AWS Classic v5.41.0, May 15 23

aws.ssm.getPatchBaseline

Explore with Pulumi AI

Provides an SSM Patch Baseline data source. Useful if you wish to reuse the default baselines provided.

Example Usage

To retrieve a baseline provided by AWS

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var centos = Aws.Ssm.GetPatchBaseline.Invoke(new()
    {
        NamePrefix = "AWS-",
        OperatingSystem = "CENTOS",
        Owner = "AWS",
    });

});

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ssm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ssm.LookupPatchBaseline(ctx, &ssm.LookupPatchBaselineArgs{
			NamePrefix:      pulumi.StringRef("AWS-"),
			OperatingSystem: pulumi.StringRef("CENTOS"),
			Owner:           "AWS",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ssm.SsmFunctions;
import com.pulumi.aws.ssm.inputs.GetPatchBaselineArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var centos = SsmFunctions.getPatchBaseline(GetPatchBaselineArgs.builder()
            .namePrefix("AWS-")
            .operatingSystem("CENTOS")
            .owner("AWS")
            .build());

    }
}

import pulumi
import pulumi_aws as aws

centos = aws.ssm.get_patch_baseline(name_prefix="AWS-",
    operating_system="CENTOS",
    owner="AWS")

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const centos = aws.ssm.getPatchBaseline({
    namePrefix: "AWS-",
    operatingSystem: "CENTOS",
    owner: "AWS",
});

variables:
  centos:
    fn::invoke:
      Function: aws:ssm:getPatchBaseline
      Arguments:
        namePrefix: AWS-
        operatingSystem: CENTOS
        owner: AWS

To retrieve a baseline on your account

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var defaultCustom = Aws.Ssm.GetPatchBaseline.Invoke(new()
    {
        DefaultBaseline = true,
        NamePrefix = "MyCustomBaseline",
        OperatingSystem = "WINDOWS",
        Owner = "Self",
    });

});

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ssm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ssm.LookupPatchBaseline(ctx, &ssm.LookupPatchBaselineArgs{
			DefaultBaseline: pulumi.BoolRef(true),
			NamePrefix:      pulumi.StringRef("MyCustomBaseline"),
			OperatingSystem: pulumi.StringRef("WINDOWS"),
			Owner:           "Self",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ssm.SsmFunctions;
import com.pulumi.aws.ssm.inputs.GetPatchBaselineArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var defaultCustom = SsmFunctions.getPatchBaseline(GetPatchBaselineArgs.builder()
            .defaultBaseline(true)
            .namePrefix("MyCustomBaseline")
            .operatingSystem("WINDOWS")
            .owner("Self")
            .build());

    }
}

import pulumi
import pulumi_aws as aws

default_custom = aws.ssm.get_patch_baseline(default_baseline=True,
    name_prefix="MyCustomBaseline",
    operating_system="WINDOWS",
    owner="Self")

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const defaultCustom = aws.ssm.getPatchBaseline({
    defaultBaseline: true,
    namePrefix: "MyCustomBaseline",
    operatingSystem: "WINDOWS",
    owner: "Self",
});

variables:
  defaultCustom:
    fn::invoke:
      Function: aws:ssm:getPatchBaseline
      Arguments:
        defaultBaseline: true
        namePrefix: MyCustomBaseline
        operatingSystem: WINDOWS
        owner: Self

Using getPatchBaseline

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getPatchBaseline(args: GetPatchBaselineArgs, opts?: InvokeOptions): Promise<GetPatchBaselineResult>
function getPatchBaselineOutput(args: GetPatchBaselineOutputArgs, opts?: InvokeOptions): Output<GetPatchBaselineResult>

def get_patch_baseline(default_baseline: Optional[bool] = None,
                       name_prefix: Optional[str] = None,
                       operating_system: Optional[str] = None,
                       owner: Optional[str] = None,
                       opts: Optional[InvokeOptions] = None) -> GetPatchBaselineResult
def get_patch_baseline_output(default_baseline: Optional[pulumi.Input[bool]] = None,
                       name_prefix: Optional[pulumi.Input[str]] = None,
                       operating_system: Optional[pulumi.Input[str]] = None,
                       owner: Optional[pulumi.Input[str]] = None,
                       opts: Optional[InvokeOptions] = None) -> Output[GetPatchBaselineResult]

func LookupPatchBaseline(ctx *Context, args *LookupPatchBaselineArgs, opts ...InvokeOption) (*LookupPatchBaselineResult, error)
func LookupPatchBaselineOutput(ctx *Context, args *LookupPatchBaselineOutputArgs, opts ...InvokeOption) LookupPatchBaselineResultOutput

> Note: This function is named LookupPatchBaseline in the Go SDK.

public static class GetPatchBaseline 
{
    public static Task<GetPatchBaselineResult> InvokeAsync(GetPatchBaselineArgs args, InvokeOptions? opts = null)
    public static Output<GetPatchBaselineResult> Invoke(GetPatchBaselineInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetPatchBaselineResult> getPatchBaseline(GetPatchBaselineArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet

fn::invoke:
  function: aws:ssm/getPatchBaseline:getPatchBaseline
  arguments:
    # arguments dictionary

The following arguments are supported:

Owner string: Owner of the baseline. Valid values: All, AWS, Self (the current account).
DefaultBaseline bool: Filters the results against the baselines default_baseline field.
NamePrefix string: Filter results by the baseline name prefix.
OperatingSystem string: Specified OS for the baseline. Valid values: AMAZON_LINUX, AMAZON_LINUX_2, UBUNTU, REDHAT_ENTERPRISE_LINUX, SUSE, CENTOS, ORACLE_LINUX, DEBIAN, MACOS, RASPBIAN and ROCKY_LINUX.

Owner string: Owner of the baseline. Valid values: All, AWS, Self (the current account).
DefaultBaseline bool: Filters the results against the baselines default_baseline field.
NamePrefix string: Filter results by the baseline name prefix.
OperatingSystem string: Specified OS for the baseline. Valid values: AMAZON_LINUX, AMAZON_LINUX_2, UBUNTU, REDHAT_ENTERPRISE_LINUX, SUSE, CENTOS, ORACLE_LINUX, DEBIAN, MACOS, RASPBIAN and ROCKY_LINUX.

owner String: Owner of the baseline. Valid values: All, AWS, Self (the current account).
defaultBaseline Boolean: Filters the results against the baselines default_baseline field.
namePrefix String: Filter results by the baseline name prefix.
operatingSystem String: Specified OS for the baseline. Valid values: AMAZON_LINUX, AMAZON_LINUX_2, UBUNTU, REDHAT_ENTERPRISE_LINUX, SUSE, CENTOS, ORACLE_LINUX, DEBIAN, MACOS, RASPBIAN and ROCKY_LINUX.

owner string: Owner of the baseline. Valid values: All, AWS, Self (the current account).
defaultBaseline boolean: Filters the results against the baselines default_baseline field.
namePrefix string: Filter results by the baseline name prefix.
operatingSystem string: Specified OS for the baseline. Valid values: AMAZON_LINUX, AMAZON_LINUX_2, UBUNTU, REDHAT_ENTERPRISE_LINUX, SUSE, CENTOS, ORACLE_LINUX, DEBIAN, MACOS, RASPBIAN and ROCKY_LINUX.

owner str: Owner of the baseline. Valid values: All, AWS, Self (the current account).
default_baseline bool: Filters the results against the baselines default_baseline field.
name_prefix str: Filter results by the baseline name prefix.
operating_system str: Specified OS for the baseline. Valid values: AMAZON_LINUX, AMAZON_LINUX_2, UBUNTU, REDHAT_ENTERPRISE_LINUX, SUSE, CENTOS, ORACLE_LINUX, DEBIAN, MACOS, RASPBIAN and ROCKY_LINUX.

owner String: Owner of the baseline. Valid values: All, AWS, Self (the current account).
defaultBaseline Boolean: Filters the results against the baselines default_baseline field.
namePrefix String: Filter results by the baseline name prefix.
operatingSystem String: Specified OS for the baseline. Valid values: AMAZON_LINUX, AMAZON_LINUX_2, UBUNTU, REDHAT_ENTERPRISE_LINUX, SUSE, CENTOS, ORACLE_LINUX, DEBIAN, MACOS, RASPBIAN and ROCKY_LINUX.

getPatchBaseline Result

The following output properties are available:

ApprovalRules List<Pulumi.Aws.Ssm.Outputs.GetPatchBaselineApprovalRule>: List of rules used to include patches in the baseline.
ApprovedPatches List<string>: List of explicitly approved patches for the baseline.
ApprovedPatchesComplianceLevel string: The compliance level for approved patches.
ApprovedPatchesEnableNonSecurity bool: Indicates whether the list of approved patches includes non-security updates that should be applied to the instances.
Description string: Description of the baseline.
GlobalFilters List<Pulumi.Aws.Ssm.Outputs.GetPatchBaselineGlobalFilter>: Set of global filters used to exclude patches from the baseline.
Id string: The provider-assigned unique ID for this managed resource.
Name string: The name specified to identify the patch source.
Owner string
RejectedPatches List<string>: List of rejected patches.
RejectedPatchesAction string: The action specified to take on patches included in the rejected_patches list.
Sources List<Pulumi.Aws.Ssm.Outputs.GetPatchBaselineSource>: Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
DefaultBaseline bool
NamePrefix string
OperatingSystem string

ApprovalRules []GetPatchBaselineApprovalRule: List of rules used to include patches in the baseline.
ApprovedPatches []string: List of explicitly approved patches for the baseline.
ApprovedPatchesComplianceLevel string: The compliance level for approved patches.
ApprovedPatchesEnableNonSecurity bool: Indicates whether the list of approved patches includes non-security updates that should be applied to the instances.
Description string: Description of the baseline.
GlobalFilters []GetPatchBaselineGlobalFilter: Set of global filters used to exclude patches from the baseline.
Id string: The provider-assigned unique ID for this managed resource.
Name string: The name specified to identify the patch source.
Owner string
RejectedPatches []string: List of rejected patches.
RejectedPatchesAction string: The action specified to take on patches included in the rejected_patches list.
Sources []GetPatchBaselineSource: Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
DefaultBaseline bool
NamePrefix string
OperatingSystem string

approvalRules List<GetPatchBaselineApprovalRule>: List of rules used to include patches in the baseline.
approvedPatches List<String>: List of explicitly approved patches for the baseline.
approvedPatchesComplianceLevel String: The compliance level for approved patches.
approvedPatchesEnableNonSecurity Boolean: Indicates whether the list of approved patches includes non-security updates that should be applied to the instances.
description String: Description of the baseline.
globalFilters List<GetPatchBaselineGlobalFilter>: Set of global filters used to exclude patches from the baseline.
id String: The provider-assigned unique ID for this managed resource.
name String: The name specified to identify the patch source.
owner String
rejectedPatches List<String>: List of rejected patches.
rejectedPatchesAction String: The action specified to take on patches included in the rejected_patches list.
sources List<GetPatchBaselineSource>: Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
defaultBaseline Boolean
namePrefix String
operatingSystem String

approvalRules GetPatchBaselineApprovalRule[]: List of rules used to include patches in the baseline.
approvedPatches string[]: List of explicitly approved patches for the baseline.
approvedPatchesComplianceLevel string: The compliance level for approved patches.
approvedPatchesEnableNonSecurity boolean: Indicates whether the list of approved patches includes non-security updates that should be applied to the instances.
description string: Description of the baseline.
globalFilters GetPatchBaselineGlobalFilter[]: Set of global filters used to exclude patches from the baseline.
id string: The provider-assigned unique ID for this managed resource.
name string: The name specified to identify the patch source.
owner string
rejectedPatches string[]: List of rejected patches.
rejectedPatchesAction string: The action specified to take on patches included in the rejected_patches list.
sources GetPatchBaselineSource[]: Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
defaultBaseline boolean
namePrefix string
operatingSystem string

approval_rules Sequence[GetPatchBaselineApprovalRule]: List of rules used to include patches in the baseline.
approved_patches Sequence[str]: List of explicitly approved patches for the baseline.
approved_patches_compliance_level str: The compliance level for approved patches.
approved_patches_enable_non_security bool: Indicates whether the list of approved patches includes non-security updates that should be applied to the instances.
description str: Description of the baseline.
global_filters Sequence[GetPatchBaselineGlobalFilter]: Set of global filters used to exclude patches from the baseline.
id str: The provider-assigned unique ID for this managed resource.
name str: The name specified to identify the patch source.
owner str
rejected_patches Sequence[str]: List of rejected patches.
rejected_patches_action str: The action specified to take on patches included in the rejected_patches list.
sources Sequence[GetPatchBaselineSource]: Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
default_baseline bool
name_prefix str
operating_system str

approvalRules List<Property Map>: List of rules used to include patches in the baseline.
approvedPatches List<String>: List of explicitly approved patches for the baseline.
approvedPatchesComplianceLevel String: The compliance level for approved patches.
approvedPatchesEnableNonSecurity Boolean: Indicates whether the list of approved patches includes non-security updates that should be applied to the instances.
description String: Description of the baseline.
globalFilters List<Property Map>: Set of global filters used to exclude patches from the baseline.
id String: The provider-assigned unique ID for this managed resource.
name String: The name specified to identify the patch source.
owner String
rejectedPatches List<String>: List of rejected patches.
rejectedPatchesAction String: The action specified to take on patches included in the rejected_patches list.
sources List<Property Map>: Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
defaultBaseline Boolean
namePrefix String
operatingSystem String

Supporting Types

GetPatchBaselineApprovalRule

ApproveAfterDays int: The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline.
ApproveUntilDate string: The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as YYYY-MM-DD. Conflicts with approve_after_days
ComplianceLevel string: The compliance level for patches approved by this rule.
EnableNonSecurity bool: Boolean enabling the application of non-security updates.
PatchFilters List<Pulumi.Aws.Ssm.Inputs.GetPatchBaselineApprovalRulePatchFilter>: The patch filter group that defines the criteria for the rule.

ApproveAfterDays int: The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline.
ApproveUntilDate string: The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as YYYY-MM-DD. Conflicts with approve_after_days
ComplianceLevel string: The compliance level for patches approved by this rule.
EnableNonSecurity bool: Boolean enabling the application of non-security updates.
PatchFilters []GetPatchBaselineApprovalRulePatchFilter: The patch filter group that defines the criteria for the rule.

approveAfterDays Integer: The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline.
approveUntilDate String: The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as YYYY-MM-DD. Conflicts with approve_after_days
complianceLevel String: The compliance level for patches approved by this rule.
enableNonSecurity Boolean: Boolean enabling the application of non-security updates.
patchFilters List<GetPatchBaselineApprovalRulePatchFilter>: The patch filter group that defines the criteria for the rule.

approveAfterDays number: The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline.
approveUntilDate string: The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as YYYY-MM-DD. Conflicts with approve_after_days
complianceLevel string: The compliance level for patches approved by this rule.
enableNonSecurity boolean: Boolean enabling the application of non-security updates.
patchFilters GetPatchBaselineApprovalRulePatchFilter[]: The patch filter group that defines the criteria for the rule.

approve_after_days int: The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline.
approve_until_date str: The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as YYYY-MM-DD. Conflicts with approve_after_days
compliance_level str: The compliance level for patches approved by this rule.
enable_non_security bool: Boolean enabling the application of non-security updates.
patch_filters Sequence[GetPatchBaselineApprovalRulePatchFilter]: The patch filter group that defines the criteria for the rule.

approveAfterDays Number: The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline.
approveUntilDate String: The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as YYYY-MM-DD. Conflicts with approve_after_days
complianceLevel String: The compliance level for patches approved by this rule.
enableNonSecurity Boolean: Boolean enabling the application of non-security updates.
patchFilters List<Property Map>: The patch filter group that defines the criteria for the rule.

GetPatchBaselineApprovalRulePatchFilter

Key string: The key for the filter.
Values List<string>: The value for the filter.

Key string: The key for the filter.
Values []string: The value for the filter.

key String: The key for the filter.
values List<String>: The value for the filter.

key string: The key for the filter.
values string[]: The value for the filter.

key str: The key for the filter.
values Sequence[str]: The value for the filter.

key String: The key for the filter.
values List<String>: The value for the filter.

GetPatchBaselineGlobalFilter

Key string: The key for the filter.
Values List<string>: The value for the filter.

Key string: The key for the filter.
Values []string: The value for the filter.

key String: The key for the filter.
values List<String>: The value for the filter.

key string: The key for the filter.
values string[]: The value for the filter.

key str: The key for the filter.
values Sequence[str]: The value for the filter.

key String: The key for the filter.
values List<String>: The value for the filter.

GetPatchBaselineSource

Configuration string: The value of the yum repo configuration.
Name string: The name specified to identify the patch source.
Products List<string>: The specific operating system versions a patch repository applies to.

Configuration string: The value of the yum repo configuration.
Name string: The name specified to identify the patch source.
Products []string: The specific operating system versions a patch repository applies to.

configuration String: The value of the yum repo configuration.
name String: The name specified to identify the patch source.
products List<String>: The specific operating system versions a patch repository applies to.

configuration string: The value of the yum repo configuration.
name string: The name specified to identify the patch source.
products string[]: The specific operating system versions a patch repository applies to.

configuration str: The value of the yum repo configuration.
name str: The name specified to identify the patch source.
products Sequence[str]: The specific operating system versions a patch repository applies to.

configuration String: The value of the yum repo configuration.
name String: The name specified to identify the patch source.
products List<String>: The specific operating system versions a patch repository applies to.

Package Details

Repository: AWS Classic pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.