Viewing docs for AWS v5.43.0 (Older version)
published on Tuesday, Mar 10, 2026 by Pulumi
published on Tuesday, Mar 10, 2026 by Pulumi
Viewing docs for AWS v5.43.0 (Older version)
published on Tuesday, Mar 10, 2026 by Pulumi
published on Tuesday, Mar 10, 2026 by Pulumi
Provides an SSM Patch Baseline data source. Useful if you wish to reuse the default baselines provided.
Example Usage
To retrieve a baseline provided by AWS
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var centos = Aws.Ssm.GetPatchBaseline.Invoke(new()
{
NamePrefix = "AWS-",
OperatingSystem = "CENTOS",
Owner = "AWS",
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ssm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ssm.LookupPatchBaseline(ctx, &ssm.LookupPatchBaselineArgs{
NamePrefix: pulumi.StringRef("AWS-"),
OperatingSystem: pulumi.StringRef("CENTOS"),
Owner: "AWS",
}, nil)
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ssm.SsmFunctions;
import com.pulumi.aws.ssm.inputs.GetPatchBaselineArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var centos = SsmFunctions.getPatchBaseline(GetPatchBaselineArgs.builder()
.namePrefix("AWS-")
.operatingSystem("CENTOS")
.owner("AWS")
.build());
}
}
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const centos = aws.ssm.getPatchBaseline({
namePrefix: "AWS-",
operatingSystem: "CENTOS",
owner: "AWS",
});
import pulumi
import pulumi_aws as aws
centos = aws.ssm.get_patch_baseline(name_prefix="AWS-",
operating_system="CENTOS",
owner="AWS")
variables:
centos:
fn::invoke:
Function: aws:ssm:getPatchBaseline
Arguments:
namePrefix: AWS-
operatingSystem: CENTOS
owner: AWS
To retrieve a baseline on your account
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var defaultCustom = Aws.Ssm.GetPatchBaseline.Invoke(new()
{
DefaultBaseline = true,
NamePrefix = "MyCustomBaseline",
OperatingSystem = "WINDOWS",
Owner = "Self",
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ssm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ssm.LookupPatchBaseline(ctx, &ssm.LookupPatchBaselineArgs{
DefaultBaseline: pulumi.BoolRef(true),
NamePrefix: pulumi.StringRef("MyCustomBaseline"),
OperatingSystem: pulumi.StringRef("WINDOWS"),
Owner: "Self",
}, nil)
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ssm.SsmFunctions;
import com.pulumi.aws.ssm.inputs.GetPatchBaselineArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var defaultCustom = SsmFunctions.getPatchBaseline(GetPatchBaselineArgs.builder()
.defaultBaseline(true)
.namePrefix("MyCustomBaseline")
.operatingSystem("WINDOWS")
.owner("Self")
.build());
}
}
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const defaultCustom = aws.ssm.getPatchBaseline({
defaultBaseline: true,
namePrefix: "MyCustomBaseline",
operatingSystem: "WINDOWS",
owner: "Self",
});
import pulumi
import pulumi_aws as aws
default_custom = aws.ssm.get_patch_baseline(default_baseline=True,
name_prefix="MyCustomBaseline",
operating_system="WINDOWS",
owner="Self")
variables:
defaultCustom:
fn::invoke:
Function: aws:ssm:getPatchBaseline
Arguments:
defaultBaseline: true
namePrefix: MyCustomBaseline
operatingSystem: WINDOWS
owner: Self
Using getPatchBaseline
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getPatchBaseline(args: GetPatchBaselineArgs, opts?: InvokeOptions): Promise<GetPatchBaselineResult>
function getPatchBaselineOutput(args: GetPatchBaselineOutputArgs, opts?: InvokeOptions): Output<GetPatchBaselineResult>def get_patch_baseline(default_baseline: Optional[bool] = None,
name_prefix: Optional[str] = None,
operating_system: Optional[str] = None,
owner: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetPatchBaselineResult
def get_patch_baseline_output(default_baseline: Optional[pulumi.Input[bool]] = None,
name_prefix: Optional[pulumi.Input[str]] = None,
operating_system: Optional[pulumi.Input[str]] = None,
owner: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetPatchBaselineResult]func LookupPatchBaseline(ctx *Context, args *LookupPatchBaselineArgs, opts ...InvokeOption) (*LookupPatchBaselineResult, error)
func LookupPatchBaselineOutput(ctx *Context, args *LookupPatchBaselineOutputArgs, opts ...InvokeOption) LookupPatchBaselineResultOutput> Note: This function is named LookupPatchBaseline in the Go SDK.
public static class GetPatchBaseline
{
public static Task<GetPatchBaselineResult> InvokeAsync(GetPatchBaselineArgs args, InvokeOptions? opts = null)
public static Output<GetPatchBaselineResult> Invoke(GetPatchBaselineInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetPatchBaselineResult> getPatchBaseline(GetPatchBaselineArgs args, InvokeOptions options)
public static Output<GetPatchBaselineResult> getPatchBaseline(GetPatchBaselineArgs args, InvokeOptions options)
fn::invoke:
function: aws:ssm/getPatchBaseline:getPatchBaseline
arguments:
# arguments dictionaryThe following arguments are supported:
- Owner string
- Owner of the baseline. Valid values:
All,AWS,Self(the current account). - Default
Baseline bool - Filters the results against the baselines default_baseline field.
- Name
Prefix string - Filter results by the baseline name prefix.
- Operating
System string - Specified OS for the baseline. Valid values:
AMAZON_LINUX,AMAZON_LINUX_2,UBUNTU,REDHAT_ENTERPRISE_LINUX,SUSE,CENTOS,ORACLE_LINUX,DEBIAN,MACOS,RASPBIANandROCKY_LINUX.
- Owner string
- Owner of the baseline. Valid values:
All,AWS,Self(the current account). - Default
Baseline bool - Filters the results against the baselines default_baseline field.
- Name
Prefix string - Filter results by the baseline name prefix.
- Operating
System string - Specified OS for the baseline. Valid values:
AMAZON_LINUX,AMAZON_LINUX_2,UBUNTU,REDHAT_ENTERPRISE_LINUX,SUSE,CENTOS,ORACLE_LINUX,DEBIAN,MACOS,RASPBIANandROCKY_LINUX.
- owner String
- Owner of the baseline. Valid values:
All,AWS,Self(the current account). - default
Baseline Boolean - Filters the results against the baselines default_baseline field.
- name
Prefix String - Filter results by the baseline name prefix.
- operating
System String - Specified OS for the baseline. Valid values:
AMAZON_LINUX,AMAZON_LINUX_2,UBUNTU,REDHAT_ENTERPRISE_LINUX,SUSE,CENTOS,ORACLE_LINUX,DEBIAN,MACOS,RASPBIANandROCKY_LINUX.
- owner string
- Owner of the baseline. Valid values:
All,AWS,Self(the current account). - default
Baseline boolean - Filters the results against the baselines default_baseline field.
- name
Prefix string - Filter results by the baseline name prefix.
- operating
System string - Specified OS for the baseline. Valid values:
AMAZON_LINUX,AMAZON_LINUX_2,UBUNTU,REDHAT_ENTERPRISE_LINUX,SUSE,CENTOS,ORACLE_LINUX,DEBIAN,MACOS,RASPBIANandROCKY_LINUX.
- owner str
- Owner of the baseline. Valid values:
All,AWS,Self(the current account). - default_
baseline bool - Filters the results against the baselines default_baseline field.
- name_
prefix str - Filter results by the baseline name prefix.
- operating_
system str - Specified OS for the baseline. Valid values:
AMAZON_LINUX,AMAZON_LINUX_2,UBUNTU,REDHAT_ENTERPRISE_LINUX,SUSE,CENTOS,ORACLE_LINUX,DEBIAN,MACOS,RASPBIANandROCKY_LINUX.
- owner String
- Owner of the baseline. Valid values:
All,AWS,Self(the current account). - default
Baseline Boolean - Filters the results against the baselines default_baseline field.
- name
Prefix String - Filter results by the baseline name prefix.
- operating
System String - Specified OS for the baseline. Valid values:
AMAZON_LINUX,AMAZON_LINUX_2,UBUNTU,REDHAT_ENTERPRISE_LINUX,SUSE,CENTOS,ORACLE_LINUX,DEBIAN,MACOS,RASPBIANandROCKY_LINUX.
getPatchBaseline Result
The following output properties are available:
- Approval
Rules List<GetPatch Baseline Approval Rule> - List of rules used to include patches in the baseline.
- Approved
Patches List<string> - List of explicitly approved patches for the baseline.
- Approved
Patches stringCompliance Level - The compliance level for approved patches.
- Approved
Patches boolEnable Non Security - Indicates whether the list of approved patches includes non-security updates that should be applied to the instances.
- Description string
- Description of the baseline.
- Global
Filters List<GetPatch Baseline Global Filter> - Set of global filters used to exclude patches from the baseline.
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- The name specified to identify the patch source.
- Owner string
- Rejected
Patches List<string> - List of rejected patches.
- Rejected
Patches stringAction - The action specified to take on patches included in the
rejected_patcheslist. - Sources
List<Get
Patch Baseline Source> - Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
- Default
Baseline bool - Name
Prefix string - Operating
System string
- Approval
Rules []GetPatch Baseline Approval Rule - List of rules used to include patches in the baseline.
- Approved
Patches []string - List of explicitly approved patches for the baseline.
- Approved
Patches stringCompliance Level - The compliance level for approved patches.
- Approved
Patches boolEnable Non Security - Indicates whether the list of approved patches includes non-security updates that should be applied to the instances.
- Description string
- Description of the baseline.
- Global
Filters []GetPatch Baseline Global Filter - Set of global filters used to exclude patches from the baseline.
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- The name specified to identify the patch source.
- Owner string
- Rejected
Patches []string - List of rejected patches.
- Rejected
Patches stringAction - The action specified to take on patches included in the
rejected_patcheslist. - Sources
[]Get
Patch Baseline Source - Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
- Default
Baseline bool - Name
Prefix string - Operating
System string
- approval
Rules List<GetPatch Baseline Approval Rule> - List of rules used to include patches in the baseline.
- approved
Patches List<String> - List of explicitly approved patches for the baseline.
- approved
Patches StringCompliance Level - The compliance level for approved patches.
- approved
Patches BooleanEnable Non Security - Indicates whether the list of approved patches includes non-security updates that should be applied to the instances.
- description String
- Description of the baseline.
- global
Filters List<GetPatch Baseline Global Filter> - Set of global filters used to exclude patches from the baseline.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- The name specified to identify the patch source.
- owner String
- rejected
Patches List<String> - List of rejected patches.
- rejected
Patches StringAction - The action specified to take on patches included in the
rejected_patcheslist. - sources
List<Get
Patch Baseline Source> - Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
- default
Baseline Boolean - name
Prefix String - operating
System String
- approval
Rules GetPatch Baseline Approval Rule[] - List of rules used to include patches in the baseline.
- approved
Patches string[] - List of explicitly approved patches for the baseline.
- approved
Patches stringCompliance Level - The compliance level for approved patches.
- approved
Patches booleanEnable Non Security - Indicates whether the list of approved patches includes non-security updates that should be applied to the instances.
- description string
- Description of the baseline.
- global
Filters GetPatch Baseline Global Filter[] - Set of global filters used to exclude patches from the baseline.
- id string
- The provider-assigned unique ID for this managed resource.
- name string
- The name specified to identify the patch source.
- owner string
- rejected
Patches string[] - List of rejected patches.
- rejected
Patches stringAction - The action specified to take on patches included in the
rejected_patcheslist. - sources
Get
Patch Baseline Source[] - Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
- default
Baseline boolean - name
Prefix string - operating
System string
- approval_
rules Sequence[GetPatch Baseline Approval Rule] - List of rules used to include patches in the baseline.
- approved_
patches Sequence[str] - List of explicitly approved patches for the baseline.
- approved_
patches_ strcompliance_ level - The compliance level for approved patches.
- approved_
patches_ boolenable_ non_ security - Indicates whether the list of approved patches includes non-security updates that should be applied to the instances.
- description str
- Description of the baseline.
- global_
filters Sequence[GetPatch Baseline Global Filter] - Set of global filters used to exclude patches from the baseline.
- id str
- The provider-assigned unique ID for this managed resource.
- name str
- The name specified to identify the patch source.
- owner str
- rejected_
patches Sequence[str] - List of rejected patches.
- rejected_
patches_ straction - The action specified to take on patches included in the
rejected_patcheslist. - sources
Sequence[Get
Patch Baseline Source] - Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
- default_
baseline bool - name_
prefix str - operating_
system str
- approval
Rules List<Property Map> - List of rules used to include patches in the baseline.
- approved
Patches List<String> - List of explicitly approved patches for the baseline.
- approved
Patches StringCompliance Level - The compliance level for approved patches.
- approved
Patches BooleanEnable Non Security - Indicates whether the list of approved patches includes non-security updates that should be applied to the instances.
- description String
- Description of the baseline.
- global
Filters List<Property Map> - Set of global filters used to exclude patches from the baseline.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- The name specified to identify the patch source.
- owner String
- rejected
Patches List<String> - List of rejected patches.
- rejected
Patches StringAction - The action specified to take on patches included in the
rejected_patcheslist. - sources List<Property Map>
- Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
- default
Baseline Boolean - name
Prefix String - operating
System String
Supporting Types
GetPatchBaselineApprovalRule
- Approve
After intDays - The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline.
- Approve
Until stringDate - The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as
YYYY-MM-DD. Conflicts withapprove_after_days - Compliance
Level string - The compliance level for patches approved by this rule.
- Enable
Non boolSecurity - Boolean enabling the application of non-security updates.
- Patch
Filters List<GetPatch Baseline Approval Rule Patch Filter> - The patch filter group that defines the criteria for the rule.
- Approve
After intDays - The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline.
- Approve
Until stringDate - The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as
YYYY-MM-DD. Conflicts withapprove_after_days - Compliance
Level string - The compliance level for patches approved by this rule.
- Enable
Non boolSecurity - Boolean enabling the application of non-security updates.
- Patch
Filters []GetPatch Baseline Approval Rule Patch Filter - The patch filter group that defines the criteria for the rule.
- approve
After IntegerDays - The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline.
- approve
Until StringDate - The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as
YYYY-MM-DD. Conflicts withapprove_after_days - compliance
Level String - The compliance level for patches approved by this rule.
- enable
Non BooleanSecurity - Boolean enabling the application of non-security updates.
- patch
Filters List<GetPatch Baseline Approval Rule Patch Filter> - The patch filter group that defines the criteria for the rule.
- approve
After numberDays - The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline.
- approve
Until stringDate - The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as
YYYY-MM-DD. Conflicts withapprove_after_days - compliance
Level string - The compliance level for patches approved by this rule.
- enable
Non booleanSecurity - Boolean enabling the application of non-security updates.
- patch
Filters GetPatch Baseline Approval Rule Patch Filter[] - The patch filter group that defines the criteria for the rule.
- approve_
after_ intdays - The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline.
- approve_
until_ strdate - The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as
YYYY-MM-DD. Conflicts withapprove_after_days - compliance_
level str - The compliance level for patches approved by this rule.
- enable_
non_ boolsecurity - Boolean enabling the application of non-security updates.
- patch_
filters Sequence[GetPatch Baseline Approval Rule Patch Filter] - The patch filter group that defines the criteria for the rule.
- approve
After NumberDays - The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline.
- approve
Until StringDate - The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as
YYYY-MM-DD. Conflicts withapprove_after_days - compliance
Level String - The compliance level for patches approved by this rule.
- enable
Non BooleanSecurity - Boolean enabling the application of non-security updates.
- patch
Filters List<Property Map> - The patch filter group that defines the criteria for the rule.
GetPatchBaselineApprovalRulePatchFilter
GetPatchBaselineGlobalFilter
GetPatchBaselineSource
- Configuration string
- The value of the yum repo configuration.
- Name string
- The name specified to identify the patch source.
- Products List<string>
- The specific operating system versions a patch repository applies to.
- Configuration string
- The value of the yum repo configuration.
- Name string
- The name specified to identify the patch source.
- Products []string
- The specific operating system versions a patch repository applies to.
- configuration String
- The value of the yum repo configuration.
- name String
- The name specified to identify the patch source.
- products List<String>
- The specific operating system versions a patch repository applies to.
- configuration string
- The value of the yum repo configuration.
- name string
- The name specified to identify the patch source.
- products string[]
- The specific operating system versions a patch repository applies to.
- configuration str
- The value of the yum repo configuration.
- name str
- The name specified to identify the patch source.
- products Sequence[str]
- The specific operating system versions a patch repository applies to.
- configuration String
- The value of the yum repo configuration.
- name String
- The name specified to identify the patch source.
- products List<String>
- The specific operating system versions a patch repository applies to.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.
Viewing docs for AWS v5.43.0 (Older version)
published on Tuesday, Mar 10, 2026 by Pulumi
published on Tuesday, Mar 10, 2026 by Pulumi
