patch_baseline
Gets an individual patch_baseline resource
Overview
| Name | patch_baseline |
| Type | Resource |
| Description | patch_baseline |
| Id | awscc.ssm.patch_baseline |
Fields
| Name | Datatype | Description |
|---|---|---|
id | string | The ID of the patch baseline. |
default_baseline | boolean | Set the baseline as default baseline. Only registering to default patch baseline is allowed. |
operating_system | string | Defines the operating system the patch baseline applies to. The Default value is WINDOWS. |
description | string | The description of the patch baseline. |
approval_rules | object | |
sources | array | Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only. |
name | string | The name of the patch baseline. |
rejected_patches | array | A list of explicitly rejected patches for the baseline. |
approved_patches | array | A list of explicitly approved patches for the baseline. |
rejected_patches_action | string | The action for Patch Manager to take on patches included in the RejectedPackages list. |
patch_groups | array | PatchGroups is used to associate instances with a specific patch baseline |
approved_patches_compliance_level | string | Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. The default value is UNSPECIFIED. |
approved_patches_enable_non_security | boolean | Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is 'false'. Applies to Linux instances only. |
global_filters | object | A set of global filters used to include patches in the baseline. |
tags | array | Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways. |
region | string | AWS region. |
Methods
Currently only SELECT is supported for this resource resource.
Example
SELECT
region,
id,
default_baseline,
operating_system,
description,
approval_rules,
sources,
name,
rejected_patches,
approved_patches,
rejected_patches_action,
patch_groups,
approved_patches_compliance_level,
approved_patches_enable_non_security,
global_filters,
tags
FROM awscc.ssm.patch_baseline
WHERE data__Identifier = '<Id>';
Permissions
To operate on the patch_baseline resource, the following permissions are required:
Delete
ssm:DeletePatchBaseline,
ssm:GetPatchBaseline,
ssm:DeregisterPatchBaselineForPatchGroup
Read
ssm:GetDefaultPatchBaseline,
ssm:GetPatchBaseline,
ssm:ListTagsForResource
Update
ssm:UpdatePatchBaseline,
ssm:DeregisterPatchBaselineForPatchGroup,
ssm:AddTagsToResource,
ssm:RemoveTagsFromResource,
ssm:ListTagsForResource,
ssm:GetDefaultPatchBaseline,
ssm:RegisterDefaultPatchBaseline