Docs Home
Packages
We recommend new projects start with resources from the AWS provider.
aws-native.ssm.PatchBaseline
Explore with Pulumi AI
We recommend new projects start with resources from the AWS provider.
Resource Type definition for AWS::SSM::PatchBaseline
Example Usage
Example
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AwsNative = Pulumi.AwsNative;
return await Deployment.RunAsync(() =>
{
var myPatchBaseline = new AwsNative.Ssm.PatchBaseline("myPatchBaseline", new()
{
Name = "myPatchBaseline",
Description = "Baseline containing all updates approved for Windows instances",
OperatingSystem = AwsNative.Ssm.PatchBaselineOperatingSystem.Windows,
PatchGroups = new[]
{
"myPatchGroup",
},
ApprovalRules = new AwsNative.Ssm.Inputs.PatchBaselineRuleGroupArgs
{
PatchRules = new[]
{
new AwsNative.Ssm.Inputs.PatchBaselineRuleArgs
{
PatchFilterGroup = new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterGroupArgs
{
PatchFilters = new[]
{
new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
{
Values = new[]
{
"Critical",
"Important",
"Moderate",
},
Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.MsrcSeverity,
},
new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
{
Values = new[]
{
"SecurityUpdates",
"CriticalUpdates",
},
Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.Classification,
},
new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
{
Values = new[]
{
"WindowsServer2019",
},
Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.Product,
},
},
},
ApproveAfterDays = 7,
ComplianceLevel = AwsNative.Ssm.PatchBaselineRuleComplianceLevel.Critical,
},
new AwsNative.Ssm.Inputs.PatchBaselineRuleArgs
{
PatchFilterGroup = new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterGroupArgs
{
PatchFilters = new[]
{
new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
{
Values = new[]
{
"Critical",
"Important",
"Moderate",
},
Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.MsrcSeverity,
},
new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
{
Values = new[]
{
"*",
},
Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.Classification,
},
new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
{
Values = new[]
{
"APPLICATION",
},
Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.PatchSet,
},
new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
{
Values = new[]
{
"Active Directory Rights Management Services Client 2.0",
},
Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.Product,
},
new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
{
Values = new[]
{
"Active Directory",
},
Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.ProductFamily,
},
},
},
ApproveAfterDays = 7,
ComplianceLevel = AwsNative.Ssm.PatchBaselineRuleComplianceLevel.Critical,
},
},
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws-native/sdk/go/aws/ssm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ssm.NewPatchBaseline(ctx, "myPatchBaseline", &ssm.PatchBaselineArgs{
Name: pulumi.String("myPatchBaseline"),
Description: pulumi.String("Baseline containing all updates approved for Windows instances"),
OperatingSystem: ssm.PatchBaselineOperatingSystemWindows,
PatchGroups: pulumi.StringArray{
pulumi.String("myPatchGroup"),
},
ApprovalRules: &ssm.PatchBaselineRuleGroupArgs{
PatchRules: ssm.PatchBaselineRuleArray{
&ssm.PatchBaselineRuleArgs{
PatchFilterGroup: &ssm.PatchBaselinePatchFilterGroupArgs{
PatchFilters: ssm.PatchBaselinePatchFilterArray{
&ssm.PatchBaselinePatchFilterArgs{
Values: pulumi.StringArray{
pulumi.String("Critical"),
pulumi.String("Important"),
pulumi.String("Moderate"),
},
Key: ssm.PatchBaselinePatchFilterKeyMsrcSeverity,
},
&ssm.PatchBaselinePatchFilterArgs{
Values: pulumi.StringArray{
pulumi.String("SecurityUpdates"),
pulumi.String("CriticalUpdates"),
},
Key: ssm.PatchBaselinePatchFilterKeyClassification,
},
&ssm.PatchBaselinePatchFilterArgs{
Values: pulumi.StringArray{
pulumi.String("WindowsServer2019"),
},
Key: ssm.PatchBaselinePatchFilterKeyProduct,
},
},
},
ApproveAfterDays: pulumi.Int(7),
ComplianceLevel: ssm.PatchBaselineRuleComplianceLevelCritical,
},
&ssm.PatchBaselineRuleArgs{
PatchFilterGroup: &ssm.PatchBaselinePatchFilterGroupArgs{
PatchFilters: ssm.PatchBaselinePatchFilterArray{
&ssm.PatchBaselinePatchFilterArgs{
Values: pulumi.StringArray{
pulumi.String("Critical"),
pulumi.String("Important"),
pulumi.String("Moderate"),
},
Key: ssm.PatchBaselinePatchFilterKeyMsrcSeverity,
},
&ssm.PatchBaselinePatchFilterArgs{
Values: pulumi.StringArray{
pulumi.String("*"),
},
Key: ssm.PatchBaselinePatchFilterKeyClassification,
},
&ssm.PatchBaselinePatchFilterArgs{
Values: pulumi.StringArray{
pulumi.String("APPLICATION"),
},
Key: ssm.PatchBaselinePatchFilterKeyPatchSet,
},
&ssm.PatchBaselinePatchFilterArgs{
Values: pulumi.StringArray{
pulumi.String("Active Directory Rights Management Services Client 2.0"),
},
Key: ssm.PatchBaselinePatchFilterKeyProduct,
},
&ssm.PatchBaselinePatchFilterArgs{
Values: pulumi.StringArray{
pulumi.String("Active Directory"),
},
Key: ssm.PatchBaselinePatchFilterKeyProductFamily,
},
},
},
ApproveAfterDays: pulumi.Int(7),
ComplianceLevel: ssm.PatchBaselineRuleComplianceLevelCritical,
},
},
},
})
if err != nil {
return err
}
return nil
})
}
Coming soon!
import pulumi
import pulumi_aws_native as aws_native
my_patch_baseline = aws_native.ssm.PatchBaseline("myPatchBaseline",
name="myPatchBaseline",
description="Baseline containing all updates approved for Windows instances",
operating_system=aws_native.ssm.PatchBaselineOperatingSystem.WINDOWS,
patch_groups=["myPatchGroup"],
approval_rules={
"patch_rules": [
{
"patch_filter_group": {
"patch_filters": [
{
"values": [
"Critical",
"Important",
"Moderate",
],
"key": aws_native.ssm.PatchBaselinePatchFilterKey.MSRC_SEVERITY,
},
{
"values": [
"SecurityUpdates",
"CriticalUpdates",
],
"key": aws_native.ssm.PatchBaselinePatchFilterKey.CLASSIFICATION,
},
{
"values": ["WindowsServer2019"],
"key": aws_native.ssm.PatchBaselinePatchFilterKey.PRODUCT,
},
],
},
"approve_after_days": 7,
"compliance_level": aws_native.ssm.PatchBaselineRuleComplianceLevel.CRITICAL,
},
{
"patch_filter_group": {
"patch_filters": [
{
"values": [
"Critical",
"Important",
"Moderate",
],
"key": aws_native.ssm.PatchBaselinePatchFilterKey.MSRC_SEVERITY,
},
{
"values": ["*"],
"key": aws_native.ssm.PatchBaselinePatchFilterKey.CLASSIFICATION,
},
{
"values": ["APPLICATION"],
"key": aws_native.ssm.PatchBaselinePatchFilterKey.PATCH_SET,
},
{
"values": ["Active Directory Rights Management Services Client 2.0"],
"key": aws_native.ssm.PatchBaselinePatchFilterKey.PRODUCT,
},
{
"values": ["Active Directory"],
"key": aws_native.ssm.PatchBaselinePatchFilterKey.PRODUCT_FAMILY,
},
],
},
"approve_after_days": 7,
"compliance_level": aws_native.ssm.PatchBaselineRuleComplianceLevel.CRITICAL,
},
],
})
import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";
const myPatchBaseline = new aws_native.ssm.PatchBaseline("myPatchBaseline", {
name: "myPatchBaseline",
description: "Baseline containing all updates approved for Windows instances",
operatingSystem: aws_native.ssm.PatchBaselineOperatingSystem.Windows,
patchGroups: ["myPatchGroup"],
approvalRules: {
patchRules: [
{
patchFilterGroup: {
patchFilters: [
{
values: [
"Critical",
"Important",
"Moderate",
],
key: aws_native.ssm.PatchBaselinePatchFilterKey.MsrcSeverity,
},
{
values: [
"SecurityUpdates",
"CriticalUpdates",
],
key: aws_native.ssm.PatchBaselinePatchFilterKey.Classification,
},
{
values: ["WindowsServer2019"],
key: aws_native.ssm.PatchBaselinePatchFilterKey.Product,
},
],
},
approveAfterDays: 7,
complianceLevel: aws_native.ssm.PatchBaselineRuleComplianceLevel.Critical,
},
{
patchFilterGroup: {
patchFilters: [
{
values: [
"Critical",
"Important",
"Moderate",
],
key: aws_native.ssm.PatchBaselinePatchFilterKey.MsrcSeverity,
},
{
values: ["*"],
key: aws_native.ssm.PatchBaselinePatchFilterKey.Classification,
},
{
values: ["APPLICATION"],
key: aws_native.ssm.PatchBaselinePatchFilterKey.PatchSet,
},
{
values: ["Active Directory Rights Management Services Client 2.0"],
key: aws_native.ssm.PatchBaselinePatchFilterKey.Product,
},
{
values: ["Active Directory"],
key: aws_native.ssm.PatchBaselinePatchFilterKey.ProductFamily,
},
],
},
approveAfterDays: 7,
complianceLevel: aws_native.ssm.PatchBaselineRuleComplianceLevel.Critical,
},
],
},
});
Coming soon!
Example
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AwsNative = Pulumi.AwsNative;
return await Deployment.RunAsync(() =>
{
var myPatchBaseline = new AwsNative.Ssm.PatchBaseline("myPatchBaseline", new()
{
Name = "myPatchBaseline",
Description = "Baseline containing all updates approved for Windows instances",
OperatingSystem = AwsNative.Ssm.PatchBaselineOperatingSystem.Windows,
PatchGroups = new[]
{
"myPatchGroup",
},
ApprovalRules = new AwsNative.Ssm.Inputs.PatchBaselineRuleGroupArgs
{
PatchRules = new[]
{
new AwsNative.Ssm.Inputs.PatchBaselineRuleArgs
{
PatchFilterGroup = new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterGroupArgs
{
PatchFilters = new[]
{
new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
{
Values = new[]
{
"Critical",
"Important",
"Moderate",
},
Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.MsrcSeverity,
},
new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
{
Values = new[]
{
"SecurityUpdates",
"CriticalUpdates",
},
Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.Classification,
},
new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
{
Values = new[]
{
"WindowsServer2019",
},
Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.Product,
},
},
},
ApproveAfterDays = 7,
ComplianceLevel = AwsNative.Ssm.PatchBaselineRuleComplianceLevel.Critical,
},
new AwsNative.Ssm.Inputs.PatchBaselineRuleArgs
{
PatchFilterGroup = new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterGroupArgs
{
PatchFilters = new[]
{
new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
{
Values = new[]
{
"Critical",
"Important",
"Moderate",
},
Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.MsrcSeverity,
},
new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
{
Values = new[]
{
"*",
},
Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.Classification,
},
new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
{
Values = new[]
{
"APPLICATION",
},
Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.PatchSet,
},
new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
{
Values = new[]
{
"Active Directory Rights Management Services Client 2.0",
},
Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.Product,
},
new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
{
Values = new[]
{
"Active Directory",
},
Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.ProductFamily,
},
},
},
ApproveAfterDays = 7,
ComplianceLevel = AwsNative.Ssm.PatchBaselineRuleComplianceLevel.Critical,
},
},
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws-native/sdk/go/aws/ssm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ssm.NewPatchBaseline(ctx, "myPatchBaseline", &ssm.PatchBaselineArgs{
Name: pulumi.String("myPatchBaseline"),
Description: pulumi.String("Baseline containing all updates approved for Windows instances"),
OperatingSystem: ssm.PatchBaselineOperatingSystemWindows,
PatchGroups: pulumi.StringArray{
pulumi.String("myPatchGroup"),
},
ApprovalRules: &ssm.PatchBaselineRuleGroupArgs{
PatchRules: ssm.PatchBaselineRuleArray{
&ssm.PatchBaselineRuleArgs{
PatchFilterGroup: &ssm.PatchBaselinePatchFilterGroupArgs{
PatchFilters: ssm.PatchBaselinePatchFilterArray{
&ssm.PatchBaselinePatchFilterArgs{
Values: pulumi.StringArray{
pulumi.String("Critical"),
pulumi.String("Important"),
pulumi.String("Moderate"),
},
Key: ssm.PatchBaselinePatchFilterKeyMsrcSeverity,
},
&ssm.PatchBaselinePatchFilterArgs{
Values: pulumi.StringArray{
pulumi.String("SecurityUpdates"),
pulumi.String("CriticalUpdates"),
},
Key: ssm.PatchBaselinePatchFilterKeyClassification,
},
&ssm.PatchBaselinePatchFilterArgs{
Values: pulumi.StringArray{
pulumi.String("WindowsServer2019"),
},
Key: ssm.PatchBaselinePatchFilterKeyProduct,
},
},
},
ApproveAfterDays: pulumi.Int(7),
ComplianceLevel: ssm.PatchBaselineRuleComplianceLevelCritical,
},
&ssm.PatchBaselineRuleArgs{
PatchFilterGroup: &ssm.PatchBaselinePatchFilterGroupArgs{
PatchFilters: ssm.PatchBaselinePatchFilterArray{
&ssm.PatchBaselinePatchFilterArgs{
Values: pulumi.StringArray{
pulumi.String("Critical"),
pulumi.String("Important"),
pulumi.String("Moderate"),
},
Key: ssm.PatchBaselinePatchFilterKeyMsrcSeverity,
},
&ssm.PatchBaselinePatchFilterArgs{
Values: pulumi.StringArray{
pulumi.String("*"),
},
Key: ssm.PatchBaselinePatchFilterKeyClassification,
},
&ssm.PatchBaselinePatchFilterArgs{
Values: pulumi.StringArray{
pulumi.String("APPLICATION"),
},
Key: ssm.PatchBaselinePatchFilterKeyPatchSet,
},
&ssm.PatchBaselinePatchFilterArgs{
Values: pulumi.StringArray{
pulumi.String("Active Directory Rights Management Services Client 2.0"),
},
Key: ssm.PatchBaselinePatchFilterKeyProduct,
},
&ssm.PatchBaselinePatchFilterArgs{
Values: pulumi.StringArray{
pulumi.String("Active Directory"),
},
Key: ssm.PatchBaselinePatchFilterKeyProductFamily,
},
},
},
ApproveAfterDays: pulumi.Int(7),
ComplianceLevel: ssm.PatchBaselineRuleComplianceLevelCritical,
},
},
},
})
if err != nil {
return err
}
return nil
})
}
Coming soon!
import pulumi
import pulumi_aws_native as aws_native
my_patch_baseline = aws_native.ssm.PatchBaseline("myPatchBaseline",
name="myPatchBaseline",
description="Baseline containing all updates approved for Windows instances",
operating_system=aws_native.ssm.PatchBaselineOperatingSystem.WINDOWS,
patch_groups=["myPatchGroup"],
approval_rules={
"patch_rules": [
{
"patch_filter_group": {
"patch_filters": [
{
"values": [
"Critical",
"Important",
"Moderate",
],
"key": aws_native.ssm.PatchBaselinePatchFilterKey.MSRC_SEVERITY,
},
{
"values": [
"SecurityUpdates",
"CriticalUpdates",
],
"key": aws_native.ssm.PatchBaselinePatchFilterKey.CLASSIFICATION,
},
{
"values": ["WindowsServer2019"],
"key": aws_native.ssm.PatchBaselinePatchFilterKey.PRODUCT,
},
],
},
"approve_after_days": 7,
"compliance_level": aws_native.ssm.PatchBaselineRuleComplianceLevel.CRITICAL,
},
{
"patch_filter_group": {
"patch_filters": [
{
"values": [
"Critical",
"Important",
"Moderate",
],
"key": aws_native.ssm.PatchBaselinePatchFilterKey.MSRC_SEVERITY,
},
{
"values": ["*"],
"key": aws_native.ssm.PatchBaselinePatchFilterKey.CLASSIFICATION,
},
{
"values": ["APPLICATION"],
"key": aws_native.ssm.PatchBaselinePatchFilterKey.PATCH_SET,
},
{
"values": ["Active Directory Rights Management Services Client 2.0"],
"key": aws_native.ssm.PatchBaselinePatchFilterKey.PRODUCT,
},
{
"values": ["Active Directory"],
"key": aws_native.ssm.PatchBaselinePatchFilterKey.PRODUCT_FAMILY,
},
],
},
"approve_after_days": 7,
"compliance_level": aws_native.ssm.PatchBaselineRuleComplianceLevel.CRITICAL,
},
],
})
import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";
const myPatchBaseline = new aws_native.ssm.PatchBaseline("myPatchBaseline", {
name: "myPatchBaseline",
description: "Baseline containing all updates approved for Windows instances",
operatingSystem: aws_native.ssm.PatchBaselineOperatingSystem.Windows,
patchGroups: ["myPatchGroup"],
approvalRules: {
patchRules: [
{
patchFilterGroup: {
patchFilters: [
{
values: [
"Critical",
"Important",
"Moderate",
],
key: aws_native.ssm.PatchBaselinePatchFilterKey.MsrcSeverity,
},
{
values: [
"SecurityUpdates",
"CriticalUpdates",
],
key: aws_native.ssm.PatchBaselinePatchFilterKey.Classification,
},
{
values: ["WindowsServer2019"],
key: aws_native.ssm.PatchBaselinePatchFilterKey.Product,
},
],
},
approveAfterDays: 7,
complianceLevel: aws_native.ssm.PatchBaselineRuleComplianceLevel.Critical,
},
{
patchFilterGroup: {
patchFilters: [
{
values: [
"Critical",
"Important",
"Moderate",
],
key: aws_native.ssm.PatchBaselinePatchFilterKey.MsrcSeverity,
},
{
values: ["*"],
key: aws_native.ssm.PatchBaselinePatchFilterKey.Classification,
},
{
values: ["APPLICATION"],
key: aws_native.ssm.PatchBaselinePatchFilterKey.PatchSet,
},
{
values: ["Active Directory Rights Management Services Client 2.0"],
key: aws_native.ssm.PatchBaselinePatchFilterKey.Product,
},
{
values: ["Active Directory"],
key: aws_native.ssm.PatchBaselinePatchFilterKey.ProductFamily,
},
],
},
approveAfterDays: 7,
complianceLevel: aws_native.ssm.PatchBaselineRuleComplianceLevel.Critical,
},
],
},
});
Coming soon!
Create PatchBaseline Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new PatchBaseline(name: string, args?: PatchBaselineArgs, opts?: CustomResourceOptions);@overload
def PatchBaseline(resource_name: str,
args: Optional[PatchBaselineArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def PatchBaseline(resource_name: str,
opts: Optional[ResourceOptions] = None,
approval_rules: Optional[PatchBaselineRuleGroupArgs] = None,
approved_patches: Optional[Sequence[str]] = None,
approved_patches_compliance_level: Optional[PatchBaselineApprovedPatchesComplianceLevel] = None,
approved_patches_enable_non_security: Optional[bool] = None,
default_baseline: Optional[bool] = None,
description: Optional[str] = None,
global_filters: Optional[PatchBaselinePatchFilterGroupArgs] = None,
name: Optional[str] = None,
operating_system: Optional[PatchBaselineOperatingSystem] = None,
patch_groups: Optional[Sequence[str]] = None,
rejected_patches: Optional[Sequence[str]] = None,
rejected_patches_action: Optional[PatchBaselineRejectedPatchesAction] = None,
sources: Optional[Sequence[PatchBaselinePatchSourceArgs]] = None,
tags: Optional[Sequence[_root_inputs.TagArgs]] = None)func NewPatchBaseline(ctx *Context, name string, args *PatchBaselineArgs, opts ...ResourceOption) (*PatchBaseline, error)public PatchBaseline(string name, PatchBaselineArgs? args = null, CustomResourceOptions? opts = null)
public PatchBaseline(String name, PatchBaselineArgs args)
public PatchBaseline(String name, PatchBaselineArgs args, CustomResourceOptions options)
type: aws-native:ssm:PatchBaseline
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args PatchBaselineArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PatchBaselineArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PatchBaselineArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PatchBaselineArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PatchBaselineArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
PatchBaseline Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The PatchBaseline resource accepts the following input properties:
- Approval
Rules Pulumi.Aws Native. Ssm. Inputs. Patch Baseline Rule Group - A set of rules used to include patches in the baseline.
- Approved
Patches List<string> - A list of explicitly approved patches for the baseline.
- Approved
Patches Pulumi.Compliance Level Aws Native. Ssm. Patch Baseline Approved Patches Compliance Level - Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. The default value is UNSPECIFIED.
- Approved
Patches boolEnable Non Security - Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is 'false'. Applies to Linux instances only.
- Default
Baseline bool - Set the baseline as default baseline. Only registering to default patch baseline is allowed.
- Description string
- The description of the patch baseline.
- Global
Filters Pulumi.Aws Native. Ssm. Inputs. Patch Baseline Patch Filter Group - A set of global filters used to include patches in the baseline.
- Name string
- The name of the patch baseline.
- Operating
System Pulumi.Aws Native. Ssm. Patch Baseline Operating System - Defines the operating system the patch baseline applies to. The Default value is WINDOWS.
- Patch
Groups List<string> - PatchGroups is used to associate instances with a specific patch baseline
- Rejected
Patches List<string> - A list of explicitly rejected patches for the baseline.
- Rejected
Patches Pulumi.Action Aws Native. Ssm. Patch Baseline Rejected Patches Action - The action for Patch Manager to take on patches included in the RejectedPackages list.
- Sources
List<Pulumi.
Aws Native. Ssm. Inputs. Patch Baseline Patch Source> - Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
-
List<Pulumi.
Aws Native. Inputs. Tag> - Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways.
- Approval
Rules PatchBaseline Rule Group Args - A set of rules used to include patches in the baseline.
- Approved
Patches []string - A list of explicitly approved patches for the baseline.
- Approved
Patches PatchCompliance Level Baseline Approved Patches Compliance Level - Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. The default value is UNSPECIFIED.
- Approved
Patches boolEnable Non Security - Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is 'false'. Applies to Linux instances only.
- Default
Baseline bool - Set the baseline as default baseline. Only registering to default patch baseline is allowed.
- Description string
- The description of the patch baseline.
- Global
Filters PatchBaseline Patch Filter Group Args - A set of global filters used to include patches in the baseline.
- Name string
- The name of the patch baseline.
- Operating
System PatchBaseline Operating System - Defines the operating system the patch baseline applies to. The Default value is WINDOWS.
- Patch
Groups []string - PatchGroups is used to associate instances with a specific patch baseline
- Rejected
Patches []string - A list of explicitly rejected patches for the baseline.
- Rejected
Patches PatchAction Baseline Rejected Patches Action - The action for Patch Manager to take on patches included in the RejectedPackages list.
- Sources
[]Patch
Baseline Patch Source Args - Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
-
Tag
Args - Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways.
- approval
Rules PatchBaseline Rule Group - A set of rules used to include patches in the baseline.
- approved
Patches List<String> - A list of explicitly approved patches for the baseline.
- approved
Patches PatchCompliance Level Baseline Approved Patches Compliance Level - Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. The default value is UNSPECIFIED.
- approved
Patches BooleanEnable Non Security - Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is 'false'. Applies to Linux instances only.
- default
Baseline Boolean - Set the baseline as default baseline. Only registering to default patch baseline is allowed.
- description String
- The description of the patch baseline.
- global
Filters PatchBaseline Patch Filter Group - A set of global filters used to include patches in the baseline.
- name String
- The name of the patch baseline.
- operating
System PatchBaseline Operating System - Defines the operating system the patch baseline applies to. The Default value is WINDOWS.
- patch
Groups List<String> - PatchGroups is used to associate instances with a specific patch baseline
- rejected
Patches List<String> - A list of explicitly rejected patches for the baseline.
- rejected
Patches PatchAction Baseline Rejected Patches Action - The action for Patch Manager to take on patches included in the RejectedPackages list.
- sources
List<Patch
Baseline Patch Source> - Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
- List<Tag>
- Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways.
- approval
Rules PatchBaseline Rule Group - A set of rules used to include patches in the baseline.
- approved
Patches string[] - A list of explicitly approved patches for the baseline.
- approved
Patches PatchCompliance Level Baseline Approved Patches Compliance Level - Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. The default value is UNSPECIFIED.
- approved
Patches booleanEnable Non Security - Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is 'false'. Applies to Linux instances only.
- default
Baseline boolean - Set the baseline as default baseline. Only registering to default patch baseline is allowed.
- description string
- The description of the patch baseline.
- global
Filters PatchBaseline Patch Filter Group - A set of global filters used to include patches in the baseline.
- name string
- The name of the patch baseline.
- operating
System PatchBaseline Operating System - Defines the operating system the patch baseline applies to. The Default value is WINDOWS.
- patch
Groups string[] - PatchGroups is used to associate instances with a specific patch baseline
- rejected
Patches string[] - A list of explicitly rejected patches for the baseline.
- rejected
Patches PatchAction Baseline Rejected Patches Action - The action for Patch Manager to take on patches included in the RejectedPackages list.
- sources
Patch
Baseline Patch Source[] - Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
- Tag[]
- Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways.
- approval_
rules PatchBaseline Rule Group Args - A set of rules used to include patches in the baseline.
- approved_
patches Sequence[str] - A list of explicitly approved patches for the baseline.
- approved_
patches_ Patchcompliance_ level Baseline Approved Patches Compliance Level - Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. The default value is UNSPECIFIED.
- approved_
patches_ boolenable_ non_ security - Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is 'false'. Applies to Linux instances only.
- default_
baseline bool - Set the baseline as default baseline. Only registering to default patch baseline is allowed.
- description str
- The description of the patch baseline.
- global_
filters PatchBaseline Patch Filter Group Args - A set of global filters used to include patches in the baseline.
- name str
- The name of the patch baseline.
- operating_
system PatchBaseline Operating System - Defines the operating system the patch baseline applies to. The Default value is WINDOWS.
- patch_
groups Sequence[str] - PatchGroups is used to associate instances with a specific patch baseline
- rejected_
patches Sequence[str] - A list of explicitly rejected patches for the baseline.
- rejected_
patches_ Patchaction Baseline Rejected Patches Action - The action for Patch Manager to take on patches included in the RejectedPackages list.
- sources
Sequence[Patch
Baseline Patch Source Args] - Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
-
Sequence[Tag
Args] - Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways.
- approval
Rules Property Map - A set of rules used to include patches in the baseline.
- approved
Patches List<String> - A list of explicitly approved patches for the baseline.
- approved
Patches "CRITICAL" | "HIGH" | "MEDIUM" | "LOW" | "INFORMATIONAL" | "UNSPECIFIED"Compliance Level - Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. The default value is UNSPECIFIED.
- approved
Patches BooleanEnable Non Security - Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is 'false'. Applies to Linux instances only.
- default
Baseline Boolean - Set the baseline as default baseline. Only registering to default patch baseline is allowed.
- description String
- The description of the patch baseline.
- global
Filters Property Map - A set of global filters used to include patches in the baseline.
- name String
- The name of the patch baseline.
- operating
System "WINDOWS" | "AMAZON_LINUX" | "AMAZON_LINUX_2" | "AMAZON_LINUX_2022" | "AMAZON_LINUX_2023" | "UBUNTU" | "REDHAT_ENTERPRISE_LINUX" | "SUSE" | "CENTOS" | "ORACLE_LINUX" | "DEBIAN" | "MACOS" | "RASPBIAN" | "ROCKY_LINUX" | "ALMA_LINUX" - Defines the operating system the patch baseline applies to. The Default value is WINDOWS.
- patch
Groups List<String> - PatchGroups is used to associate instances with a specific patch baseline
- rejected
Patches List<String> - A list of explicitly rejected patches for the baseline.
- rejected
Patches "ALLOW_AS_DEPENDENCY" | "BLOCK"Action - The action for Patch Manager to take on patches included in the RejectedPackages list.
- sources List<Property Map>
- Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
- List<Property Map>
- Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways.
Outputs
All input properties are implicitly available as output properties. Additionally, the PatchBaseline resource produces the following output properties:
Supporting Types
PatchBaselineApprovedPatchesComplianceLevel, PatchBaselineApprovedPatchesComplianceLevelArgs
- Critical
- CRITICAL
- High
- HIGH
- Medium
- MEDIUM
- Low
- LOW
- Informational
- INFORMATIONAL
- Unspecified
- UNSPECIFIED
- Patch
Baseline Approved Patches Compliance Level Critical - CRITICAL
- Patch
Baseline Approved Patches Compliance Level High - HIGH
- Patch
Baseline Approved Patches Compliance Level Medium - MEDIUM
- Patch
Baseline Approved Patches Compliance Level Low - LOW
- Patch
Baseline Approved Patches Compliance Level Informational - INFORMATIONAL
- Patch
Baseline Approved Patches Compliance Level Unspecified - UNSPECIFIED
- Critical
- CRITICAL
- High
- HIGH
- Medium
- MEDIUM
- Low
- LOW
- Informational
- INFORMATIONAL
- Unspecified
- UNSPECIFIED
- Critical
- CRITICAL
- High
- HIGH
- Medium
- MEDIUM
- Low
- LOW
- Informational
- INFORMATIONAL
- Unspecified
- UNSPECIFIED
- CRITICAL
- CRITICAL
- HIGH
- HIGH
- MEDIUM
- MEDIUM
- LOW
- LOW
- INFORMATIONAL
- INFORMATIONAL
- UNSPECIFIED
- UNSPECIFIED
- "CRITICAL"
- CRITICAL
- "HIGH"
- HIGH
- "MEDIUM"
- MEDIUM
- "LOW"
- LOW
- "INFORMATIONAL"
- INFORMATIONAL
- "UNSPECIFIED"
- UNSPECIFIED
PatchBaselineOperatingSystem, PatchBaselineOperatingSystemArgs
- Windows
- WINDOWS
- Amazon
Linux - AMAZON_LINUX
- Amazon
Linux2 - AMAZON_LINUX_2
- Amazon
Linux2022 - AMAZON_LINUX_2022
- Amazon
Linux2023 - AMAZON_LINUX_2023
- Ubuntu
- UBUNTU
- Redhat
Enterprise Linux - REDHAT_ENTERPRISE_LINUX
- Suse
- SUSE
- Centos
- CENTOS
- Oracle
Linux - ORACLE_LINUX
- Debian
- DEBIAN
- Macos
- MACOS
- Raspbian
- RASPBIAN
- Rocky
Linux - ROCKY_LINUX
- Alma
Linux - ALMA_LINUX
- Patch
Baseline Operating System Windows - WINDOWS
- Patch
Baseline Operating System Amazon Linux - AMAZON_LINUX
- Patch
Baseline Operating System Amazon Linux2 - AMAZON_LINUX_2
- Patch
Baseline Operating System Amazon Linux2022 - AMAZON_LINUX_2022
- Patch
Baseline Operating System Amazon Linux2023 - AMAZON_LINUX_2023
- Patch
Baseline Operating System Ubuntu - UBUNTU
- Patch
Baseline Operating System Redhat Enterprise Linux - REDHAT_ENTERPRISE_LINUX
- Patch
Baseline Operating System Suse - SUSE
- Patch
Baseline Operating System Centos - CENTOS
- Patch
Baseline Operating System Oracle Linux - ORACLE_LINUX
- Patch
Baseline Operating System Debian - DEBIAN
- Patch
Baseline Operating System Macos - MACOS
- Patch
Baseline Operating System Raspbian - RASPBIAN
- Patch
Baseline Operating System Rocky Linux - ROCKY_LINUX
- Patch
Baseline Operating System Alma Linux - ALMA_LINUX
- Windows
- WINDOWS
- Amazon
Linux - AMAZON_LINUX
- Amazon
Linux2 - AMAZON_LINUX_2
- Amazon
Linux2022 - AMAZON_LINUX_2022
- Amazon
Linux2023 - AMAZON_LINUX_2023
- Ubuntu
- UBUNTU
- Redhat
Enterprise Linux - REDHAT_ENTERPRISE_LINUX
- Suse
- SUSE
- Centos
- CENTOS
- Oracle
Linux - ORACLE_LINUX
- Debian
- DEBIAN
- Macos
- MACOS
- Raspbian
- RASPBIAN
- Rocky
Linux - ROCKY_LINUX
- Alma
Linux - ALMA_LINUX
- Windows
- WINDOWS
- Amazon
Linux - AMAZON_LINUX
- Amazon
Linux2 - AMAZON_LINUX_2
- Amazon
Linux2022 - AMAZON_LINUX_2022
- Amazon
Linux2023 - AMAZON_LINUX_2023
- Ubuntu
- UBUNTU
- Redhat
Enterprise Linux - REDHAT_ENTERPRISE_LINUX
- Suse
- SUSE
- Centos
- CENTOS
- Oracle
Linux - ORACLE_LINUX
- Debian
- DEBIAN
- Macos
- MACOS
- Raspbian
- RASPBIAN
- Rocky
Linux - ROCKY_LINUX
- Alma
Linux - ALMA_LINUX
- WINDOWS
- WINDOWS
- AMAZON_LINUX
- AMAZON_LINUX
- AMAZON_LINUX2
- AMAZON_LINUX_2
- AMAZON_LINUX2022
- AMAZON_LINUX_2022
- AMAZON_LINUX2023
- AMAZON_LINUX_2023
- UBUNTU
- UBUNTU
- REDHAT_ENTERPRISE_LINUX
- REDHAT_ENTERPRISE_LINUX
- SUSE
- SUSE
- CENTOS
- CENTOS
- ORACLE_LINUX
- ORACLE_LINUX
- DEBIAN
- DEBIAN
- MACOS
- MACOS
- RASPBIAN
- RASPBIAN
- ROCKY_LINUX
- ROCKY_LINUX
- ALMA_LINUX
- ALMA_LINUX
- "WINDOWS"
- WINDOWS
- "AMAZON_LINUX"
- AMAZON_LINUX
- "AMAZON_LINUX_2"
- AMAZON_LINUX_2
- "AMAZON_LINUX_2022"
- AMAZON_LINUX_2022
- "AMAZON_LINUX_2023"
- AMAZON_LINUX_2023
- "UBUNTU"
- UBUNTU
- "REDHAT_ENTERPRISE_LINUX"
- REDHAT_ENTERPRISE_LINUX
- "SUSE"
- SUSE
- "CENTOS"
- CENTOS
- "ORACLE_LINUX"
- ORACLE_LINUX
- "DEBIAN"
- DEBIAN
- "MACOS"
- MACOS
- "RASPBIAN"
- RASPBIAN
- "ROCKY_LINUX"
- ROCKY_LINUX
- "ALMA_LINUX"
- ALMA_LINUX
PatchBaselinePatchFilter, PatchBaselinePatchFilterArgs
- Key
Pulumi.
Aws Native. Ssm. Patch Baseline Patch Filter Key The key for the filter.
For information about valid keys, see PatchFilter in the AWS Systems Manager API Reference .
- Values List<string>
The value for the filter key.
For information about valid values for each key based on operating system type, see PatchFilter in the AWS Systems Manager API Reference .
- Key
Patch
Baseline Patch Filter Key The key for the filter.
For information about valid keys, see PatchFilter in the AWS Systems Manager API Reference .
- Values []string
The value for the filter key.
For information about valid values for each key based on operating system type, see PatchFilter in the AWS Systems Manager API Reference .
- key
Patch
Baseline Patch Filter Key The key for the filter.
For information about valid keys, see PatchFilter in the AWS Systems Manager API Reference .
- values List<String>
The value for the filter key.
For information about valid values for each key based on operating system type, see PatchFilter in the AWS Systems Manager API Reference .
- key
Patch
Baseline Patch Filter Key The key for the filter.
For information about valid keys, see PatchFilter in the AWS Systems Manager API Reference .
- values string[]
The value for the filter key.
For information about valid values for each key based on operating system type, see PatchFilter in the AWS Systems Manager API Reference .
- key
Patch
Baseline Patch Filter Key The key for the filter.
For information about valid keys, see PatchFilter in the AWS Systems Manager API Reference .
- values Sequence[str]
The value for the filter key.
For information about valid values for each key based on operating system type, see PatchFilter in the AWS Systems Manager API Reference .
- key "ADVISORY_ID" | "ARCH" | "BUGZILLA_ID" | "CLASSIFICATION" | "CVE_ID" | "EPOCH" | "MSRC_SEVERITY" | "NAME" | "PATCH_ID" | "PATCH_SET" | "PRIORITY" | "PRODUCT" | "PRODUCT_FAMILY" | "RELEASE" | "REPOSITORY" | "SECTION" | "SECURITY" | "SEVERITY" | "VERSION"
The key for the filter.
For information about valid keys, see PatchFilter in the AWS Systems Manager API Reference .
- values List<String>
The value for the filter key.
For information about valid values for each key based on operating system type, see PatchFilter in the AWS Systems Manager API Reference .
PatchBaselinePatchFilterGroup, PatchBaselinePatchFilterGroupArgs
- Patch
Filters List<Pulumi.Aws Native. Ssm. Inputs. Patch Baseline Patch Filter> - The set of patch filters that make up the group.
- Patch
Filters []PatchBaseline Patch Filter - The set of patch filters that make up the group.
- patch
Filters List<PatchBaseline Patch Filter> - The set of patch filters that make up the group.
- patch
Filters PatchBaseline Patch Filter[] - The set of patch filters that make up the group.
- patch_
filters Sequence[PatchBaseline Patch Filter] - The set of patch filters that make up the group.
- patch
Filters List<Property Map> - The set of patch filters that make up the group.
PatchBaselinePatchFilterKey, PatchBaselinePatchFilterKeyArgs
- Advisory
Id - ADVISORY_ID
- Arch
- ARCH
- Bugzilla
Id - BUGZILLA_ID
- Classification
- CLASSIFICATION
- Cve
Id - CVE_ID
- Epoch
- EPOCH
- Msrc
Severity - MSRC_SEVERITY
- Name
- NAME
- Patch
Id - PATCH_ID
- Patch
Set - PATCH_SET
- Priority
- PRIORITY
- Product
- PRODUCT
- Product
Family - PRODUCT_FAMILY
- Release
- RELEASE
- Repository
- REPOSITORY
- Section
- SECTION
- Security
- SECURITY
- Severity
- SEVERITY
- Version
- VERSION
- Patch
Baseline Patch Filter Key Advisory Id - ADVISORY_ID
- Patch
Baseline Patch Filter Key Arch - ARCH
- Patch
Baseline Patch Filter Key Bugzilla Id - BUGZILLA_ID
- Patch
Baseline Patch Filter Key Classification - CLASSIFICATION
- Patch
Baseline Patch Filter Key Cve Id - CVE_ID
- Patch
Baseline Patch Filter Key Epoch - EPOCH
- Patch
Baseline Patch Filter Key Msrc Severity - MSRC_SEVERITY
- Patch
Baseline Patch Filter Key Name - NAME
- Patch
Baseline Patch Filter Key Patch Id - PATCH_ID
- Patch
Baseline Patch Filter Key Patch Set - PATCH_SET
- Patch
Baseline Patch Filter Key Priority - PRIORITY
- Patch
Baseline Patch Filter Key Product - PRODUCT
- Patch
Baseline Patch Filter Key Product Family - PRODUCT_FAMILY
- Patch
Baseline Patch Filter Key Release - RELEASE
- Patch
Baseline Patch Filter Key Repository - REPOSITORY
- Patch
Baseline Patch Filter Key Section - SECTION
- Patch
Baseline Patch Filter Key Security - SECURITY
- Patch
Baseline Patch Filter Key Severity - SEVERITY
- Patch
Baseline Patch Filter Key Version - VERSION
- Advisory
Id - ADVISORY_ID
- Arch
- ARCH
- Bugzilla
Id - BUGZILLA_ID
- Classification
- CLASSIFICATION
- Cve
Id - CVE_ID
- Epoch
- EPOCH
- Msrc
Severity - MSRC_SEVERITY
- Name
- NAME
- Patch
Id - PATCH_ID
- Patch
Set - PATCH_SET
- Priority
- PRIORITY
- Product
- PRODUCT
- Product
Family - PRODUCT_FAMILY
- Release
- RELEASE
- Repository
- REPOSITORY
- Section
- SECTION
- Security
- SECURITY
- Severity
- SEVERITY
- Version
- VERSION
- Advisory
Id - ADVISORY_ID
- Arch
- ARCH
- Bugzilla
Id - BUGZILLA_ID
- Classification
- CLASSIFICATION
- Cve
Id - CVE_ID
- Epoch
- EPOCH
- Msrc
Severity - MSRC_SEVERITY
- Name
- NAME
- Patch
Id - PATCH_ID
- Patch
Set - PATCH_SET
- Priority
- PRIORITY
- Product
- PRODUCT
- Product
Family - PRODUCT_FAMILY
- Release
- RELEASE
- Repository
- REPOSITORY
- Section
- SECTION
- Security
- SECURITY
- Severity
- SEVERITY
- Version
- VERSION
- ADVISORY_ID
- ADVISORY_ID
- ARCH
- ARCH
- BUGZILLA_ID
- BUGZILLA_ID
- CLASSIFICATION
- CLASSIFICATION
- CVE_ID
- CVE_ID
- EPOCH
- EPOCH
- MSRC_SEVERITY
- MSRC_SEVERITY
- NAME
- NAME
- PATCH_ID
- PATCH_ID
- PATCH_SET
- PATCH_SET
- PRIORITY
- PRIORITY
- PRODUCT
- PRODUCT
- PRODUCT_FAMILY
- PRODUCT_FAMILY
- RELEASE
- RELEASE
- REPOSITORY
- REPOSITORY
- SECTION
- SECTION
- SECURITY
- SECURITY
- SEVERITY
- SEVERITY
- VERSION
- VERSION
- "ADVISORY_ID"
- ADVISORY_ID
- "ARCH"
- ARCH
- "BUGZILLA_ID"
- BUGZILLA_ID
- "CLASSIFICATION"
- CLASSIFICATION
- "CVE_ID"
- CVE_ID
- "EPOCH"
- EPOCH
- "MSRC_SEVERITY"
- MSRC_SEVERITY
- "NAME"
- NAME
- "PATCH_ID"
- PATCH_ID
- "PATCH_SET"
- PATCH_SET
- "PRIORITY"
- PRIORITY
- "PRODUCT"
- PRODUCT
- "PRODUCT_FAMILY"
- PRODUCT_FAMILY
- "RELEASE"
- RELEASE
- "REPOSITORY"
- REPOSITORY
- "SECTION"
- SECTION
- "SECURITY"
- SECURITY
- "SEVERITY"
- SEVERITY
- "VERSION"
- VERSION
PatchBaselinePatchSource, PatchBaselinePatchSourceArgs
- Configuration string
The value of the yum repo configuration. For example:
[main]name=MyCustomRepositorybaseurl=https://my-custom-repositoryenabled=1For information about other options available for your yum repository configuration, see dnf.conf(5) .
- Name string
- The name specified to identify the patch source.
- Products List<string>
- The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter in the AWS Systems Manager API Reference .
- Configuration string
The value of the yum repo configuration. For example:
[main]name=MyCustomRepositorybaseurl=https://my-custom-repositoryenabled=1For information about other options available for your yum repository configuration, see dnf.conf(5) .
- Name string
- The name specified to identify the patch source.
- Products []string
- The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter in the AWS Systems Manager API Reference .
- configuration String
The value of the yum repo configuration. For example:
[main]name=MyCustomRepositorybaseurl=https://my-custom-repositoryenabled=1For information about other options available for your yum repository configuration, see dnf.conf(5) .
- name String
- The name specified to identify the patch source.
- products List<String>
- The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter in the AWS Systems Manager API Reference .
- configuration string
The value of the yum repo configuration. For example:
[main]name=MyCustomRepositorybaseurl=https://my-custom-repositoryenabled=1For information about other options available for your yum repository configuration, see dnf.conf(5) .
- name string
- The name specified to identify the patch source.
- products string[]
- The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter in the AWS Systems Manager API Reference .
- configuration str
The value of the yum repo configuration. For example:
[main]name=MyCustomRepositorybaseurl=https://my-custom-repositoryenabled=1For information about other options available for your yum repository configuration, see dnf.conf(5) .
- name str
- The name specified to identify the patch source.
- products Sequence[str]
- The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter in the AWS Systems Manager API Reference .
- configuration String
The value of the yum repo configuration. For example:
[main]name=MyCustomRepositorybaseurl=https://my-custom-repositoryenabled=1For information about other options available for your yum repository configuration, see dnf.conf(5) .
- name String
- The name specified to identify the patch source.
- products List<String>
- The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter in the AWS Systems Manager API Reference .
PatchBaselineRejectedPatchesAction, PatchBaselineRejectedPatchesActionArgs
- Allow
As Dependency - ALLOW_AS_DEPENDENCY
- Block
- BLOCK
- Patch
Baseline Rejected Patches Action Allow As Dependency - ALLOW_AS_DEPENDENCY
- Patch
Baseline Rejected Patches Action Block - BLOCK
- Allow
As Dependency - ALLOW_AS_DEPENDENCY
- Block
- BLOCK
- Allow
As Dependency - ALLOW_AS_DEPENDENCY
- Block
- BLOCK
- ALLOW_AS_DEPENDENCY
- ALLOW_AS_DEPENDENCY
- BLOCK
- BLOCK
- "ALLOW_AS_DEPENDENCY"
- ALLOW_AS_DEPENDENCY
- "BLOCK"
- BLOCK
PatchBaselineRule, PatchBaselineRuleArgs
- Approve
After intDays The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of
7means that patches are approved seven days after they are released.This parameter is marked as
Required: No, but your request must include a value for eitherApproveAfterDaysorApproveUntilDate.Not supported for Debian Server or Ubuntu Server.
Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .
- Approve
Until stringDate The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.
Enter dates in the format
YYYY-MM-DD. For example,2024-12-31.This parameter is marked as
Required: No, but your request must include a value for eitherApproveUntilDateorApproveAfterDays.Not supported for Debian Server or Ubuntu Server.
Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .
- Compliance
Level Pulumi.Aws Native. Ssm. Patch Baseline Rule Compliance Level - A compliance severity level for all approved patches in a patch baseline. Valid compliance severity levels include the following:
UNSPECIFIED,CRITICAL,HIGH,MEDIUM,LOW, andINFORMATIONAL. - Enable
Non boolSecurity - For managed nodes identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is
false. Applies to Linux managed nodes only. - Patch
Filter Pulumi.Group Aws Native. Ssm. Inputs. Patch Baseline Patch Filter Group - The patch filter group that defines the criteria for the rule.
- Approve
After intDays The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of
7means that patches are approved seven days after they are released.This parameter is marked as
Required: No, but your request must include a value for eitherApproveAfterDaysorApproveUntilDate.Not supported for Debian Server or Ubuntu Server.
Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .
- Approve
Until stringDate The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.
Enter dates in the format
YYYY-MM-DD. For example,2024-12-31.This parameter is marked as
Required: No, but your request must include a value for eitherApproveUntilDateorApproveAfterDays.Not supported for Debian Server or Ubuntu Server.
Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .
- Compliance
Level PatchBaseline Rule Compliance Level - A compliance severity level for all approved patches in a patch baseline. Valid compliance severity levels include the following:
UNSPECIFIED,CRITICAL,HIGH,MEDIUM,LOW, andINFORMATIONAL. - Enable
Non boolSecurity - For managed nodes identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is
false. Applies to Linux managed nodes only. - Patch
Filter PatchGroup Baseline Patch Filter Group - The patch filter group that defines the criteria for the rule.
- approve
After IntegerDays The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of
7means that patches are approved seven days after they are released.This parameter is marked as
Required: No, but your request must include a value for eitherApproveAfterDaysorApproveUntilDate.Not supported for Debian Server or Ubuntu Server.
Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .
- approve
Until StringDate The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.
Enter dates in the format
YYYY-MM-DD. For example,2024-12-31.This parameter is marked as
Required: No, but your request must include a value for eitherApproveUntilDateorApproveAfterDays.Not supported for Debian Server or Ubuntu Server.
Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .
- compliance
Level PatchBaseline Rule Compliance Level - A compliance severity level for all approved patches in a patch baseline. Valid compliance severity levels include the following:
UNSPECIFIED,CRITICAL,HIGH,MEDIUM,LOW, andINFORMATIONAL. - enable
Non BooleanSecurity - For managed nodes identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is
false. Applies to Linux managed nodes only. - patch
Filter PatchGroup Baseline Patch Filter Group - The patch filter group that defines the criteria for the rule.
- approve
After numberDays The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of
7means that patches are approved seven days after they are released.This parameter is marked as
Required: No, but your request must include a value for eitherApproveAfterDaysorApproveUntilDate.Not supported for Debian Server or Ubuntu Server.
Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .
- approve
Until stringDate The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.
Enter dates in the format
YYYY-MM-DD. For example,2024-12-31.This parameter is marked as
Required: No, but your request must include a value for eitherApproveUntilDateorApproveAfterDays.Not supported for Debian Server or Ubuntu Server.
Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .
- compliance
Level PatchBaseline Rule Compliance Level - A compliance severity level for all approved patches in a patch baseline. Valid compliance severity levels include the following:
UNSPECIFIED,CRITICAL,HIGH,MEDIUM,LOW, andINFORMATIONAL. - enable
Non booleanSecurity - For managed nodes identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is
false. Applies to Linux managed nodes only. - patch
Filter PatchGroup Baseline Patch Filter Group - The patch filter group that defines the criteria for the rule.
- approve_
after_ intdays The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of
7means that patches are approved seven days after they are released.This parameter is marked as
Required: No, but your request must include a value for eitherApproveAfterDaysorApproveUntilDate.Not supported for Debian Server or Ubuntu Server.
Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .
- approve_
until_ strdate The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.
Enter dates in the format
YYYY-MM-DD. For example,2024-12-31.This parameter is marked as
Required: No, but your request must include a value for eitherApproveUntilDateorApproveAfterDays.Not supported for Debian Server or Ubuntu Server.
Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .
- compliance_
level PatchBaseline Rule Compliance Level - A compliance severity level for all approved patches in a patch baseline. Valid compliance severity levels include the following:
UNSPECIFIED,CRITICAL,HIGH,MEDIUM,LOW, andINFORMATIONAL. - enable_
non_ boolsecurity - For managed nodes identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is
false. Applies to Linux managed nodes only. - patch_
filter_ Patchgroup Baseline Patch Filter Group - The patch filter group that defines the criteria for the rule.
- approve
After NumberDays The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of
7means that patches are approved seven days after they are released.This parameter is marked as
Required: No, but your request must include a value for eitherApproveAfterDaysorApproveUntilDate.Not supported for Debian Server or Ubuntu Server.
Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .
- approve
Until StringDate The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.
Enter dates in the format
YYYY-MM-DD. For example,2024-12-31.This parameter is marked as
Required: No, but your request must include a value for eitherApproveUntilDateorApproveAfterDays.Not supported for Debian Server or Ubuntu Server.
Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .
- compliance
Level "CRITICAL" | "HIGH" | "INFORMATIONAL" | "LOW" | "MEDIUM" | "UNSPECIFIED" - A compliance severity level for all approved patches in a patch baseline. Valid compliance severity levels include the following:
UNSPECIFIED,CRITICAL,HIGH,MEDIUM,LOW, andINFORMATIONAL. - enable
Non BooleanSecurity - For managed nodes identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is
false. Applies to Linux managed nodes only. - patch
Filter Property MapGroup - The patch filter group that defines the criteria for the rule.
PatchBaselineRuleComplianceLevel, PatchBaselineRuleComplianceLevelArgs
- Critical
- CRITICAL
- High
- HIGH
- Informational
- INFORMATIONAL
- Low
- LOW
- Medium
- MEDIUM
- Unspecified
- UNSPECIFIED
- Patch
Baseline Rule Compliance Level Critical - CRITICAL
- Patch
Baseline Rule Compliance Level High - HIGH
- Patch
Baseline Rule Compliance Level Informational - INFORMATIONAL
- Patch
Baseline Rule Compliance Level Low - LOW
- Patch
Baseline Rule Compliance Level Medium - MEDIUM
- Patch
Baseline Rule Compliance Level Unspecified - UNSPECIFIED
- Critical
- CRITICAL
- High
- HIGH
- Informational
- INFORMATIONAL
- Low
- LOW
- Medium
- MEDIUM
- Unspecified
- UNSPECIFIED
- Critical
- CRITICAL
- High
- HIGH
- Informational
- INFORMATIONAL
- Low
- LOW
- Medium
- MEDIUM
- Unspecified
- UNSPECIFIED
- CRITICAL
- CRITICAL
- HIGH
- HIGH
- INFORMATIONAL
- INFORMATIONAL
- LOW
- LOW
- MEDIUM
- MEDIUM
- UNSPECIFIED
- UNSPECIFIED
- "CRITICAL"
- CRITICAL
- "HIGH"
- HIGH
- "INFORMATIONAL"
- INFORMATIONAL
- "LOW"
- LOW
- "MEDIUM"
- MEDIUM
- "UNSPECIFIED"
- UNSPECIFIED
PatchBaselineRuleGroup, PatchBaselineRuleGroupArgs
- Patch
Rules List<Pulumi.Aws Native. Ssm. Inputs. Patch Baseline Rule> - The rules that make up the rule group.
- Patch
Rules []PatchBaseline Rule - The rules that make up the rule group.
- patch
Rules List<PatchBaseline Rule> - The rules that make up the rule group.
- patch
Rules PatchBaseline Rule[] - The rules that make up the rule group.
- patch_
rules Sequence[PatchBaseline Rule] - The rules that make up the rule group.
- patch
Rules List<Property Map> - The rules that make up the rule group.
Tag, TagArgs
Package Details
- Repository
- AWS Native pulumi/pulumi-aws-native
- License
- Apache-2.0
We recommend new projects start with resources from the AWS provider.