1. Packages
  2. AWS Classic
  3. API Docs
  4. ssm
  5. getPatchBaseline

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.40.0 published on Wednesday, Jun 12, 2024 by Pulumi

aws.ssm.getPatchBaseline

Explore with Pulumi AI

aws logo

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.40.0 published on Wednesday, Jun 12, 2024 by Pulumi

    Provides an SSM Patch Baseline data source. Useful if you wish to reuse the default baselines provided.

    Example Usage

    To retrieve a baseline provided by AWS:

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const centos = aws.ssm.getPatchBaseline({
        owner: "AWS",
        namePrefix: "AWS-",
        operatingSystem: "CENTOS",
    });
    
    import pulumi
    import pulumi_aws as aws
    
    centos = aws.ssm.get_patch_baseline(owner="AWS",
        name_prefix="AWS-",
        operating_system="CENTOS")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ssm"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := ssm.LookupPatchBaseline(ctx, &ssm.LookupPatchBaselineArgs{
    			Owner:           "AWS",
    			NamePrefix:      pulumi.StringRef("AWS-"),
    			OperatingSystem: pulumi.StringRef("CENTOS"),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var centos = Aws.Ssm.GetPatchBaseline.Invoke(new()
        {
            Owner = "AWS",
            NamePrefix = "AWS-",
            OperatingSystem = "CENTOS",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.ssm.SsmFunctions;
    import com.pulumi.aws.ssm.inputs.GetPatchBaselineArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var centos = SsmFunctions.getPatchBaseline(GetPatchBaselineArgs.builder()
                .owner("AWS")
                .namePrefix("AWS-")
                .operatingSystem("CENTOS")
                .build());
    
        }
    }
    
    variables:
      centos:
        fn::invoke:
          Function: aws:ssm:getPatchBaseline
          Arguments:
            owner: AWS
            namePrefix: AWS-
            operatingSystem: CENTOS
    

    To retrieve a baseline on your account:

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const defaultCustom = aws.ssm.getPatchBaseline({
        owner: "Self",
        namePrefix: "MyCustomBaseline",
        defaultBaseline: true,
        operatingSystem: "WINDOWS",
    });
    
    import pulumi
    import pulumi_aws as aws
    
    default_custom = aws.ssm.get_patch_baseline(owner="Self",
        name_prefix="MyCustomBaseline",
        default_baseline=True,
        operating_system="WINDOWS")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ssm"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := ssm.LookupPatchBaseline(ctx, &ssm.LookupPatchBaselineArgs{
    			Owner:           "Self",
    			NamePrefix:      pulumi.StringRef("MyCustomBaseline"),
    			DefaultBaseline: pulumi.BoolRef(true),
    			OperatingSystem: pulumi.StringRef("WINDOWS"),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var defaultCustom = Aws.Ssm.GetPatchBaseline.Invoke(new()
        {
            Owner = "Self",
            NamePrefix = "MyCustomBaseline",
            DefaultBaseline = true,
            OperatingSystem = "WINDOWS",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.ssm.SsmFunctions;
    import com.pulumi.aws.ssm.inputs.GetPatchBaselineArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var defaultCustom = SsmFunctions.getPatchBaseline(GetPatchBaselineArgs.builder()
                .owner("Self")
                .namePrefix("MyCustomBaseline")
                .defaultBaseline(true)
                .operatingSystem("WINDOWS")
                .build());
    
        }
    }
    
    variables:
      defaultCustom:
        fn::invoke:
          Function: aws:ssm:getPatchBaseline
          Arguments:
            owner: Self
            namePrefix: MyCustomBaseline
            defaultBaseline: true
            operatingSystem: WINDOWS
    

    Using getPatchBaseline

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getPatchBaseline(args: GetPatchBaselineArgs, opts?: InvokeOptions): Promise<GetPatchBaselineResult>
    function getPatchBaselineOutput(args: GetPatchBaselineOutputArgs, opts?: InvokeOptions): Output<GetPatchBaselineResult>
    def get_patch_baseline(default_baseline: Optional[bool] = None,
                           name_prefix: Optional[str] = None,
                           operating_system: Optional[str] = None,
                           owner: Optional[str] = None,
                           opts: Optional[InvokeOptions] = None) -> GetPatchBaselineResult
    def get_patch_baseline_output(default_baseline: Optional[pulumi.Input[bool]] = None,
                           name_prefix: Optional[pulumi.Input[str]] = None,
                           operating_system: Optional[pulumi.Input[str]] = None,
                           owner: Optional[pulumi.Input[str]] = None,
                           opts: Optional[InvokeOptions] = None) -> Output[GetPatchBaselineResult]
    func LookupPatchBaseline(ctx *Context, args *LookupPatchBaselineArgs, opts ...InvokeOption) (*LookupPatchBaselineResult, error)
    func LookupPatchBaselineOutput(ctx *Context, args *LookupPatchBaselineOutputArgs, opts ...InvokeOption) LookupPatchBaselineResultOutput

    > Note: This function is named LookupPatchBaseline in the Go SDK.

    public static class GetPatchBaseline 
    {
        public static Task<GetPatchBaselineResult> InvokeAsync(GetPatchBaselineArgs args, InvokeOptions? opts = null)
        public static Output<GetPatchBaselineResult> Invoke(GetPatchBaselineInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetPatchBaselineResult> getPatchBaseline(GetPatchBaselineArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: aws:ssm/getPatchBaseline:getPatchBaseline
      arguments:
        # arguments dictionary

    The following arguments are supported:

    Owner string

    Owner of the baseline. Valid values: All, AWS, Self (the current account).

    The following arguments are optional:

    DefaultBaseline bool
    Filters the results against the baselines default_baseline field.
    NamePrefix string
    Filter results by the baseline name prefix.
    OperatingSystem string
    Specified OS for the baseline. Valid values: AMAZON_LINUX, AMAZON_LINUX_2, UBUNTU, REDHAT_ENTERPRISE_LINUX, SUSE, CENTOS, ORACLE_LINUX, DEBIAN, MACOS, RASPBIAN and ROCKY_LINUX.
    Owner string

    Owner of the baseline. Valid values: All, AWS, Self (the current account).

    The following arguments are optional:

    DefaultBaseline bool
    Filters the results against the baselines default_baseline field.
    NamePrefix string
    Filter results by the baseline name prefix.
    OperatingSystem string
    Specified OS for the baseline. Valid values: AMAZON_LINUX, AMAZON_LINUX_2, UBUNTU, REDHAT_ENTERPRISE_LINUX, SUSE, CENTOS, ORACLE_LINUX, DEBIAN, MACOS, RASPBIAN and ROCKY_LINUX.
    owner String

    Owner of the baseline. Valid values: All, AWS, Self (the current account).

    The following arguments are optional:

    defaultBaseline Boolean
    Filters the results against the baselines default_baseline field.
    namePrefix String
    Filter results by the baseline name prefix.
    operatingSystem String
    Specified OS for the baseline. Valid values: AMAZON_LINUX, AMAZON_LINUX_2, UBUNTU, REDHAT_ENTERPRISE_LINUX, SUSE, CENTOS, ORACLE_LINUX, DEBIAN, MACOS, RASPBIAN and ROCKY_LINUX.
    owner string

    Owner of the baseline. Valid values: All, AWS, Self (the current account).

    The following arguments are optional:

    defaultBaseline boolean
    Filters the results against the baselines default_baseline field.
    namePrefix string
    Filter results by the baseline name prefix.
    operatingSystem string
    Specified OS for the baseline. Valid values: AMAZON_LINUX, AMAZON_LINUX_2, UBUNTU, REDHAT_ENTERPRISE_LINUX, SUSE, CENTOS, ORACLE_LINUX, DEBIAN, MACOS, RASPBIAN and ROCKY_LINUX.
    owner str

    Owner of the baseline. Valid values: All, AWS, Self (the current account).

    The following arguments are optional:

    default_baseline bool
    Filters the results against the baselines default_baseline field.
    name_prefix str
    Filter results by the baseline name prefix.
    operating_system str
    Specified OS for the baseline. Valid values: AMAZON_LINUX, AMAZON_LINUX_2, UBUNTU, REDHAT_ENTERPRISE_LINUX, SUSE, CENTOS, ORACLE_LINUX, DEBIAN, MACOS, RASPBIAN and ROCKY_LINUX.
    owner String

    Owner of the baseline. Valid values: All, AWS, Self (the current account).

    The following arguments are optional:

    defaultBaseline Boolean
    Filters the results against the baselines default_baseline field.
    namePrefix String
    Filter results by the baseline name prefix.
    operatingSystem String
    Specified OS for the baseline. Valid values: AMAZON_LINUX, AMAZON_LINUX_2, UBUNTU, REDHAT_ENTERPRISE_LINUX, SUSE, CENTOS, ORACLE_LINUX, DEBIAN, MACOS, RASPBIAN and ROCKY_LINUX.

    getPatchBaseline Result

    The following output properties are available:

    ApprovalRules List<GetPatchBaselineApprovalRule>
    List of rules used to include patches in the baseline.
    ApprovedPatches List<string>
    List of explicitly approved patches for the baseline.
    ApprovedPatchesComplianceLevel string
    Compliance level for approved patches.
    ApprovedPatchesEnableNonSecurity bool
    Indicates whether the list of approved patches includes non-security updates that should be applied to the instances.
    Description string
    Description of the baseline.
    GlobalFilters List<GetPatchBaselineGlobalFilter>
    Set of global filters used to exclude patches from the baseline.
    Id string
    The provider-assigned unique ID for this managed resource.
    Json string
    JSON representation of the baseline.
    Name string
    Name specified to identify the patch source.
    Owner string
    RejectedPatches List<string>
    List of rejected patches.
    RejectedPatchesAction string
    Action specified to take on patches included in the rejected_patches list.
    Sources List<GetPatchBaselineSource>
    Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
    DefaultBaseline bool
    NamePrefix string
    OperatingSystem string
    ApprovalRules []GetPatchBaselineApprovalRule
    List of rules used to include patches in the baseline.
    ApprovedPatches []string
    List of explicitly approved patches for the baseline.
    ApprovedPatchesComplianceLevel string
    Compliance level for approved patches.
    ApprovedPatchesEnableNonSecurity bool
    Indicates whether the list of approved patches includes non-security updates that should be applied to the instances.
    Description string
    Description of the baseline.
    GlobalFilters []GetPatchBaselineGlobalFilter
    Set of global filters used to exclude patches from the baseline.
    Id string
    The provider-assigned unique ID for this managed resource.
    Json string
    JSON representation of the baseline.
    Name string
    Name specified to identify the patch source.
    Owner string
    RejectedPatches []string
    List of rejected patches.
    RejectedPatchesAction string
    Action specified to take on patches included in the rejected_patches list.
    Sources []GetPatchBaselineSource
    Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
    DefaultBaseline bool
    NamePrefix string
    OperatingSystem string
    approvalRules List<GetPatchBaselineApprovalRule>
    List of rules used to include patches in the baseline.
    approvedPatches List<String>
    List of explicitly approved patches for the baseline.
    approvedPatchesComplianceLevel String
    Compliance level for approved patches.
    approvedPatchesEnableNonSecurity Boolean
    Indicates whether the list of approved patches includes non-security updates that should be applied to the instances.
    description String
    Description of the baseline.
    globalFilters List<GetPatchBaselineGlobalFilter>
    Set of global filters used to exclude patches from the baseline.
    id String
    The provider-assigned unique ID for this managed resource.
    json String
    JSON representation of the baseline.
    name String
    Name specified to identify the patch source.
    owner String
    rejectedPatches List<String>
    List of rejected patches.
    rejectedPatchesAction String
    Action specified to take on patches included in the rejected_patches list.
    sources List<GetPatchBaselineSource>
    Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
    defaultBaseline Boolean
    namePrefix String
    operatingSystem String
    approvalRules GetPatchBaselineApprovalRule[]
    List of rules used to include patches in the baseline.
    approvedPatches string[]
    List of explicitly approved patches for the baseline.
    approvedPatchesComplianceLevel string
    Compliance level for approved patches.
    approvedPatchesEnableNonSecurity boolean
    Indicates whether the list of approved patches includes non-security updates that should be applied to the instances.
    description string
    Description of the baseline.
    globalFilters GetPatchBaselineGlobalFilter[]
    Set of global filters used to exclude patches from the baseline.
    id string
    The provider-assigned unique ID for this managed resource.
    json string
    JSON representation of the baseline.
    name string
    Name specified to identify the patch source.
    owner string
    rejectedPatches string[]
    List of rejected patches.
    rejectedPatchesAction string
    Action specified to take on patches included in the rejected_patches list.
    sources GetPatchBaselineSource[]
    Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
    defaultBaseline boolean
    namePrefix string
    operatingSystem string
    approval_rules Sequence[GetPatchBaselineApprovalRule]
    List of rules used to include patches in the baseline.
    approved_patches Sequence[str]
    List of explicitly approved patches for the baseline.
    approved_patches_compliance_level str
    Compliance level for approved patches.
    approved_patches_enable_non_security bool
    Indicates whether the list of approved patches includes non-security updates that should be applied to the instances.
    description str
    Description of the baseline.
    global_filters Sequence[GetPatchBaselineGlobalFilter]
    Set of global filters used to exclude patches from the baseline.
    id str
    The provider-assigned unique ID for this managed resource.
    json str
    JSON representation of the baseline.
    name str
    Name specified to identify the patch source.
    owner str
    rejected_patches Sequence[str]
    List of rejected patches.
    rejected_patches_action str
    Action specified to take on patches included in the rejected_patches list.
    sources Sequence[GetPatchBaselineSource]
    Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
    default_baseline bool
    name_prefix str
    operating_system str
    approvalRules List<Property Map>
    List of rules used to include patches in the baseline.
    approvedPatches List<String>
    List of explicitly approved patches for the baseline.
    approvedPatchesComplianceLevel String
    Compliance level for approved patches.
    approvedPatchesEnableNonSecurity Boolean
    Indicates whether the list of approved patches includes non-security updates that should be applied to the instances.
    description String
    Description of the baseline.
    globalFilters List<Property Map>
    Set of global filters used to exclude patches from the baseline.
    id String
    The provider-assigned unique ID for this managed resource.
    json String
    JSON representation of the baseline.
    name String
    Name specified to identify the patch source.
    owner String
    rejectedPatches List<String>
    List of rejected patches.
    rejectedPatchesAction String
    Action specified to take on patches included in the rejected_patches list.
    sources List<Property Map>
    Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
    defaultBaseline Boolean
    namePrefix String
    operatingSystem String

    Supporting Types

    GetPatchBaselineApprovalRule

    ApproveAfterDays int
    Number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline.
    ApproveUntilDate string
    Cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as YYYY-MM-DD. Conflicts with approve_after_days
    ComplianceLevel string
    Compliance level for patches approved by this rule.
    EnableNonSecurity bool
    Boolean enabling the application of non-security updates.
    PatchFilters List<GetPatchBaselineApprovalRulePatchFilter>
    Patch filter group that defines the criteria for the rule.
    ApproveAfterDays int
    Number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline.
    ApproveUntilDate string
    Cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as YYYY-MM-DD. Conflicts with approve_after_days
    ComplianceLevel string
    Compliance level for patches approved by this rule.
    EnableNonSecurity bool
    Boolean enabling the application of non-security updates.
    PatchFilters []GetPatchBaselineApprovalRulePatchFilter
    Patch filter group that defines the criteria for the rule.
    approveAfterDays Integer
    Number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline.
    approveUntilDate String
    Cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as YYYY-MM-DD. Conflicts with approve_after_days
    complianceLevel String
    Compliance level for patches approved by this rule.
    enableNonSecurity Boolean
    Boolean enabling the application of non-security updates.
    patchFilters List<GetPatchBaselineApprovalRulePatchFilter>
    Patch filter group that defines the criteria for the rule.
    approveAfterDays number
    Number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline.
    approveUntilDate string
    Cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as YYYY-MM-DD. Conflicts with approve_after_days
    complianceLevel string
    Compliance level for patches approved by this rule.
    enableNonSecurity boolean
    Boolean enabling the application of non-security updates.
    patchFilters GetPatchBaselineApprovalRulePatchFilter[]
    Patch filter group that defines the criteria for the rule.
    approve_after_days int
    Number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline.
    approve_until_date str
    Cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as YYYY-MM-DD. Conflicts with approve_after_days
    compliance_level str
    Compliance level for patches approved by this rule.
    enable_non_security bool
    Boolean enabling the application of non-security updates.
    patch_filters Sequence[GetPatchBaselineApprovalRulePatchFilter]
    Patch filter group that defines the criteria for the rule.
    approveAfterDays Number
    Number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline.
    approveUntilDate String
    Cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as YYYY-MM-DD. Conflicts with approve_after_days
    complianceLevel String
    Compliance level for patches approved by this rule.
    enableNonSecurity Boolean
    Boolean enabling the application of non-security updates.
    patchFilters List<Property Map>
    Patch filter group that defines the criteria for the rule.

    GetPatchBaselineApprovalRulePatchFilter

    Key string
    Key for the filter.
    Values List<string>
    Value for the filter.
    Key string
    Key for the filter.
    Values []string
    Value for the filter.
    key String
    Key for the filter.
    values List<String>
    Value for the filter.
    key string
    Key for the filter.
    values string[]
    Value for the filter.
    key str
    Key for the filter.
    values Sequence[str]
    Value for the filter.
    key String
    Key for the filter.
    values List<String>
    Value for the filter.

    GetPatchBaselineGlobalFilter

    Key string
    Key for the filter.
    Values List<string>
    Value for the filter.
    Key string
    Key for the filter.
    Values []string
    Value for the filter.
    key String
    Key for the filter.
    values List<String>
    Value for the filter.
    key string
    Key for the filter.
    values string[]
    Value for the filter.
    key str
    Key for the filter.
    values Sequence[str]
    Value for the filter.
    key String
    Key for the filter.
    values List<String>
    Value for the filter.

    GetPatchBaselineSource

    Configuration string
    Value of the yum repo configuration.
    Name string
    Name specified to identify the patch source.
    Products List<string>
    Specific operating system versions a patch repository applies to.
    Configuration string
    Value of the yum repo configuration.
    Name string
    Name specified to identify the patch source.
    Products []string
    Specific operating system versions a patch repository applies to.
    configuration String
    Value of the yum repo configuration.
    name String
    Name specified to identify the patch source.
    products List<String>
    Specific operating system versions a patch repository applies to.
    configuration string
    Value of the yum repo configuration.
    name string
    Name specified to identify the patch source.
    products string[]
    Specific operating system versions a patch repository applies to.
    configuration str
    Value of the yum repo configuration.
    name str
    Name specified to identify the patch source.
    products Sequence[str]
    Specific operating system versions a patch repository applies to.
    configuration String
    Value of the yum repo configuration.
    name String
    Name specified to identify the patch source.
    products List<String>
    Specific operating system versions a patch repository applies to.

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo

    Try AWS Native preview for resources not in the classic version.

    AWS Classic v6.40.0 published on Wednesday, Jun 12, 2024 by Pulumi