aws.ssm.getPatchBaseline
Explore with Pulumi AI
Provides an SSM Patch Baseline data source. Useful if you wish to reuse the default baselines provided.
Example Usage
To retrieve a baseline provided by AWS
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var centos = Aws.Ssm.GetPatchBaseline.Invoke(new()
{
NamePrefix = "AWS-",
OperatingSystem = "CENTOS",
Owner = "AWS",
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ssm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ssm.LookupPatchBaseline(ctx, &ssm.LookupPatchBaselineArgs{
NamePrefix: pulumi.StringRef("AWS-"),
OperatingSystem: pulumi.StringRef("CENTOS"),
Owner: "AWS",
}, nil)
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ssm.SsmFunctions;
import com.pulumi.aws.ssm.inputs.GetPatchBaselineArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var centos = SsmFunctions.getPatchBaseline(GetPatchBaselineArgs.builder()
.namePrefix("AWS-")
.operatingSystem("CENTOS")
.owner("AWS")
.build());
}
}
import pulumi
import pulumi_aws as aws
centos = aws.ssm.get_patch_baseline(name_prefix="AWS-",
operating_system="CENTOS",
owner="AWS")
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const centos = aws.ssm.getPatchBaseline({
namePrefix: "AWS-",
operatingSystem: "CENTOS",
owner: "AWS",
});
variables:
centos:
fn::invoke:
Function: aws:ssm:getPatchBaseline
Arguments:
namePrefix: AWS-
operatingSystem: CENTOS
owner: AWS
To retrieve a baseline on your account
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var defaultCustom = Aws.Ssm.GetPatchBaseline.Invoke(new()
{
DefaultBaseline = true,
NamePrefix = "MyCustomBaseline",
OperatingSystem = "WINDOWS",
Owner = "Self",
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ssm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ssm.LookupPatchBaseline(ctx, &ssm.LookupPatchBaselineArgs{
DefaultBaseline: pulumi.BoolRef(true),
NamePrefix: pulumi.StringRef("MyCustomBaseline"),
OperatingSystem: pulumi.StringRef("WINDOWS"),
Owner: "Self",
}, nil)
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ssm.SsmFunctions;
import com.pulumi.aws.ssm.inputs.GetPatchBaselineArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var defaultCustom = SsmFunctions.getPatchBaseline(GetPatchBaselineArgs.builder()
.defaultBaseline(true)
.namePrefix("MyCustomBaseline")
.operatingSystem("WINDOWS")
.owner("Self")
.build());
}
}
import pulumi
import pulumi_aws as aws
default_custom = aws.ssm.get_patch_baseline(default_baseline=True,
name_prefix="MyCustomBaseline",
operating_system="WINDOWS",
owner="Self")
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const defaultCustom = aws.ssm.getPatchBaseline({
defaultBaseline: true,
namePrefix: "MyCustomBaseline",
operatingSystem: "WINDOWS",
owner: "Self",
});
variables:
defaultCustom:
fn::invoke:
Function: aws:ssm:getPatchBaseline
Arguments:
defaultBaseline: true
namePrefix: MyCustomBaseline
operatingSystem: WINDOWS
owner: Self
Using getPatchBaseline
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getPatchBaseline(args: GetPatchBaselineArgs, opts?: InvokeOptions): Promise<GetPatchBaselineResult>
function getPatchBaselineOutput(args: GetPatchBaselineOutputArgs, opts?: InvokeOptions): Output<GetPatchBaselineResult>
def get_patch_baseline(default_baseline: Optional[bool] = None,
name_prefix: Optional[str] = None,
operating_system: Optional[str] = None,
owner: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetPatchBaselineResult
def get_patch_baseline_output(default_baseline: Optional[pulumi.Input[bool]] = None,
name_prefix: Optional[pulumi.Input[str]] = None,
operating_system: Optional[pulumi.Input[str]] = None,
owner: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetPatchBaselineResult]
func LookupPatchBaseline(ctx *Context, args *LookupPatchBaselineArgs, opts ...InvokeOption) (*LookupPatchBaselineResult, error)
func LookupPatchBaselineOutput(ctx *Context, args *LookupPatchBaselineOutputArgs, opts ...InvokeOption) LookupPatchBaselineResultOutput
> Note: This function is named LookupPatchBaseline
in the Go SDK.
public static class GetPatchBaseline
{
public static Task<GetPatchBaselineResult> InvokeAsync(GetPatchBaselineArgs args, InvokeOptions? opts = null)
public static Output<GetPatchBaselineResult> Invoke(GetPatchBaselineInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetPatchBaselineResult> getPatchBaseline(GetPatchBaselineArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: aws:ssm/getPatchBaseline:getPatchBaseline
arguments:
# arguments dictionary
The following arguments are supported:
- Owner string
Owner of the baseline. Valid values:
All
,AWS
,Self
(the current account).- Default
Baseline bool Filters the results against the baselines default_baseline field.
- Name
Prefix string Filter results by the baseline name prefix.
- Operating
System string Specified OS for the baseline. Valid values:
AMAZON_LINUX
,AMAZON_LINUX_2
,UBUNTU
,REDHAT_ENTERPRISE_LINUX
,SUSE
,CENTOS
,ORACLE_LINUX
,DEBIAN
,MACOS
,RASPBIAN
andROCKY_LINUX
.
- Owner string
Owner of the baseline. Valid values:
All
,AWS
,Self
(the current account).- Default
Baseline bool Filters the results against the baselines default_baseline field.
- Name
Prefix string Filter results by the baseline name prefix.
- Operating
System string Specified OS for the baseline. Valid values:
AMAZON_LINUX
,AMAZON_LINUX_2
,UBUNTU
,REDHAT_ENTERPRISE_LINUX
,SUSE
,CENTOS
,ORACLE_LINUX
,DEBIAN
,MACOS
,RASPBIAN
andROCKY_LINUX
.
- owner String
Owner of the baseline. Valid values:
All
,AWS
,Self
(the current account).- default
Baseline Boolean Filters the results against the baselines default_baseline field.
- name
Prefix String Filter results by the baseline name prefix.
- operating
System String Specified OS for the baseline. Valid values:
AMAZON_LINUX
,AMAZON_LINUX_2
,UBUNTU
,REDHAT_ENTERPRISE_LINUX
,SUSE
,CENTOS
,ORACLE_LINUX
,DEBIAN
,MACOS
,RASPBIAN
andROCKY_LINUX
.
- owner string
Owner of the baseline. Valid values:
All
,AWS
,Self
(the current account).- default
Baseline boolean Filters the results against the baselines default_baseline field.
- name
Prefix string Filter results by the baseline name prefix.
- operating
System string Specified OS for the baseline. Valid values:
AMAZON_LINUX
,AMAZON_LINUX_2
,UBUNTU
,REDHAT_ENTERPRISE_LINUX
,SUSE
,CENTOS
,ORACLE_LINUX
,DEBIAN
,MACOS
,RASPBIAN
andROCKY_LINUX
.
- owner str
Owner of the baseline. Valid values:
All
,AWS
,Self
(the current account).- default_
baseline bool Filters the results against the baselines default_baseline field.
- name_
prefix str Filter results by the baseline name prefix.
- operating_
system str Specified OS for the baseline. Valid values:
AMAZON_LINUX
,AMAZON_LINUX_2
,UBUNTU
,REDHAT_ENTERPRISE_LINUX
,SUSE
,CENTOS
,ORACLE_LINUX
,DEBIAN
,MACOS
,RASPBIAN
andROCKY_LINUX
.
- owner String
Owner of the baseline. Valid values:
All
,AWS
,Self
(the current account).- default
Baseline Boolean Filters the results against the baselines default_baseline field.
- name
Prefix String Filter results by the baseline name prefix.
- operating
System String Specified OS for the baseline. Valid values:
AMAZON_LINUX
,AMAZON_LINUX_2
,UBUNTU
,REDHAT_ENTERPRISE_LINUX
,SUSE
,CENTOS
,ORACLE_LINUX
,DEBIAN
,MACOS
,RASPBIAN
andROCKY_LINUX
.
getPatchBaseline Result
The following output properties are available:
- Approval
Rules List<Pulumi.Aws. Ssm. Outputs. Get Patch Baseline Approval Rule> List of rules used to include patches in the baseline.
- Approved
Patches List<string> List of explicitly approved patches for the baseline.
- Approved
Patches stringCompliance Level The compliance level for approved patches.
- Approved
Patches boolEnable Non Security Indicates whether the list of approved patches includes non-security updates that should be applied to the instances.
- Description string
Description of the baseline.
- Global
Filters List<Pulumi.Aws. Ssm. Outputs. Get Patch Baseline Global Filter> Set of global filters used to exclude patches from the baseline.
- Id string
The provider-assigned unique ID for this managed resource.
- Name string
The name specified to identify the patch source.
- Owner string
- Rejected
Patches List<string> List of rejected patches.
- Rejected
Patches stringAction The action specified to take on patches included in the
rejected_patches
list.- Sources
List<Pulumi.
Aws. Ssm. Outputs. Get Patch Baseline Source> Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
- Default
Baseline bool - Name
Prefix string - Operating
System string
- Approval
Rules []GetPatch Baseline Approval Rule List of rules used to include patches in the baseline.
- Approved
Patches []string List of explicitly approved patches for the baseline.
- Approved
Patches stringCompliance Level The compliance level for approved patches.
- Approved
Patches boolEnable Non Security Indicates whether the list of approved patches includes non-security updates that should be applied to the instances.
- Description string
Description of the baseline.
- Global
Filters []GetPatch Baseline Global Filter Set of global filters used to exclude patches from the baseline.
- Id string
The provider-assigned unique ID for this managed resource.
- Name string
The name specified to identify the patch source.
- Owner string
- Rejected
Patches []string List of rejected patches.
- Rejected
Patches stringAction The action specified to take on patches included in the
rejected_patches
list.- Sources
[]Get
Patch Baseline Source Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
- Default
Baseline bool - Name
Prefix string - Operating
System string
- approval
Rules List<GetPatch Baseline Approval Rule> List of rules used to include patches in the baseline.
- approved
Patches List<String> List of explicitly approved patches for the baseline.
- approved
Patches StringCompliance Level The compliance level for approved patches.
- approved
Patches BooleanEnable Non Security Indicates whether the list of approved patches includes non-security updates that should be applied to the instances.
- description String
Description of the baseline.
- global
Filters List<GetPatch Baseline Global Filter> Set of global filters used to exclude patches from the baseline.
- id String
The provider-assigned unique ID for this managed resource.
- name String
The name specified to identify the patch source.
- owner String
- rejected
Patches List<String> List of rejected patches.
- rejected
Patches StringAction The action specified to take on patches included in the
rejected_patches
list.- sources
List<Get
Patch Baseline Source> Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
- default
Baseline Boolean - name
Prefix String - operating
System String
- approval
Rules GetPatch Baseline Approval Rule[] List of rules used to include patches in the baseline.
- approved
Patches string[] List of explicitly approved patches for the baseline.
- approved
Patches stringCompliance Level The compliance level for approved patches.
- approved
Patches booleanEnable Non Security Indicates whether the list of approved patches includes non-security updates that should be applied to the instances.
- description string
Description of the baseline.
- global
Filters GetPatch Baseline Global Filter[] Set of global filters used to exclude patches from the baseline.
- id string
The provider-assigned unique ID for this managed resource.
- name string
The name specified to identify the patch source.
- owner string
- rejected
Patches string[] List of rejected patches.
- rejected
Patches stringAction The action specified to take on patches included in the
rejected_patches
list.- sources
Get
Patch Baseline Source[] Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
- default
Baseline boolean - name
Prefix string - operating
System string
- approval_
rules Sequence[GetPatch Baseline Approval Rule] List of rules used to include patches in the baseline.
- approved_
patches Sequence[str] List of explicitly approved patches for the baseline.
- approved_
patches_ strcompliance_ level The compliance level for approved patches.
- approved_
patches_ boolenable_ non_ security Indicates whether the list of approved patches includes non-security updates that should be applied to the instances.
- description str
Description of the baseline.
- global_
filters Sequence[GetPatch Baseline Global Filter] Set of global filters used to exclude patches from the baseline.
- id str
The provider-assigned unique ID for this managed resource.
- name str
The name specified to identify the patch source.
- owner str
- rejected_
patches Sequence[str] List of rejected patches.
- rejected_
patches_ straction The action specified to take on patches included in the
rejected_patches
list.- sources
Sequence[Get
Patch Baseline Source] Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
- default_
baseline bool - name_
prefix str - operating_
system str
- approval
Rules List<Property Map> List of rules used to include patches in the baseline.
- approved
Patches List<String> List of explicitly approved patches for the baseline.
- approved
Patches StringCompliance Level The compliance level for approved patches.
- approved
Patches BooleanEnable Non Security Indicates whether the list of approved patches includes non-security updates that should be applied to the instances.
- description String
Description of the baseline.
- global
Filters List<Property Map> Set of global filters used to exclude patches from the baseline.
- id String
The provider-assigned unique ID for this managed resource.
- name String
The name specified to identify the patch source.
- owner String
- rejected
Patches List<String> List of rejected patches.
- rejected
Patches StringAction The action specified to take on patches included in the
rejected_patches
list.- sources List<Property Map>
Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
- default
Baseline Boolean - name
Prefix String - operating
System String
Supporting Types
GetPatchBaselineApprovalRule
- Approve
After intDays The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline.
- Approve
Until stringDate The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as
YYYY-MM-DD
. Conflicts withapprove_after_days
- Compliance
Level string The compliance level for patches approved by this rule.
- Enable
Non boolSecurity Boolean enabling the application of non-security updates.
- Patch
Filters List<Pulumi.Aws. Ssm. Inputs. Get Patch Baseline Approval Rule Patch Filter> The patch filter group that defines the criteria for the rule.
- Approve
After intDays The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline.
- Approve
Until stringDate The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as
YYYY-MM-DD
. Conflicts withapprove_after_days
- Compliance
Level string The compliance level for patches approved by this rule.
- Enable
Non boolSecurity Boolean enabling the application of non-security updates.
- Patch
Filters []GetPatch Baseline Approval Rule Patch Filter The patch filter group that defines the criteria for the rule.
- approve
After IntegerDays The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline.
- approve
Until StringDate The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as
YYYY-MM-DD
. Conflicts withapprove_after_days
- compliance
Level String The compliance level for patches approved by this rule.
- enable
Non BooleanSecurity Boolean enabling the application of non-security updates.
- patch
Filters List<GetPatch Baseline Approval Rule Patch Filter> The patch filter group that defines the criteria for the rule.
- approve
After numberDays The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline.
- approve
Until stringDate The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as
YYYY-MM-DD
. Conflicts withapprove_after_days
- compliance
Level string The compliance level for patches approved by this rule.
- enable
Non booleanSecurity Boolean enabling the application of non-security updates.
- patch
Filters GetPatch Baseline Approval Rule Patch Filter[] The patch filter group that defines the criteria for the rule.
- approve_
after_ intdays The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline.
- approve_
until_ strdate The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as
YYYY-MM-DD
. Conflicts withapprove_after_days
- compliance_
level str The compliance level for patches approved by this rule.
- enable_
non_ boolsecurity Boolean enabling the application of non-security updates.
- patch_
filters Sequence[GetPatch Baseline Approval Rule Patch Filter] The patch filter group that defines the criteria for the rule.
- approve
After NumberDays The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline.
- approve
Until StringDate The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as
YYYY-MM-DD
. Conflicts withapprove_after_days
- compliance
Level String The compliance level for patches approved by this rule.
- enable
Non BooleanSecurity Boolean enabling the application of non-security updates.
- patch
Filters List<Property Map> The patch filter group that defines the criteria for the rule.
GetPatchBaselineApprovalRulePatchFilter
GetPatchBaselineGlobalFilter
GetPatchBaselineSource
- Configuration string
The value of the yum repo configuration.
- Name string
The name specified to identify the patch source.
- Products List<string>
The specific operating system versions a patch repository applies to.
- Configuration string
The value of the yum repo configuration.
- Name string
The name specified to identify the patch source.
- Products []string
The specific operating system versions a patch repository applies to.
- configuration String
The value of the yum repo configuration.
- name String
The name specified to identify the patch source.
- products List<String>
The specific operating system versions a patch repository applies to.
- configuration string
The value of the yum repo configuration.
- name string
The name specified to identify the patch source.
- products string[]
The specific operating system versions a patch repository applies to.
- configuration str
The value of the yum repo configuration.
- name str
The name specified to identify the patch source.
- products Sequence[str]
The specific operating system versions a patch repository applies to.
- configuration String
The value of the yum repo configuration.
- name String
The name specified to identify the patch source.
- products List<String>
The specific operating system versions a patch repository applies to.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
aws
Terraform Provider.