aws logo
AWS Classic v5.28.0, Jan 23 23

aws.ssm.PatchBaseline

Provides an SSM Patch Baseline resource.

NOTE on Patch Baselines: The approved_patches and approval_rule are both marked as optional fields, but the Patch Baseline requires that at least one of them is specified.

Example Usage

Basic Usage

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var production = new Aws.Ssm.PatchBaseline("production", new()
    {
        ApprovedPatches = new[]
        {
            "KB123456",
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ssm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ssm.NewPatchBaseline(ctx, "production", &ssm.PatchBaselineArgs{
			ApprovedPatches: pulumi.StringArray{
				pulumi.String("KB123456"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ssm.PatchBaseline;
import com.pulumi.aws.ssm.PatchBaselineArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var production = new PatchBaseline("production", PatchBaselineArgs.builder()        
            .approvedPatches("KB123456")
            .build());

    }
}
import pulumi
import pulumi_aws as aws

production = aws.ssm.PatchBaseline("production", approved_patches=["KB123456"])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const production = new aws.ssm.PatchBaseline("production", {approvedPatches: ["KB123456"]});
resources:
  production:
    type: aws:ssm:PatchBaseline
    properties:
      approvedPatches:
        - KB123456

Advanced Usage, specifying patch filters

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var production = new Aws.Ssm.PatchBaseline("production", new()
    {
        ApprovalRules = new[]
        {
            new Aws.Ssm.Inputs.PatchBaselineApprovalRuleArgs
            {
                ApproveAfterDays = 7,
                ComplianceLevel = "HIGH",
                PatchFilters = new[]
                {
                    new Aws.Ssm.Inputs.PatchBaselineApprovalRulePatchFilterArgs
                    {
                        Key = "PRODUCT",
                        Values = new[]
                        {
                            "WindowsServer2016",
                        },
                    },
                    new Aws.Ssm.Inputs.PatchBaselineApprovalRulePatchFilterArgs
                    {
                        Key = "CLASSIFICATION",
                        Values = new[]
                        {
                            "CriticalUpdates",
                            "SecurityUpdates",
                            "Updates",
                        },
                    },
                    new Aws.Ssm.Inputs.PatchBaselineApprovalRulePatchFilterArgs
                    {
                        Key = "MSRC_SEVERITY",
                        Values = new[]
                        {
                            "Critical",
                            "Important",
                            "Moderate",
                        },
                    },
                },
            },
            new Aws.Ssm.Inputs.PatchBaselineApprovalRuleArgs
            {
                ApproveAfterDays = 7,
                PatchFilters = new[]
                {
                    new Aws.Ssm.Inputs.PatchBaselineApprovalRulePatchFilterArgs
                    {
                        Key = "PRODUCT",
                        Values = new[]
                        {
                            "WindowsServer2012",
                        },
                    },
                },
            },
        },
        ApprovedPatches = new[]
        {
            "KB123456",
            "KB456789",
        },
        Description = "Patch Baseline Description",
        GlobalFilters = new[]
        {
            new Aws.Ssm.Inputs.PatchBaselineGlobalFilterArgs
            {
                Key = "PRODUCT",
                Values = new[]
                {
                    "WindowsServer2008",
                },
            },
            new Aws.Ssm.Inputs.PatchBaselineGlobalFilterArgs
            {
                Key = "CLASSIFICATION",
                Values = new[]
                {
                    "ServicePacks",
                },
            },
            new Aws.Ssm.Inputs.PatchBaselineGlobalFilterArgs
            {
                Key = "MSRC_SEVERITY",
                Values = new[]
                {
                    "Low",
                },
            },
        },
        RejectedPatches = new[]
        {
            "KB987654",
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ssm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ssm.NewPatchBaseline(ctx, "production", &ssm.PatchBaselineArgs{
			ApprovalRules: ssm.PatchBaselineApprovalRuleArray{
				&ssm.PatchBaselineApprovalRuleArgs{
					ApproveAfterDays: pulumi.Int(7),
					ComplianceLevel:  pulumi.String("HIGH"),
					PatchFilters: ssm.PatchBaselineApprovalRulePatchFilterArray{
						&ssm.PatchBaselineApprovalRulePatchFilterArgs{
							Key: pulumi.String("PRODUCT"),
							Values: pulumi.StringArray{
								pulumi.String("WindowsServer2016"),
							},
						},
						&ssm.PatchBaselineApprovalRulePatchFilterArgs{
							Key: pulumi.String("CLASSIFICATION"),
							Values: pulumi.StringArray{
								pulumi.String("CriticalUpdates"),
								pulumi.String("SecurityUpdates"),
								pulumi.String("Updates"),
							},
						},
						&ssm.PatchBaselineApprovalRulePatchFilterArgs{
							Key: pulumi.String("MSRC_SEVERITY"),
							Values: pulumi.StringArray{
								pulumi.String("Critical"),
								pulumi.String("Important"),
								pulumi.String("Moderate"),
							},
						},
					},
				},
				&ssm.PatchBaselineApprovalRuleArgs{
					ApproveAfterDays: pulumi.Int(7),
					PatchFilters: ssm.PatchBaselineApprovalRulePatchFilterArray{
						&ssm.PatchBaselineApprovalRulePatchFilterArgs{
							Key: pulumi.String("PRODUCT"),
							Values: pulumi.StringArray{
								pulumi.String("WindowsServer2012"),
							},
						},
					},
				},
			},
			ApprovedPatches: pulumi.StringArray{
				pulumi.String("KB123456"),
				pulumi.String("KB456789"),
			},
			Description: pulumi.String("Patch Baseline Description"),
			GlobalFilters: ssm.PatchBaselineGlobalFilterArray{
				&ssm.PatchBaselineGlobalFilterArgs{
					Key: pulumi.String("PRODUCT"),
					Values: pulumi.StringArray{
						pulumi.String("WindowsServer2008"),
					},
				},
				&ssm.PatchBaselineGlobalFilterArgs{
					Key: pulumi.String("CLASSIFICATION"),
					Values: pulumi.StringArray{
						pulumi.String("ServicePacks"),
					},
				},
				&ssm.PatchBaselineGlobalFilterArgs{
					Key: pulumi.String("MSRC_SEVERITY"),
					Values: pulumi.StringArray{
						pulumi.String("Low"),
					},
				},
			},
			RejectedPatches: pulumi.StringArray{
				pulumi.String("KB987654"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ssm.PatchBaseline;
import com.pulumi.aws.ssm.PatchBaselineArgs;
import com.pulumi.aws.ssm.inputs.PatchBaselineApprovalRuleArgs;
import com.pulumi.aws.ssm.inputs.PatchBaselineGlobalFilterArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var production = new PatchBaseline("production", PatchBaselineArgs.builder()        
            .approvalRules(            
                PatchBaselineApprovalRuleArgs.builder()
                    .approveAfterDays(7)
                    .complianceLevel("HIGH")
                    .patchFilters(                    
                        PatchBaselineApprovalRulePatchFilterArgs.builder()
                            .key("PRODUCT")
                            .values("WindowsServer2016")
                            .build(),
                        PatchBaselineApprovalRulePatchFilterArgs.builder()
                            .key("CLASSIFICATION")
                            .values(                            
                                "CriticalUpdates",
                                "SecurityUpdates",
                                "Updates")
                            .build(),
                        PatchBaselineApprovalRulePatchFilterArgs.builder()
                            .key("MSRC_SEVERITY")
                            .values(                            
                                "Critical",
                                "Important",
                                "Moderate")
                            .build())
                    .build(),
                PatchBaselineApprovalRuleArgs.builder()
                    .approveAfterDays(7)
                    .patchFilters(PatchBaselineApprovalRulePatchFilterArgs.builder()
                        .key("PRODUCT")
                        .values("WindowsServer2012")
                        .build())
                    .build())
            .approvedPatches(            
                "KB123456",
                "KB456789")
            .description("Patch Baseline Description")
            .globalFilters(            
                PatchBaselineGlobalFilterArgs.builder()
                    .key("PRODUCT")
                    .values("WindowsServer2008")
                    .build(),
                PatchBaselineGlobalFilterArgs.builder()
                    .key("CLASSIFICATION")
                    .values("ServicePacks")
                    .build(),
                PatchBaselineGlobalFilterArgs.builder()
                    .key("MSRC_SEVERITY")
                    .values("Low")
                    .build())
            .rejectedPatches("KB987654")
            .build());

    }
}
import pulumi
import pulumi_aws as aws

production = aws.ssm.PatchBaseline("production",
    approval_rules=[
        aws.ssm.PatchBaselineApprovalRuleArgs(
            approve_after_days=7,
            compliance_level="HIGH",
            patch_filters=[
                aws.ssm.PatchBaselineApprovalRulePatchFilterArgs(
                    key="PRODUCT",
                    values=["WindowsServer2016"],
                ),
                aws.ssm.PatchBaselineApprovalRulePatchFilterArgs(
                    key="CLASSIFICATION",
                    values=[
                        "CriticalUpdates",
                        "SecurityUpdates",
                        "Updates",
                    ],
                ),
                aws.ssm.PatchBaselineApprovalRulePatchFilterArgs(
                    key="MSRC_SEVERITY",
                    values=[
                        "Critical",
                        "Important",
                        "Moderate",
                    ],
                ),
            ],
        ),
        aws.ssm.PatchBaselineApprovalRuleArgs(
            approve_after_days=7,
            patch_filters=[aws.ssm.PatchBaselineApprovalRulePatchFilterArgs(
                key="PRODUCT",
                values=["WindowsServer2012"],
            )],
        ),
    ],
    approved_patches=[
        "KB123456",
        "KB456789",
    ],
    description="Patch Baseline Description",
    global_filters=[
        aws.ssm.PatchBaselineGlobalFilterArgs(
            key="PRODUCT",
            values=["WindowsServer2008"],
        ),
        aws.ssm.PatchBaselineGlobalFilterArgs(
            key="CLASSIFICATION",
            values=["ServicePacks"],
        ),
        aws.ssm.PatchBaselineGlobalFilterArgs(
            key="MSRC_SEVERITY",
            values=["Low"],
        ),
    ],
    rejected_patches=["KB987654"])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const production = new aws.ssm.PatchBaseline("production", {
    approvalRules: [
        {
            approveAfterDays: 7,
            complianceLevel: "HIGH",
            patchFilters: [
                {
                    key: "PRODUCT",
                    values: ["WindowsServer2016"],
                },
                {
                    key: "CLASSIFICATION",
                    values: [
                        "CriticalUpdates",
                        "SecurityUpdates",
                        "Updates",
                    ],
                },
                {
                    key: "MSRC_SEVERITY",
                    values: [
                        "Critical",
                        "Important",
                        "Moderate",
                    ],
                },
            ],
        },
        {
            approveAfterDays: 7,
            patchFilters: [{
                key: "PRODUCT",
                values: ["WindowsServer2012"],
            }],
        },
    ],
    approvedPatches: [
        "KB123456",
        "KB456789",
    ],
    description: "Patch Baseline Description",
    globalFilters: [
        {
            key: "PRODUCT",
            values: ["WindowsServer2008"],
        },
        {
            key: "CLASSIFICATION",
            values: ["ServicePacks"],
        },
        {
            key: "MSRC_SEVERITY",
            values: ["Low"],
        },
    ],
    rejectedPatches: ["KB987654"],
});
resources:
  production:
    type: aws:ssm:PatchBaseline
    properties:
      approvalRules:
        - approveAfterDays: 7
          complianceLevel: HIGH
          patchFilters:
            - key: PRODUCT
              values:
                - WindowsServer2016
            - key: CLASSIFICATION
              values:
                - CriticalUpdates
                - SecurityUpdates
                - Updates
            - key: MSRC_SEVERITY
              values:
                - Critical
                - Important
                - Moderate
        - approveAfterDays: 7
          patchFilters:
            - key: PRODUCT
              values:
                - WindowsServer2012
      approvedPatches:
        - KB123456
        - KB456789
      description: Patch Baseline Description
      globalFilters:
        - key: PRODUCT
          values:
            - WindowsServer2008
        - key: CLASSIFICATION
          values:
            - ServicePacks
        - key: MSRC_SEVERITY
          values:
            - Low
      rejectedPatches:
        - KB987654

Advanced usage, specifying Microsoft application and Windows patch rules

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var windowsOsApps = new Aws.Ssm.PatchBaseline("windowsOsApps", new()
    {
        ApprovalRules = new[]
        {
            new Aws.Ssm.Inputs.PatchBaselineApprovalRuleArgs
            {
                ApproveAfterDays = 7,
                PatchFilters = new[]
                {
                    new Aws.Ssm.Inputs.PatchBaselineApprovalRulePatchFilterArgs
                    {
                        Key = "CLASSIFICATION",
                        Values = new[]
                        {
                            "CriticalUpdates",
                            "SecurityUpdates",
                        },
                    },
                    new Aws.Ssm.Inputs.PatchBaselineApprovalRulePatchFilterArgs
                    {
                        Key = "MSRC_SEVERITY",
                        Values = new[]
                        {
                            "Critical",
                            "Important",
                        },
                    },
                },
            },
            new Aws.Ssm.Inputs.PatchBaselineApprovalRuleArgs
            {
                ApproveAfterDays = 7,
                PatchFilters = new[]
                {
                    new Aws.Ssm.Inputs.PatchBaselineApprovalRulePatchFilterArgs
                    {
                        Key = "PATCH_SET",
                        Values = new[]
                        {
                            "APPLICATION",
                        },
                    },
                    new Aws.Ssm.Inputs.PatchBaselineApprovalRulePatchFilterArgs
                    {
                        Key = "PRODUCT",
                        Values = new[]
                        {
                            "Office 2013",
                            "Office 2016",
                        },
                    },
                },
            },
        },
        Description = "Patch both Windows and Microsoft apps",
        OperatingSystem = "WINDOWS",
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ssm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ssm.NewPatchBaseline(ctx, "windowsOsApps", &ssm.PatchBaselineArgs{
			ApprovalRules: ssm.PatchBaselineApprovalRuleArray{
				&ssm.PatchBaselineApprovalRuleArgs{
					ApproveAfterDays: pulumi.Int(7),
					PatchFilters: ssm.PatchBaselineApprovalRulePatchFilterArray{
						&ssm.PatchBaselineApprovalRulePatchFilterArgs{
							Key: pulumi.String("CLASSIFICATION"),
							Values: pulumi.StringArray{
								pulumi.String("CriticalUpdates"),
								pulumi.String("SecurityUpdates"),
							},
						},
						&ssm.PatchBaselineApprovalRulePatchFilterArgs{
							Key: pulumi.String("MSRC_SEVERITY"),
							Values: pulumi.StringArray{
								pulumi.String("Critical"),
								pulumi.String("Important"),
							},
						},
					},
				},
				&ssm.PatchBaselineApprovalRuleArgs{
					ApproveAfterDays: pulumi.Int(7),
					PatchFilters: ssm.PatchBaselineApprovalRulePatchFilterArray{
						&ssm.PatchBaselineApprovalRulePatchFilterArgs{
							Key: pulumi.String("PATCH_SET"),
							Values: pulumi.StringArray{
								pulumi.String("APPLICATION"),
							},
						},
						&ssm.PatchBaselineApprovalRulePatchFilterArgs{
							Key: pulumi.String("PRODUCT"),
							Values: pulumi.StringArray{
								pulumi.String("Office 2013"),
								pulumi.String("Office 2016"),
							},
						},
					},
				},
			},
			Description:     pulumi.String("Patch both Windows and Microsoft apps"),
			OperatingSystem: pulumi.String("WINDOWS"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ssm.PatchBaseline;
import com.pulumi.aws.ssm.PatchBaselineArgs;
import com.pulumi.aws.ssm.inputs.PatchBaselineApprovalRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var windowsOsApps = new PatchBaseline("windowsOsApps", PatchBaselineArgs.builder()        
            .approvalRules(            
                PatchBaselineApprovalRuleArgs.builder()
                    .approveAfterDays(7)
                    .patchFilters(                    
                        PatchBaselineApprovalRulePatchFilterArgs.builder()
                            .key("CLASSIFICATION")
                            .values(                            
                                "CriticalUpdates",
                                "SecurityUpdates")
                            .build(),
                        PatchBaselineApprovalRulePatchFilterArgs.builder()
                            .key("MSRC_SEVERITY")
                            .values(                            
                                "Critical",
                                "Important")
                            .build())
                    .build(),
                PatchBaselineApprovalRuleArgs.builder()
                    .approveAfterDays(7)
                    .patchFilters(                    
                        PatchBaselineApprovalRulePatchFilterArgs.builder()
                            .key("PATCH_SET")
                            .values("APPLICATION")
                            .build(),
                        PatchBaselineApprovalRulePatchFilterArgs.builder()
                            .key("PRODUCT")
                            .values(                            
                                "Office 2013",
                                "Office 2016")
                            .build())
                    .build())
            .description("Patch both Windows and Microsoft apps")
            .operatingSystem("WINDOWS")
            .build());

    }
}
import pulumi
import pulumi_aws as aws

windows_os_apps = aws.ssm.PatchBaseline("windowsOsApps",
    approval_rules=[
        aws.ssm.PatchBaselineApprovalRuleArgs(
            approve_after_days=7,
            patch_filters=[
                aws.ssm.PatchBaselineApprovalRulePatchFilterArgs(
                    key="CLASSIFICATION",
                    values=[
                        "CriticalUpdates",
                        "SecurityUpdates",
                    ],
                ),
                aws.ssm.PatchBaselineApprovalRulePatchFilterArgs(
                    key="MSRC_SEVERITY",
                    values=[
                        "Critical",
                        "Important",
                    ],
                ),
            ],
        ),
        aws.ssm.PatchBaselineApprovalRuleArgs(
            approve_after_days=7,
            patch_filters=[
                aws.ssm.PatchBaselineApprovalRulePatchFilterArgs(
                    key="PATCH_SET",
                    values=["APPLICATION"],
                ),
                aws.ssm.PatchBaselineApprovalRulePatchFilterArgs(
                    key="PRODUCT",
                    values=[
                        "Office 2013",
                        "Office 2016",
                    ],
                ),
            ],
        ),
    ],
    description="Patch both Windows and Microsoft apps",
    operating_system="WINDOWS")
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const windowsOsApps = new aws.ssm.PatchBaseline("windowsOsApps", {
    approvalRules: [
        {
            approveAfterDays: 7,
            patchFilters: [
                {
                    key: "CLASSIFICATION",
                    values: [
                        "CriticalUpdates",
                        "SecurityUpdates",
                    ],
                },
                {
                    key: "MSRC_SEVERITY",
                    values: [
                        "Critical",
                        "Important",
                    ],
                },
            ],
        },
        {
            approveAfterDays: 7,
            patchFilters: [
                {
                    key: "PATCH_SET",
                    values: ["APPLICATION"],
                },
                {
                    key: "PRODUCT",
                    values: [
                        "Office 2013",
                        "Office 2016",
                    ],
                },
            ],
        },
    ],
    description: "Patch both Windows and Microsoft apps",
    operatingSystem: "WINDOWS",
});
resources:
  windowsOsApps:
    type: aws:ssm:PatchBaseline
    properties:
      approvalRules:
        - approveAfterDays: 7
          patchFilters:
            - key: CLASSIFICATION
              values:
                - CriticalUpdates
                - SecurityUpdates
            - key: MSRC_SEVERITY
              values:
                - Critical
                - Important
        - approveAfterDays: 7
          patchFilters:
            - key: PATCH_SET
              values:
                - APPLICATION
            - key: PRODUCT
              values:
                - Office 2013
                - Office 2016
      description: Patch both Windows and Microsoft apps
      operatingSystem: WINDOWS

Advanced usage, specifying alternate patch source repository

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var al201709 = new Aws.Ssm.PatchBaseline("al201709", new()
    {
        ApprovalRules = new[]
        {
            null,
        },
        Description = "My patch repository for Amazon Linux 2017.09",
        OperatingSystem = "AMAZON_LINUX",
        Sources = new[]
        {
            new Aws.Ssm.Inputs.PatchBaselineSourceArgs
            {
                Configuration = @"[amzn-main]
name=amzn-main-Base
mirrorlist=http://repo./$awsregion./$awsdomain//$releasever/main/mirror.list
mirrorlist_expire=300
metadata_expire=300
priority=10
failovermethod=priority
fastestmirror_enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-amazon-ga
enabled=1
retries=3
timeout=5
report_instanceid=yes

",
                Name = "My-AL2017.09",
                Products = new[]
                {
                    "AmazonLinux2017.09",
                },
            },
        },
    });

});
package main

import (
	"fmt"

	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ssm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ssm.NewPatchBaseline(ctx, "al201709", &ssm.PatchBaselineArgs{
			ApprovalRules: ssm.PatchBaselineApprovalRuleArray{
				nil,
			},
			Description:     pulumi.String("My patch repository for Amazon Linux 2017.09"),
			OperatingSystem: pulumi.String("AMAZON_LINUX"),
			Sources: ssm.PatchBaselineSourceArray{
				&ssm.PatchBaselineSourceArgs{
					Configuration: pulumi.String(fmt.Sprintf(`[amzn-main]
name=amzn-main-Base
mirrorlist=http://repo./$awsregion./$awsdomain//$releasever/main/mirror.list
mirrorlist_expire=300
metadata_expire=300
priority=10
failovermethod=priority
fastestmirror_enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-amazon-ga
enabled=1
retries=3
timeout=5
report_instanceid=yes

`)),
					Name: pulumi.String("My-AL2017.09"),
					Products: pulumi.StringArray{
						pulumi.String("AmazonLinux2017.09"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ssm.PatchBaseline;
import com.pulumi.aws.ssm.PatchBaselineArgs;
import com.pulumi.aws.ssm.inputs.PatchBaselineApprovalRuleArgs;
import com.pulumi.aws.ssm.inputs.PatchBaselineSourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var al201709 = new PatchBaseline("al201709", PatchBaselineArgs.builder()        
            .approvalRules()
            .description("My patch repository for Amazon Linux 2017.09")
            .operatingSystem("AMAZON_LINUX")
            .sources(PatchBaselineSourceArgs.builder()
                .configuration("""
[amzn-main]
name=amzn-main-Base
mirrorlist=http://repo./$awsregion./$awsdomain//$releasever/main/mirror.list
mirrorlist_expire=300
metadata_expire=300
priority=10
failovermethod=priority
fastestmirror_enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-amazon-ga
enabled=1
retries=3
timeout=5
report_instanceid=yes

                """)
                .name("My-AL2017.09")
                .products("AmazonLinux2017.09")
                .build())
            .build());

    }
}
import pulumi
import pulumi_aws as aws

al201709 = aws.ssm.PatchBaseline("al201709",
    approval_rules=[aws.ssm.PatchBaselineApprovalRuleArgs()],
    description="My patch repository for Amazon Linux 2017.09",
    operating_system="AMAZON_LINUX",
    sources=[aws.ssm.PatchBaselineSourceArgs(
        configuration="""[amzn-main]
name=amzn-main-Base
mirrorlist=http://repo./$awsregion./$awsdomain//$releasever/main/mirror.list
mirrorlist_expire=300
metadata_expire=300
priority=10
failovermethod=priority
fastestmirror_enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-amazon-ga
enabled=1
retries=3
timeout=5
report_instanceid=yes

""",
        name="My-AL2017.09",
        products=["AmazonLinux2017.09"],
    )])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const al201709 = new aws.ssm.PatchBaseline("al201709", {
    approvalRules: [{}],
    description: "My patch repository for Amazon Linux 2017.09",
    operatingSystem: "AMAZON_LINUX",
    sources: [{
        configuration: `[amzn-main]
name=amzn-main-Base
mirrorlist=http://repo./$awsregion./$awsdomain//$releasever/main/mirror.list
mirrorlist_expire=300
metadata_expire=300
priority=10
failovermethod=priority
fastestmirror_enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-amazon-ga
enabled=1
retries=3
timeout=5
report_instanceid=yes

`,
        name: "My-AL2017.09",
        products: ["AmazonLinux2017.09"],
    }],
});
resources:
  al201709:
    type: aws:ssm:PatchBaseline
    properties:
      approvalRules:
        - {}
      description: My patch repository for Amazon Linux 2017.09
      operatingSystem: AMAZON_LINUX
      sources:
        - configuration: |+
            [amzn-main]
            name=amzn-main-Base
            mirrorlist=http://repo./$awsregion./$awsdomain//$releasever/main/mirror.list
            mirrorlist_expire=300
            metadata_expire=300
            priority=10
            failovermethod=priority
            fastestmirror_enabled=0
            gpgcheck=1
            gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-amazon-ga
            enabled=1
            retries=3
            timeout=5
            report_instanceid=yes            

          name: My-AL2017.09
          products:
            - AmazonLinux2017.09

Create PatchBaseline Resource

new PatchBaseline(name: string, args?: PatchBaselineArgs, opts?: CustomResourceOptions);
@overload
def PatchBaseline(resource_name: str,
                  opts: Optional[ResourceOptions] = None,
                  approval_rules: Optional[Sequence[PatchBaselineApprovalRuleArgs]] = None,
                  approved_patches: Optional[Sequence[str]] = None,
                  approved_patches_compliance_level: Optional[str] = None,
                  approved_patches_enable_non_security: Optional[bool] = None,
                  description: Optional[str] = None,
                  global_filters: Optional[Sequence[PatchBaselineGlobalFilterArgs]] = None,
                  name: Optional[str] = None,
                  operating_system: Optional[str] = None,
                  rejected_patches: Optional[Sequence[str]] = None,
                  rejected_patches_action: Optional[str] = None,
                  sources: Optional[Sequence[PatchBaselineSourceArgs]] = None,
                  tags: Optional[Mapping[str, str]] = None)
@overload
def PatchBaseline(resource_name: str,
                  args: Optional[PatchBaselineArgs] = None,
                  opts: Optional[ResourceOptions] = None)
func NewPatchBaseline(ctx *Context, name string, args *PatchBaselineArgs, opts ...ResourceOption) (*PatchBaseline, error)
public PatchBaseline(string name, PatchBaselineArgs? args = null, CustomResourceOptions? opts = null)
public PatchBaseline(String name, PatchBaselineArgs args)
public PatchBaseline(String name, PatchBaselineArgs args, CustomResourceOptions options)
type: aws:ssm:PatchBaseline
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args PatchBaselineArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args PatchBaselineArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args PatchBaselineArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args PatchBaselineArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args PatchBaselineArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

PatchBaseline Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The PatchBaseline resource accepts the following input properties:

ApprovalRules List<Pulumi.Aws.Ssm.Inputs.PatchBaselineApprovalRuleArgs>

A set of rules used to include patches in the baseline. Up to 10 approval rules can be specified. See approval_rule below.

ApprovedPatches List<string>

A list of explicitly approved patches for the baseline. Cannot be specified with approval_rule.

ApprovedPatchesComplianceLevel string

The compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid values are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.

ApprovedPatchesEnableNonSecurity bool

Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. Applies to Linux instances only.

Description string

The description of the patch baseline.

GlobalFilters List<Pulumi.Aws.Ssm.Inputs.PatchBaselineGlobalFilterArgs>

A set of global filters used to exclude patches from the baseline. Up to 4 global filters can be specified using Key/Value pairs. Valid Keys are PRODUCT, CLASSIFICATION, MSRC_SEVERITY, and PATCH_ID.

Name string

The name of the patch baseline.

OperatingSystem string

The operating system the patch baseline applies to. Valid values are AMAZON_LINUX, AMAZON_LINUX_2, AMAZON_LINUX_2022, CENTOS, DEBIAN, MACOS, ORACLE_LINUX, RASPBIAN, REDHAT_ENTERPRISE_LINUX, ROCKY_LINUX, SUSE, UBUNTU, and WINDOWS. The default value is WINDOWS.

RejectedPatches List<string>

A list of rejected patches.

RejectedPatchesAction string

The action for Patch Manager to take on patches included in the rejected_patches list. Valid values are ALLOW_AS_DEPENDENCY and BLOCK.

Sources List<Pulumi.Aws.Ssm.Inputs.PatchBaselineSourceArgs>

Configuration block with alternate sources for patches. Applies to Linux instances only. See source below.

Tags Dictionary<string, string>

A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

ApprovalRules []PatchBaselineApprovalRuleArgs

A set of rules used to include patches in the baseline. Up to 10 approval rules can be specified. See approval_rule below.

ApprovedPatches []string

A list of explicitly approved patches for the baseline. Cannot be specified with approval_rule.

ApprovedPatchesComplianceLevel string

The compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid values are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.

ApprovedPatchesEnableNonSecurity bool

Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. Applies to Linux instances only.

Description string

The description of the patch baseline.

GlobalFilters []PatchBaselineGlobalFilterArgs

A set of global filters used to exclude patches from the baseline. Up to 4 global filters can be specified using Key/Value pairs. Valid Keys are PRODUCT, CLASSIFICATION, MSRC_SEVERITY, and PATCH_ID.

Name string

The name of the patch baseline.

OperatingSystem string

The operating system the patch baseline applies to. Valid values are AMAZON_LINUX, AMAZON_LINUX_2, AMAZON_LINUX_2022, CENTOS, DEBIAN, MACOS, ORACLE_LINUX, RASPBIAN, REDHAT_ENTERPRISE_LINUX, ROCKY_LINUX, SUSE, UBUNTU, and WINDOWS. The default value is WINDOWS.

RejectedPatches []string

A list of rejected patches.

RejectedPatchesAction string

The action for Patch Manager to take on patches included in the rejected_patches list. Valid values are ALLOW_AS_DEPENDENCY and BLOCK.

Sources []PatchBaselineSourceArgs

Configuration block with alternate sources for patches. Applies to Linux instances only. See source below.

Tags map[string]string

A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

approvalRules List<PatchBaselineApprovalRuleArgs>

A set of rules used to include patches in the baseline. Up to 10 approval rules can be specified. See approval_rule below.

approvedPatches List<String>

A list of explicitly approved patches for the baseline. Cannot be specified with approval_rule.

approvedPatchesComplianceLevel String

The compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid values are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.

approvedPatchesEnableNonSecurity Boolean

Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. Applies to Linux instances only.

description String

The description of the patch baseline.

globalFilters List<PatchBaselineGlobalFilterArgs>

A set of global filters used to exclude patches from the baseline. Up to 4 global filters can be specified using Key/Value pairs. Valid Keys are PRODUCT, CLASSIFICATION, MSRC_SEVERITY, and PATCH_ID.

name String

The name of the patch baseline.

operatingSystem String

The operating system the patch baseline applies to. Valid values are AMAZON_LINUX, AMAZON_LINUX_2, AMAZON_LINUX_2022, CENTOS, DEBIAN, MACOS, ORACLE_LINUX, RASPBIAN, REDHAT_ENTERPRISE_LINUX, ROCKY_LINUX, SUSE, UBUNTU, and WINDOWS. The default value is WINDOWS.

rejectedPatches List<String>

A list of rejected patches.

rejectedPatchesAction String

The action for Patch Manager to take on patches included in the rejected_patches list. Valid values are ALLOW_AS_DEPENDENCY and BLOCK.

sources List<PatchBaselineSourceArgs>

Configuration block with alternate sources for patches. Applies to Linux instances only. See source below.

tags Map<String,String>

A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

approvalRules PatchBaselineApprovalRuleArgs[]

A set of rules used to include patches in the baseline. Up to 10 approval rules can be specified. See approval_rule below.

approvedPatches string[]

A list of explicitly approved patches for the baseline. Cannot be specified with approval_rule.

approvedPatchesComplianceLevel string

The compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid values are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.

approvedPatchesEnableNonSecurity boolean

Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. Applies to Linux instances only.

description string

The description of the patch baseline.

globalFilters PatchBaselineGlobalFilterArgs[]

A set of global filters used to exclude patches from the baseline. Up to 4 global filters can be specified using Key/Value pairs. Valid Keys are PRODUCT, CLASSIFICATION, MSRC_SEVERITY, and PATCH_ID.

name string

The name of the patch baseline.

operatingSystem string

The operating system the patch baseline applies to. Valid values are AMAZON_LINUX, AMAZON_LINUX_2, AMAZON_LINUX_2022, CENTOS, DEBIAN, MACOS, ORACLE_LINUX, RASPBIAN, REDHAT_ENTERPRISE_LINUX, ROCKY_LINUX, SUSE, UBUNTU, and WINDOWS. The default value is WINDOWS.

rejectedPatches string[]

A list of rejected patches.

rejectedPatchesAction string

The action for Patch Manager to take on patches included in the rejected_patches list. Valid values are ALLOW_AS_DEPENDENCY and BLOCK.

sources PatchBaselineSourceArgs[]

Configuration block with alternate sources for patches. Applies to Linux instances only. See source below.

tags {[key: string]: string}

A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

approval_rules Sequence[PatchBaselineApprovalRuleArgs]

A set of rules used to include patches in the baseline. Up to 10 approval rules can be specified. See approval_rule below.

approved_patches Sequence[str]

A list of explicitly approved patches for the baseline. Cannot be specified with approval_rule.

approved_patches_compliance_level str

The compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid values are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.

approved_patches_enable_non_security bool

Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. Applies to Linux instances only.

description str

The description of the patch baseline.

global_filters Sequence[PatchBaselineGlobalFilterArgs]

A set of global filters used to exclude patches from the baseline. Up to 4 global filters can be specified using Key/Value pairs. Valid Keys are PRODUCT, CLASSIFICATION, MSRC_SEVERITY, and PATCH_ID.

name str

The name of the patch baseline.

operating_system str

The operating system the patch baseline applies to. Valid values are AMAZON_LINUX, AMAZON_LINUX_2, AMAZON_LINUX_2022, CENTOS, DEBIAN, MACOS, ORACLE_LINUX, RASPBIAN, REDHAT_ENTERPRISE_LINUX, ROCKY_LINUX, SUSE, UBUNTU, and WINDOWS. The default value is WINDOWS.

rejected_patches Sequence[str]

A list of rejected patches.

rejected_patches_action str

The action for Patch Manager to take on patches included in the rejected_patches list. Valid values are ALLOW_AS_DEPENDENCY and BLOCK.

sources Sequence[PatchBaselineSourceArgs]

Configuration block with alternate sources for patches. Applies to Linux instances only. See source below.

tags Mapping[str, str]

A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

approvalRules List<Property Map>

A set of rules used to include patches in the baseline. Up to 10 approval rules can be specified. See approval_rule below.

approvedPatches List<String>

A list of explicitly approved patches for the baseline. Cannot be specified with approval_rule.

approvedPatchesComplianceLevel String

The compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid values are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.

approvedPatchesEnableNonSecurity Boolean

Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. Applies to Linux instances only.

description String

The description of the patch baseline.

globalFilters List<Property Map>

A set of global filters used to exclude patches from the baseline. Up to 4 global filters can be specified using Key/Value pairs. Valid Keys are PRODUCT, CLASSIFICATION, MSRC_SEVERITY, and PATCH_ID.

name String

The name of the patch baseline.

operatingSystem String

The operating system the patch baseline applies to. Valid values are AMAZON_LINUX, AMAZON_LINUX_2, AMAZON_LINUX_2022, CENTOS, DEBIAN, MACOS, ORACLE_LINUX, RASPBIAN, REDHAT_ENTERPRISE_LINUX, ROCKY_LINUX, SUSE, UBUNTU, and WINDOWS. The default value is WINDOWS.

rejectedPatches List<String>

A list of rejected patches.

rejectedPatchesAction String

The action for Patch Manager to take on patches included in the rejected_patches list. Valid values are ALLOW_AS_DEPENDENCY and BLOCK.

sources List<Property Map>

Configuration block with alternate sources for patches. Applies to Linux instances only. See source below.

tags Map<String>

A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Outputs

All input properties are implicitly available as output properties. Additionally, the PatchBaseline resource produces the following output properties:

Arn string

The ARN of the patch baseline.

Id string

The provider-assigned unique ID for this managed resource.

TagsAll Dictionary<string, string>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Arn string

The ARN of the patch baseline.

Id string

The provider-assigned unique ID for this managed resource.

TagsAll map[string]string

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn String

The ARN of the patch baseline.

id String

The provider-assigned unique ID for this managed resource.

tagsAll Map<String,String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn string

The ARN of the patch baseline.

id string

The provider-assigned unique ID for this managed resource.

tagsAll {[key: string]: string}

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn str

The ARN of the patch baseline.

id str

The provider-assigned unique ID for this managed resource.

tags_all Mapping[str, str]

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn String

The ARN of the patch baseline.

id String

The provider-assigned unique ID for this managed resource.

tagsAll Map<String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Look up Existing PatchBaseline Resource

Get an existing PatchBaseline resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: PatchBaselineState, opts?: CustomResourceOptions): PatchBaseline
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        approval_rules: Optional[Sequence[PatchBaselineApprovalRuleArgs]] = None,
        approved_patches: Optional[Sequence[str]] = None,
        approved_patches_compliance_level: Optional[str] = None,
        approved_patches_enable_non_security: Optional[bool] = None,
        arn: Optional[str] = None,
        description: Optional[str] = None,
        global_filters: Optional[Sequence[PatchBaselineGlobalFilterArgs]] = None,
        name: Optional[str] = None,
        operating_system: Optional[str] = None,
        rejected_patches: Optional[Sequence[str]] = None,
        rejected_patches_action: Optional[str] = None,
        sources: Optional[Sequence[PatchBaselineSourceArgs]] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None) -> PatchBaseline
func GetPatchBaseline(ctx *Context, name string, id IDInput, state *PatchBaselineState, opts ...ResourceOption) (*PatchBaseline, error)
public static PatchBaseline Get(string name, Input<string> id, PatchBaselineState? state, CustomResourceOptions? opts = null)
public static PatchBaseline get(String name, Output<String> id, PatchBaselineState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
ApprovalRules List<Pulumi.Aws.Ssm.Inputs.PatchBaselineApprovalRuleArgs>

A set of rules used to include patches in the baseline. Up to 10 approval rules can be specified. See approval_rule below.

ApprovedPatches List<string>

A list of explicitly approved patches for the baseline. Cannot be specified with approval_rule.

ApprovedPatchesComplianceLevel string

The compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid values are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.

ApprovedPatchesEnableNonSecurity bool

Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. Applies to Linux instances only.

Arn string

The ARN of the patch baseline.

Description string

The description of the patch baseline.

GlobalFilters List<Pulumi.Aws.Ssm.Inputs.PatchBaselineGlobalFilterArgs>

A set of global filters used to exclude patches from the baseline. Up to 4 global filters can be specified using Key/Value pairs. Valid Keys are PRODUCT, CLASSIFICATION, MSRC_SEVERITY, and PATCH_ID.

Name string

The name of the patch baseline.

OperatingSystem string

The operating system the patch baseline applies to. Valid values are AMAZON_LINUX, AMAZON_LINUX_2, AMAZON_LINUX_2022, CENTOS, DEBIAN, MACOS, ORACLE_LINUX, RASPBIAN, REDHAT_ENTERPRISE_LINUX, ROCKY_LINUX, SUSE, UBUNTU, and WINDOWS. The default value is WINDOWS.

RejectedPatches List<string>

A list of rejected patches.

RejectedPatchesAction string

The action for Patch Manager to take on patches included in the rejected_patches list. Valid values are ALLOW_AS_DEPENDENCY and BLOCK.

Sources List<Pulumi.Aws.Ssm.Inputs.PatchBaselineSourceArgs>

Configuration block with alternate sources for patches. Applies to Linux instances only. See source below.

Tags Dictionary<string, string>

A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll Dictionary<string, string>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

ApprovalRules []PatchBaselineApprovalRuleArgs

A set of rules used to include patches in the baseline. Up to 10 approval rules can be specified. See approval_rule below.

ApprovedPatches []string

A list of explicitly approved patches for the baseline. Cannot be specified with approval_rule.

ApprovedPatchesComplianceLevel string

The compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid values are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.

ApprovedPatchesEnableNonSecurity bool

Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. Applies to Linux instances only.

Arn string

The ARN of the patch baseline.

Description string

The description of the patch baseline.

GlobalFilters []PatchBaselineGlobalFilterArgs

A set of global filters used to exclude patches from the baseline. Up to 4 global filters can be specified using Key/Value pairs. Valid Keys are PRODUCT, CLASSIFICATION, MSRC_SEVERITY, and PATCH_ID.

Name string

The name of the patch baseline.

OperatingSystem string

The operating system the patch baseline applies to. Valid values are AMAZON_LINUX, AMAZON_LINUX_2, AMAZON_LINUX_2022, CENTOS, DEBIAN, MACOS, ORACLE_LINUX, RASPBIAN, REDHAT_ENTERPRISE_LINUX, ROCKY_LINUX, SUSE, UBUNTU, and WINDOWS. The default value is WINDOWS.

RejectedPatches []string

A list of rejected patches.

RejectedPatchesAction string

The action for Patch Manager to take on patches included in the rejected_patches list. Valid values are ALLOW_AS_DEPENDENCY and BLOCK.

Sources []PatchBaselineSourceArgs

Configuration block with alternate sources for patches. Applies to Linux instances only. See source below.

Tags map[string]string

A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll map[string]string

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

approvalRules List<PatchBaselineApprovalRuleArgs>

A set of rules used to include patches in the baseline. Up to 10 approval rules can be specified. See approval_rule below.

approvedPatches List<String>

A list of explicitly approved patches for the baseline. Cannot be specified with approval_rule.

approvedPatchesComplianceLevel String

The compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid values are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.

approvedPatchesEnableNonSecurity Boolean

Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. Applies to Linux instances only.

arn String

The ARN of the patch baseline.

description String

The description of the patch baseline.

globalFilters List<PatchBaselineGlobalFilterArgs>

A set of global filters used to exclude patches from the baseline. Up to 4 global filters can be specified using Key/Value pairs. Valid Keys are PRODUCT, CLASSIFICATION, MSRC_SEVERITY, and PATCH_ID.

name String

The name of the patch baseline.

operatingSystem String

The operating system the patch baseline applies to. Valid values are AMAZON_LINUX, AMAZON_LINUX_2, AMAZON_LINUX_2022, CENTOS, DEBIAN, MACOS, ORACLE_LINUX, RASPBIAN, REDHAT_ENTERPRISE_LINUX, ROCKY_LINUX, SUSE, UBUNTU, and WINDOWS. The default value is WINDOWS.

rejectedPatches List<String>

A list of rejected patches.

rejectedPatchesAction String

The action for Patch Manager to take on patches included in the rejected_patches list. Valid values are ALLOW_AS_DEPENDENCY and BLOCK.

sources List<PatchBaselineSourceArgs>

Configuration block with alternate sources for patches. Applies to Linux instances only. See source below.

tags Map<String,String>

A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String,String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

approvalRules PatchBaselineApprovalRuleArgs[]

A set of rules used to include patches in the baseline. Up to 10 approval rules can be specified. See approval_rule below.

approvedPatches string[]

A list of explicitly approved patches for the baseline. Cannot be specified with approval_rule.

approvedPatchesComplianceLevel string

The compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid values are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.

approvedPatchesEnableNonSecurity boolean

Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. Applies to Linux instances only.

arn string

The ARN of the patch baseline.

description string

The description of the patch baseline.

globalFilters PatchBaselineGlobalFilterArgs[]

A set of global filters used to exclude patches from the baseline. Up to 4 global filters can be specified using Key/Value pairs. Valid Keys are PRODUCT, CLASSIFICATION, MSRC_SEVERITY, and PATCH_ID.

name string

The name of the patch baseline.

operatingSystem string

The operating system the patch baseline applies to. Valid values are AMAZON_LINUX, AMAZON_LINUX_2, AMAZON_LINUX_2022, CENTOS, DEBIAN, MACOS, ORACLE_LINUX, RASPBIAN, REDHAT_ENTERPRISE_LINUX, ROCKY_LINUX, SUSE, UBUNTU, and WINDOWS. The default value is WINDOWS.

rejectedPatches string[]

A list of rejected patches.

rejectedPatchesAction string

The action for Patch Manager to take on patches included in the rejected_patches list. Valid values are ALLOW_AS_DEPENDENCY and BLOCK.

sources PatchBaselineSourceArgs[]

Configuration block with alternate sources for patches. Applies to Linux instances only. See source below.

tags {[key: string]: string}

A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll {[key: string]: string}

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

approval_rules Sequence[PatchBaselineApprovalRuleArgs]

A set of rules used to include patches in the baseline. Up to 10 approval rules can be specified. See approval_rule below.

approved_patches Sequence[str]

A list of explicitly approved patches for the baseline. Cannot be specified with approval_rule.

approved_patches_compliance_level str

The compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid values are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.

approved_patches_enable_non_security bool

Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. Applies to Linux instances only.

arn str

The ARN of the patch baseline.

description str

The description of the patch baseline.

global_filters Sequence[PatchBaselineGlobalFilterArgs]

A set of global filters used to exclude patches from the baseline. Up to 4 global filters can be specified using Key/Value pairs. Valid Keys are PRODUCT, CLASSIFICATION, MSRC_SEVERITY, and PATCH_ID.

name str

The name of the patch baseline.

operating_system str

The operating system the patch baseline applies to. Valid values are AMAZON_LINUX, AMAZON_LINUX_2, AMAZON_LINUX_2022, CENTOS, DEBIAN, MACOS, ORACLE_LINUX, RASPBIAN, REDHAT_ENTERPRISE_LINUX, ROCKY_LINUX, SUSE, UBUNTU, and WINDOWS. The default value is WINDOWS.

rejected_patches Sequence[str]

A list of rejected patches.

rejected_patches_action str

The action for Patch Manager to take on patches included in the rejected_patches list. Valid values are ALLOW_AS_DEPENDENCY and BLOCK.

sources Sequence[PatchBaselineSourceArgs]

Configuration block with alternate sources for patches. Applies to Linux instances only. See source below.

tags Mapping[str, str]

A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tags_all Mapping[str, str]

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

approvalRules List<Property Map>

A set of rules used to include patches in the baseline. Up to 10 approval rules can be specified. See approval_rule below.

approvedPatches List<String>

A list of explicitly approved patches for the baseline. Cannot be specified with approval_rule.

approvedPatchesComplianceLevel String

The compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid values are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.

approvedPatchesEnableNonSecurity Boolean

Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. Applies to Linux instances only.

arn String

The ARN of the patch baseline.

description String

The description of the patch baseline.

globalFilters List<Property Map>

A set of global filters used to exclude patches from the baseline. Up to 4 global filters can be specified using Key/Value pairs. Valid Keys are PRODUCT, CLASSIFICATION, MSRC_SEVERITY, and PATCH_ID.

name String

The name of the patch baseline.

operatingSystem String

The operating system the patch baseline applies to. Valid values are AMAZON_LINUX, AMAZON_LINUX_2, AMAZON_LINUX_2022, CENTOS, DEBIAN, MACOS, ORACLE_LINUX, RASPBIAN, REDHAT_ENTERPRISE_LINUX, ROCKY_LINUX, SUSE, UBUNTU, and WINDOWS. The default value is WINDOWS.

rejectedPatches List<String>

A list of rejected patches.

rejectedPatchesAction String

The action for Patch Manager to take on patches included in the rejected_patches list. Valid values are ALLOW_AS_DEPENDENCY and BLOCK.

sources List<Property Map>

Configuration block with alternate sources for patches. Applies to Linux instances only. See source below.

tags Map<String>

A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Supporting Types

PatchBaselineApprovalRule

PatchFilters List<Pulumi.Aws.Ssm.Inputs.PatchBaselineApprovalRulePatchFilter>

The patch filter group that defines the criteria for the rule. Up to 5 patch filters can be specified per approval rule using Key/Value pairs. Valid combinations of these Keys and the operating_system value can be found in the SSM DescribePatchProperties API Reference. Valid Values are exact values for the patch property given as the key, or a wildcard *, which matches all values.

ApproveAfterDays int

The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline. Valid Range: 0 to 100. Conflicts with approve_until_date.

ApproveUntilDate string

The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as YYYY-MM-DD. Conflicts with approve_after_days

ComplianceLevel string

The compliance level for patches approved by this rule. Valid values are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, and UNSPECIFIED. The default value is UNSPECIFIED.

EnableNonSecurity bool

Boolean enabling the application of non-security updates. The default value is false. Valid for Linux instances only.

PatchFilters []PatchBaselineApprovalRulePatchFilter

The patch filter group that defines the criteria for the rule. Up to 5 patch filters can be specified per approval rule using Key/Value pairs. Valid combinations of these Keys and the operating_system value can be found in the SSM DescribePatchProperties API Reference. Valid Values are exact values for the patch property given as the key, or a wildcard *, which matches all values.

ApproveAfterDays int

The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline. Valid Range: 0 to 100. Conflicts with approve_until_date.

ApproveUntilDate string

The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as YYYY-MM-DD. Conflicts with approve_after_days

ComplianceLevel string

The compliance level for patches approved by this rule. Valid values are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, and UNSPECIFIED. The default value is UNSPECIFIED.

EnableNonSecurity bool

Boolean enabling the application of non-security updates. The default value is false. Valid for Linux instances only.

patchFilters List<PatchBaselineApprovalRulePatchFilter>

The patch filter group that defines the criteria for the rule. Up to 5 patch filters can be specified per approval rule using Key/Value pairs. Valid combinations of these Keys and the operating_system value can be found in the SSM DescribePatchProperties API Reference. Valid Values are exact values for the patch property given as the key, or a wildcard *, which matches all values.

approveAfterDays Integer

The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline. Valid Range: 0 to 100. Conflicts with approve_until_date.

approveUntilDate String

The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as YYYY-MM-DD. Conflicts with approve_after_days

complianceLevel String

The compliance level for patches approved by this rule. Valid values are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, and UNSPECIFIED. The default value is UNSPECIFIED.

enableNonSecurity Boolean

Boolean enabling the application of non-security updates. The default value is false. Valid for Linux instances only.

patchFilters PatchBaselineApprovalRulePatchFilter[]

The patch filter group that defines the criteria for the rule. Up to 5 patch filters can be specified per approval rule using Key/Value pairs. Valid combinations of these Keys and the operating_system value can be found in the SSM DescribePatchProperties API Reference. Valid Values are exact values for the patch property given as the key, or a wildcard *, which matches all values.

approveAfterDays number

The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline. Valid Range: 0 to 100. Conflicts with approve_until_date.

approveUntilDate string

The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as YYYY-MM-DD. Conflicts with approve_after_days

complianceLevel string

The compliance level for patches approved by this rule. Valid values are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, and UNSPECIFIED. The default value is UNSPECIFIED.

enableNonSecurity boolean

Boolean enabling the application of non-security updates. The default value is false. Valid for Linux instances only.

patch_filters Sequence[PatchBaselineApprovalRulePatchFilter]

The patch filter group that defines the criteria for the rule. Up to 5 patch filters can be specified per approval rule using Key/Value pairs. Valid combinations of these Keys and the operating_system value can be found in the SSM DescribePatchProperties API Reference. Valid Values are exact values for the patch property given as the key, or a wildcard *, which matches all values.

approve_after_days int

The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline. Valid Range: 0 to 100. Conflicts with approve_until_date.

approve_until_date str

The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as YYYY-MM-DD. Conflicts with approve_after_days

compliance_level str

The compliance level for patches approved by this rule. Valid values are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, and UNSPECIFIED. The default value is UNSPECIFIED.

enable_non_security bool

Boolean enabling the application of non-security updates. The default value is false. Valid for Linux instances only.

patchFilters List<Property Map>

The patch filter group that defines the criteria for the rule. Up to 5 patch filters can be specified per approval rule using Key/Value pairs. Valid combinations of these Keys and the operating_system value can be found in the SSM DescribePatchProperties API Reference. Valid Values are exact values for the patch property given as the key, or a wildcard *, which matches all values.

approveAfterDays Number

The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline. Valid Range: 0 to 100. Conflicts with approve_until_date.

approveUntilDate String

The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as YYYY-MM-DD. Conflicts with approve_after_days

complianceLevel String

The compliance level for patches approved by this rule. Valid values are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, and UNSPECIFIED. The default value is UNSPECIFIED.

enableNonSecurity Boolean

Boolean enabling the application of non-security updates. The default value is false. Valid for Linux instances only.

PatchBaselineApprovalRulePatchFilter

Key string
Values List<string>
Key string
Values []string
key String
values List<String>
key string
values string[]
key str
values Sequence[str]
key String
values List<String>

PatchBaselineGlobalFilter

Key string
Values List<string>
Key string
Values []string
key String
values List<String>
key string
values string[]
key str
values Sequence[str]
key String
values List<String>

PatchBaselineSource

Configuration string

The value of the yum repo configuration. For information about other options available for your yum repository configuration, see the dnf.conf documentation

Name string

The name specified to identify the patch source.

Products List<string>

The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "AmazonLinux2016.09", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter.

Configuration string

The value of the yum repo configuration. For information about other options available for your yum repository configuration, see the dnf.conf documentation

Name string

The name specified to identify the patch source.

Products []string

The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "AmazonLinux2016.09", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter.

configuration String

The value of the yum repo configuration. For information about other options available for your yum repository configuration, see the dnf.conf documentation

name String

The name specified to identify the patch source.

products List<String>

The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "AmazonLinux2016.09", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter.

configuration string

The value of the yum repo configuration. For information about other options available for your yum repository configuration, see the dnf.conf documentation

name string

The name specified to identify the patch source.

products string[]

The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "AmazonLinux2016.09", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter.

configuration str

The value of the yum repo configuration. For information about other options available for your yum repository configuration, see the dnf.conf documentation

name str

The name specified to identify the patch source.

products Sequence[str]

The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "AmazonLinux2016.09", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter.

configuration String

The value of the yum repo configuration. For information about other options available for your yum repository configuration, see the dnf.conf documentation

name String

The name specified to identify the patch source.

products List<String>

The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "AmazonLinux2016.09", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter.

Import

SSM Patch Baselines can be imported by their baseline ID, e.g.,

 $ pulumi import aws:ssm/patchBaseline:PatchBaseline example pb-12345678

Package Details

Repository
AWS Classic pulumi/pulumi-aws
License
Apache-2.0
Notes

This Pulumi package is based on the aws Terraform Provider.