter Key Epoch EPOCH- Patch
Baseline Patch Filter Key Msrc Severity MSRC_SEVERITY- Patch
Baseline Patch Filter Key Name NAME- Patch
Baseline Patch Filter Key Patch Id PATCH_ID- Patch
Baseline Patch Filter Key Patch Set PATCH_SET- Patch
Baseline Patch Filter Key Priority PRIORITY- Patch
Baseline Patch Filter Key Product PRODUCT- Patch
Baseline Patch Filter Key Product Family PRODUCT_FAMILY- Patch
Baseline Patch Filter Key Release RELEASE- Patch
Baseline Patch Filter Key Repository REPOSITORY- Patch
Baseline Patch Filter Key Section SECTION- Patch
Baseline Patch Filter Key Security SECURITY- Patch
Baseline Patch Filter Key Severity SEVERITY- Patch
Baseline Patch Filter Key Version VERSION
- Advisory
Id ADVISORY_ID- Arch
ARCH- Bugzilla
Id BUGZILLA_ID- Classification
CLASSIFICATION- Cve
Id CVE_ID- Epoch
EPOCH- Msrc
Severity MSRC_SEVERITY- Name
NAME- Patch
Id PATCH_ID- Patch
Set PATCH_SET- Priority
PRIORITY- Product
PRODUCT- Product
Family PRODUCT_FAMILY- Release
RELEASE- Repository
REPOSITORY- Section
SECTION- Security
SECURITY- Severity
SEVERITY- Version
VERSION
- Advisory
Id ADVISORY_ID- Arch
ARCH- Bugzilla
Id BUGZILLA_ID- Classification
CLASSIFICATION- Cve
Id CVE_ID- Epoch
EPOCH- Msrc
Severity MSRC_SEVERITY- Name
NAME- Patch
Id PATCH_ID- Patch
Set PATCH_SET- Priority
PRIORITY- Product
PRODUCT- Product
Family PRODUCT_FAMILY- Release
RELEASE- Repository
REPOSITORY- Section
SECTION- Security
SECURITY- Severity
SEVERITY- Version
VERSION
- ADVISORY_ID
ADVISORY_ID- ARCH
ARCH- BUGZILLA_ID
BUGZILLA_ID- CLASSIFICATION
CLASSIFICATION- CVE_ID
CVE_ID- EPOCH
EPOCH- MSRC_SEVERITY
MSRC_SEVERITY- NAME
NAME- PATCH_ID
PATCH_ID- PATCH_SET
PATCH_SET- PRIORITY
PRIORITY- PRODUCT
PRODUCT- PRODUCT_FAMILY
PRODUCT_FAMILY- RELEASE
RELEASE- REPOSITORY
REPOSITORY- SECTION
SECTION- SECURITY
SECURITY- SEVERITY
SEVERITY- VERSION
VERSION
- "ADVISORY_ID"
ADVISORY_ID- "ARCH"
ARCH- "BUGZILLA_ID"
BUGZILLA_ID- "CLASSIFICATION"
CLASSIFICATION- "CVE_ID"
CVE_ID- "EPOCH"
EPOCH- "MSRC_SEVERITY"
MSRC_SEVERITY- "NAME"
NAME- "PATCH_ID"
PATCH_ID- "PATCH_SET"
PATCH_SET- "PRIORITY"
PRIORITY- "PRODUCT"
PRODUCT- "PRODUCT_FAMILY"
PRODUCT_FAMILY- "RELEASE"
RELEASE- "REPOSITORY"
REPOSITORY- "SECTION"
SECTION- "SECURITY"
SECURITY- "SEVERITY"
SEVERITY- "VERSION"
VERSION
PatchBaselinePatchSource, PatchBaselinePatchSourceArgs
Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.- Configuration string
The value of the repo configuration.
Example for yum repositories
[main]name=MyCustomRepositorybaseurl=https://my-custom-repositoryenabled=1For information about other options available for your yum repository configuration, see dnf.conf(5) on the man7.org website.
Examples for Ubuntu Server and Debian Server
deb http://security.ubuntu.com/ubuntu jammy maindeb https://site.example.com/debian distribution component1 component2 component3Repo information for Ubuntu Server repositories must be specifed in a single line. For more examples and information, see jammy (5) sources.list.5.gz on the Ubuntu Server Manuals website and sources.list format on the Debian Wiki .
- Name string
- The name specified to identify the patch source.
- Products List<string>
- The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter in the AWS Systems Manager API Reference .
- Configuration string
The value of the repo configuration.
Example for yum repositories
[main]name=MyCustomRepositorybaseurl=https://my-custom-repositoryenabled=1For information about other options available for your yum repository configuration, see dnf.conf(5) on the man7.org website.
Examples for Ubuntu Server and Debian Server
deb http://security.ubuntu.com/ubuntu jammy maindeb https://site.example.com/debian distribution component1 component2 component3Repo information for Ubuntu Server repositories must be specifed in a single line. For more examples and information, see jammy (5) sources.list.5.gz on the Ubuntu Server Manuals website and sources.list format on the Debian Wiki .
- Name string
- The name specified to identify the patch source.
- Products []string
- The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter in the AWS Systems Manager API Reference .
- configuration String
The value of the repo configuration.
Example for yum repositories
[main]name=MyCustomRepositorybaseurl=https://my-custom-repositoryenabled=1For information about other options available for your yum repository configuration, see dnf.conf(5) on the man7.org website.
Examples for Ubuntu Server and Debian Server
deb http://security.ubuntu.com/ubuntu jammy maindeb https://site.example.com/debian distribution component1 component2 component3Repo information for Ubuntu Server repositories must be specifed in a single line. For more examples and information, see jammy (5) sources.list.5.gz on the Ubuntu Server Manuals website and sources.list format on the Debian Wiki .
- name String
- The name specified to identify the patch source.
- products List<String>
- The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter in the AWS Systems Manager API Reference .
- configuration string
The value of the repo configuration.
Example for yum repositories
[main]name=MyCustomRepositorybaseurl=https://my-custom-repositoryenabled=1For information about other options available for your yum repository configuration, see dnf.conf(5) on the man7.org website.
Examples for Ubuntu Server and Debian Server
deb http://security.ubuntu.com/ubuntu jammy maindeb https://site.example.com/debian distribution component1 component2 component3Repo information for Ubuntu Server repositories must be specifed in a single line. For more examples and information, see jammy (5) sources.list.5.gz on the Ubuntu Server Manuals website and sources.list format on the Debian Wiki .
- name string
- The name specified to identify the patch source.
- products string[]
- The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter in the AWS Systems Manager API Reference .
- configuration str
The value of the repo configuration.
Example for yum repositories
[main]name=MyCustomRepositorybaseurl=https://my-custom-repositoryenabled=1For information about other options available for your yum repository configuration, see dnf.conf(5) on the man7.org website.
Examples for Ubuntu Server and Debian Server
deb http://security.ubuntu.com/ubuntu jammy maindeb https://site.example.com/debian distribution component1 component2 component3Repo information for Ubuntu Server repositories must be specifed in a single line. For more examples and information, see jammy (5) sources.list.5.gz on the Ubuntu Server Manuals website and sources.list format on the Debian Wiki .
- name str
- The name specified to identify the patch source.
- products Sequence[str]
- The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter in the AWS Systems Manager API Reference .
- configuration String
The value of the repo configuration.
Example for yum repositories
[main]name=MyCustomRepositorybaseurl=https://my-custom-repositoryenabled=1For information about other options available for your yum repository configuration, see dnf.conf(5) on the man7.org website.
Examples for Ubuntu Server and Debian Server
deb http://security.ubuntu.com/ubuntu jammy maindeb https://site.example.com/debian distribution component1 component2 component3Repo information for Ubuntu Server repositories must be specifed in a single line. For more examples and information, see jammy (5) sources.list.5.gz on the Ubuntu Server Manuals website and sources.list format on the Debian Wiki .
- name String
- The name specified to identify the patch source.
- products List<String>
- The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter in the AWS Systems Manager API Reference .
PatchBaselineRejectedPatchesAction, PatchBaselineRejectedPatchesActionArgs
- Allow
As Dependency ALLOW_AS_DEPENDENCY- Block
BLOCK
- Patch
Baseline Rejected Patches Action Allow As Dependency ALLOW_AS_DEPENDENCY- Patch
Baseline Rejected Patches Action Block BLOCK
- Allow
As Dependency ALLOW_AS_DEPENDENCY- Block
BLOCK
- Allow
As Dependency ALLOW_AS_DEPENDENCY- Block
BLOCK
- ALLOW_AS_DEPENDENCY
ALLOW_AS_DEPENDENCY- BLOCK
BLOCK
- "ALLOW_AS_DEPENDENCY"
ALLOW_AS_DEPENDENCY- "BLOCK"
BLOCK
PatchBaselineRule, PatchBaselineRuleArgs
Defines an approval rule for a patch baseline.- Approve
After intDays The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of
7means that patches are approved seven days after they are released.Patch Manager evaluates patch release dates using Coordinated Universal Time (UTC). If the day represented by
7is2025-11-16, patches released between2025-11-16T00:00:00Zand2025-11-16T23:59:59Zwill be included in the approval.This parameter is marked as
Required: No, but your request must include a value for eitherApproveAfterDaysorApproveUntilDate.Not supported for Debian Server or Ubuntu Server.
Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .
- Approve
Until stringDate The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.
Enter dates in the format
YYYY-MM-DD. For example,2025-11-16.Patch Manager evaluates patch release dates using Coordinated Universal Time (UTC). If you enter the date
2025-11-16, patches released between2025-11-16T00:00:00Zand2025-11-16T23:59:59Zwill be included in the approval.This parameter is marked as
Required: No, but your request must include a value for eitherApproveUntilDateorApproveAfterDays.Not supported for Debian Server or Ubuntu Server.
Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .
- Compliance
Level Pulumi.Aws Native. Ssm. Patch Baseline Rule Compliance Level - A compliance severity level for all approved patches in a patch baseline. Valid compliance severity levels include the following:
UNSPECIFIED,CRITICAL,HIGH,MEDIUM,LOW, andINFORMATIONAL. - Enable
Non boolSecurity - For managed nodes identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is
false. Applies to Linux managed nodes only. - Patch
Filter Pulumi.Group Aws Native. Ssm. Inputs. Patch Baseline Patch Filter Group - The patch filter group that defines the criteria for the rule.
- Approve
After intDays The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of
7means that patches are approved seven days after they are released.Patch Manager evaluates patch release dates using Coordinated Universal Time (UTC). If the day represented by
7is2025-11-16, patches released between2025-11-16T00:00:00Zand2025-11-16T23:59:59Zwill be included in the approval.This parameter is marked as
Required: No, but your request must include a value for eitherApproveAfterDaysorApproveUntilDate.Not supported for Debian Server or Ubuntu Server.
Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .
- Approve
Until stringDate The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.
Enter dates in the format
YYYY-MM-DD. For example,2025-11-16.Patch Manager evaluates patch release dates using Coordinated Universal Time (UTC). If you enter the date
2025-11-16, patches released between2025-11-16T00:00:00Zand2025-11-16T23:59:59Zwill be included in the approval.This parameter is marked as
Required: No, but your request must include a value for eitherApproveUntilDateorApproveAfterDays.Not supported for Debian Server or Ubuntu Server.
Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .
- Compliance
Level PatchBaseline Rule Compliance Level - A compliance severity level for all approved patches in a patch baseline. Valid compliance severity levels include the following:
UNSPECIFIED,CRITICAL,HIGH,MEDIUM,LOW, andINFORMATIONAL. - Enable
Non boolSecurity - For managed nodes identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is
false. Applies to Linux managed nodes only. - Patch
Filter PatchGroup Baseline Patch Filter Group - The patch filter group that defines the criteria for the rule.
- approve
After IntegerDays The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of
7means that patches are approved seven days after they are released.Patch Manager evaluates patch release dates using Coordinated Universal Time (UTC). If the day represented by
7is2025-11-16, patches released between2025-11-16T00:00:00Zand2025-11-16T23:59:59Zwill be included in the approval.This parameter is marked as
Required: No, but your request must include a value for eitherApproveAfterDaysorApproveUntilDate.Not supported for Debian Server or Ubuntu Server.
Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .
- approve
Until StringDate The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.
Enter dates in the format
YYYY-MM-DD. For example,2025-11-16.Patch Manager evaluates patch release dates using Coordinated Universal Time (UTC). If you enter the date
2025-11-16, patches released between2025-11-16T00:00:00Zand2025-11-16T23:59:59Zwill be included in the approval.This parameter is marked as
Required: No, but your request must include a value for eitherApproveUntilDateorApproveAfterDays.Not supported for Debian Server or Ubuntu Server.
Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .
- compliance
Level PatchBaseline Rule Compliance Level - A compliance severity level for all approved patches in a patch baseline. Valid compliance severity levels include the following:
UNSPECIFIED,CRITICAL,HIGH,MEDIUM,LOW, andINFORMATIONAL. - enable
Non BooleanSecurity - For managed nodes identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is
false. Applies to Linux managed nodes only. - patch
Filter PatchGroup Baseline Patch Filter Group - The patch filter group that defines the criteria for the rule.
- approve
After numberDays The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of
7means that patches are approved seven days after they are released.Patch Manager evaluates patch release dates using Coordinated Universal Time (UTC). If the day represented by
7is2025-11-16, patches released between2025-11-16T00:00:00Zand2025-11-16T23:59:59Zwill be included in the approval.This parameter is marked as
Required: No, but your request must include a value for eitherApproveAfterDaysorApproveUntilDate.Not supported for Debian Server or Ubuntu Server.
Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .
- approve
Until stringDate The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.
Enter dates in the format
YYYY-MM-DD. For example,2025-11-16.Patch Manager evaluates patch release dates using Coordinated Universal Time (UTC). If you enter the date
2025-11-16, patches released between2025-11-16T00:00:00Zand2025-11-16T23:59:59Zwill be included in the approval.This parameter is marked as
Required: No, but your request must include a value for eitherApproveUntilDateorApproveAfterDays.Not supported for Debian Server or Ubuntu Server.
Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .
- compliance
Level PatchBaseline Rule Compliance Level - A compliance severity level for all approved patches in a patch baseline. Valid compliance severity levels include the following:
UNSPECIFIED,CRITICAL,HIGH,MEDIUM,LOW, andINFORMATIONAL. - enable
Non booleanSecurity - For managed nodes identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is
false. Applies to Linux managed nodes only. - patch
Filter PatchGroup Baseline Patch Filter Group - The patch filter group that defines the criteria for the rule.
- approve_
after_ intdays The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of
7means that patches are approved seven days after they are released.Patch Manager evaluates patch release dates using Coordinated Universal Time (UTC). If the day represented by
7is2025-11-16, patches released between2025-11-16T00:00:00Zand2025-11-16T23:59:59Zwill be included in the approval.This parameter is marked as
Required: No, but your request must include a value for eitherApproveAfterDaysorApproveUntilDate.Not supported for Debian Server or Ubuntu Server.
Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .
- approve_
until_ strdate The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.
Enter dates in the format
YYYY-MM-DD. For example,2025-11-16.Patch Manager evaluates patch release dates using Coordinated Universal Time (UTC). If you enter the date
2025-11-16, patches released between2025-11-16T00:00:00Zand2025-11-16T23:59:59Zwill be included in the approval.This parameter is marked as
Required: No, but your request must include a value for eitherApproveUntilDateorApproveAfterDays.Not supported for Debian Server or Ubuntu Server.
Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .
- compliance_
level PatchBaseline Rule Compliance Level - A compliance severity level for all approved patches in a patch baseline. Valid compliance severity levels include the following:
UNSPECIFIED,CRITICAL,HIGH,MEDIUM,LOW, andINFORMATIONAL. - enable_
non_ boolsecurity - For managed nodes identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is
false. Applies to Linux managed nodes only. - patch_
filter_ Patchgroup Baseline Patch Filter Group - The patch filter group that defines the criteria for the rule.
- approve
After NumberDays The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of
7means that patches are approved seven days after they are released.Patch Manager evaluates patch release dates using Coordinated Universal Time (UTC). If the day represented by
7is2025-11-16, patches released between2025-11-16T00:00:00Zand2025-11-16T23:59:59Zwill be included in the approval.This parameter is marked as
Required: No, but your request must include a value for eitherApproveAfterDaysorApproveUntilDate.Not supported for Debian Server or Ubuntu Server.
Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .
- approve
Until StringDate The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.
Enter dates in the format
YYYY-MM-DD. For example,2025-11-16.Patch Manager evaluates patch release dates using Coordinated Universal Time (UTC). If you enter the date
2025-11-16, patches released between2025-11-16T00:00:00Zand2025-11-16T23:59:59Zwill be included in the approval.This parameter is marked as
Required: No, but your request must include a value for eitherApproveUntilDateorApproveAfterDays.Not supported for Debian Server or Ubuntu Server.
Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .
- compliance
Level "CRITICAL" | "HIGH" | "INFORMATIONAL" | "LOW" | "MEDIUM" | "UNSPECIFIED" - A compliance severity level for all approved patches in a patch baseline. Valid compliance severity levels include the following:
UNSPECIFIED,CRITICAL,HIGH,MEDIUM,LOW, andINFORMATIONAL. - enable
Non BooleanSecurity - For managed nodes identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is
false. Applies to Linux managed nodes only. - patch
Filter Property MapGroup - The patch filter group that defines the criteria for the rule.
PatchBaselineRuleComplianceLevel, PatchBaselineRuleComplianceLevelArgs
- Critical
CRITICAL- High
HIGH- Informational
INFORMATIONAL- Low
LOW- Medium
MEDIUM- Unspecified
UNSPECIFIED
- Patch
Baseline Rule Compliance Level Critical CRITICAL- Patch
Baseline Rule Compliance Level High HIGH- Patch
Baseline Rule Compliance Level Informational INFORMATIONAL- Patch
Baseline Rule Compliance Level Low LOW- Patch
Baseline Rule Compliance Level Medium MEDIUM- Patch
Baseline Rule Compliance Level Unspecified UNSPECIFIED
- Critical
CRITICAL- High
HIGH- Informational
INFORMATIONAL- Low
LOW- Medium
MEDIUM- Unspecified
UNSPECIFIED
- Critical
CRITICAL- High
HIGH- Informational
INFORMATIONAL- Low
LOW- Medium
MEDIUM- Unspecified
UNSPECIFIED
- CRITICAL
CRITICAL- HIGH
HIGH- INFORMATIONAL
INFORMATIONAL- LOW
LOW- MEDIUM
MEDIUM- UNSPECIFIED
UNSPECIFIED
- "CRITICAL"
CRITICAL- "HIGH"
HIGH- "INFORMATIONAL"
INFORMATIONAL- "LOW"
LOW- "MEDIUM"
MEDIUM- "UNSPECIFIED"
UNSPECIFIED
PatchBaselineRuleGroup, PatchBaselineRuleGroupArgs
A set of rules defining the approval rules for a patch baseline.- Patch
Rules List<Pulumi.Aws Native. Ssm. Inputs. Patch Baseline Rule> - The rules that make up the rule group.
- Patch
Rules []PatchBaseline Rule - The rules that make up the rule group.
- patch
Rules List<PatchBaseline Rule> - The rules that make up the rule group.
- patch
Rules PatchBaseline Rule[] - The rules that make up the rule group.
- patch_
rules Sequence[PatchBaseline Rule] - The rules that make up the rule group.
- patch
Rules List<Property Map> - The rules that make up the rule group.
Tag, TagArgs
A set of tags to apply to the resource.Package Details
- Repository
- AWS Native pulumi/pulumi-aws-native
- License
- Apache-2.0
We recommend new projects start with resources from the AWS provider.
