AWS Cloud Control v1.26.0, Mar 12 25

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi

pulumi/pulumi-aws-native

aws-native.ssm.getPatchBaseline

Explore with Pulumi AI

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi

pulumi/pulumi-aws-native

Using getPatchBaseline

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getPatchBaseline(args: GetPatchBaselineArgs, opts?: InvokeOptions): Promise<GetPatchBaselineResult>
function getPatchBaselineOutput(args: GetPatchBaselineOutputArgs, opts?: InvokeOptions): Output<GetPatchBaselineResult>

def get_patch_baseline(id: Optional[str] = None,
                       opts: Optional[InvokeOptions] = None) -> GetPatchBaselineResult
def get_patch_baseline_output(id: Optional[pulumi.Input[str]] = None,
                       opts: Optional[InvokeOptions] = None) -> Output[GetPatchBaselineResult]

func LookupPatchBaseline(ctx *Context, args *LookupPatchBaselineArgs, opts ...InvokeOption) (*LookupPatchBaselineResult, error)
func LookupPatchBaselineOutput(ctx *Context, args *LookupPatchBaselineOutputArgs, opts ...InvokeOption) LookupPatchBaselineResultOutput

> Note: This function is named LookupPatchBaseline in the Go SDK.

public static class GetPatchBaseline 
{
    public static Task<GetPatchBaselineResult> InvokeAsync(GetPatchBaselineArgs args, InvokeOptions? opts = null)
    public static Output<GetPatchBaselineResult> Invoke(GetPatchBaselineInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetPatchBaselineResult> getPatchBaseline(GetPatchBaselineArgs args, InvokeOptions options)
public static Output<GetPatchBaselineResult> getPatchBaseline(GetPatchBaselineArgs args, InvokeOptions options)

fn::invoke:
  function: aws-native:ssm:getPatchBaseline
  arguments:
    # arguments dictionary

The following arguments are supported:

Id string: The ID of the patch baseline.

Id string: The ID of the patch baseline.

id String: The ID of the patch baseline.

id string: The ID of the patch baseline.

id str: The ID of the patch baseline.

id String: The ID of the patch baseline.

getPatchBaseline Result

The following output properties are available:

ApprovalRules Pulumi.AwsNative.Ssm.Outputs.PatchBaselineRuleGroup: A set of rules used to include patches in the baseline.
ApprovedPatches List<string>: A list of explicitly approved patches for the baseline.
ApprovedPatchesComplianceLevel Pulumi.AwsNative.Ssm.PatchBaselineApprovedPatchesComplianceLevel: Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. The default value is UNSPECIFIED.
ApprovedPatchesEnableNonSecurity bool: Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is 'false'. Applies to Linux instances only.
DefaultBaseline bool: Set the baseline as default baseline. Only registering to default patch baseline is allowed.
Description string: The description of the patch baseline.
GlobalFilters Pulumi.AwsNative.Ssm.Outputs.PatchBaselinePatchFilterGroup: A set of global filters used to include patches in the baseline.
Id string: The ID of the patch baseline.
Name string: The name of the patch baseline.
PatchGroups List<string>: PatchGroups is used to associate instances with a specific patch baseline
RejectedPatches List<string>: A list of explicitly rejected patches for the baseline.
RejectedPatchesAction Pulumi.AwsNative.Ssm.PatchBaselineRejectedPatchesAction: The action for Patch Manager to take on patches included in the RejectedPackages list.
Sources List<Pulumi.AwsNative.Ssm.Outputs.PatchBaselinePatchSource>: Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
Tags List<Pulumi.AwsNative.Outputs.Tag>: Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways.

ApprovalRules PatchBaselineRuleGroup: A set of rules used to include patches in the baseline.
ApprovedPatches []string: A list of explicitly approved patches for the baseline.
ApprovedPatchesComplianceLevel PatchBaselineApprovedPatchesComplianceLevel: Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. The default value is UNSPECIFIED.
ApprovedPatchesEnableNonSecurity bool: Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is 'false'. Applies to Linux instances only.
DefaultBaseline bool: Set the baseline as default baseline. Only registering to default patch baseline is allowed.
Description string: The description of the patch baseline.
GlobalFilters PatchBaselinePatchFilterGroup: A set of global filters used to include patches in the baseline.
Id string: The ID of the patch baseline.
Name string: The name of the patch baseline.
PatchGroups []string: PatchGroups is used to associate instances with a specific patch baseline
RejectedPatches []string: A list of explicitly rejected patches for the baseline.
RejectedPatchesAction PatchBaselineRejectedPatchesAction: The action for Patch Manager to take on patches included in the RejectedPackages list.
Sources []PatchBaselinePatchSource: Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
Tags Tag: Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways.

approvalRules PatchBaselineRuleGroup: A set of rules used to include patches in the baseline.
approvedPatches List<String>: A list of explicitly approved patches for the baseline.
approvedPatchesComplianceLevel PatchBaselineApprovedPatchesComplianceLevel: Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. The default value is UNSPECIFIED.
approvedPatchesEnableNonSecurity Boolean: Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is 'false'. Applies to Linux instances only.
defaultBaseline Boolean: Set the baseline as default baseline. Only registering to default patch baseline is allowed.
description String: The description of the patch baseline.
globalFilters PatchBaselinePatchFilterGroup: A set of global filters used to include patches in the baseline.
id String: The ID of the patch baseline.
name String: The name of the patch baseline.
patchGroups List<String>: PatchGroups is used to associate instances with a specific patch baseline
rejectedPatches List<String>: A list of explicitly rejected patches for the baseline.
rejectedPatchesAction PatchBaselineRejectedPatchesAction: The action for Patch Manager to take on patches included in the RejectedPackages list.
sources List<PatchBaselinePatchSource>: Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
tags List<Tag>: Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways.

approvalRules PatchBaselineRuleGroup: A set of rules used to include patches in the baseline.
approvedPatches string[]: A list of explicitly approved patches for the baseline.
approvedPatchesComplianceLevel PatchBaselineApprovedPatchesComplianceLevel: Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. The default value is UNSPECIFIED.
approvedPatchesEnableNonSecurity boolean: Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is 'false'. Applies to Linux instances only.
defaultBaseline boolean: Set the baseline as default baseline. Only registering to default patch baseline is allowed.
description string: The description of the patch baseline.
globalFilters PatchBaselinePatchFilterGroup: A set of global filters used to include patches in the baseline.
id string: The ID of the patch baseline.
name string: The name of the patch baseline.
patchGroups string[]: PatchGroups is used to associate instances with a specific patch baseline
rejectedPatches string[]: A list of explicitly rejected patches for the baseline.
rejectedPatchesAction PatchBaselineRejectedPatchesAction: The action for Patch Manager to take on patches included in the RejectedPackages list.
sources PatchBaselinePatchSource[]: Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
tags Tag[]: Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways.

approval_rules PatchBaselineRuleGroup: A set of rules used to include patches in the baseline.
approved_patches Sequence[str]: A list of explicitly approved patches for the baseline.
approved_patches_compliance_level PatchBaselineApprovedPatchesComplianceLevel: Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. The default value is UNSPECIFIED.
approved_patches_enable_non_security bool: Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is 'false'. Applies to Linux instances only.
default_baseline bool: Set the baseline as default baseline. Only registering to default patch baseline is allowed.
description str: The description of the patch baseline.
global_filters PatchBaselinePatchFilterGroup: A set of global filters used to include patches in the baseline.
id str: The ID of the patch baseline.
name str: The name of the patch baseline.
patch_groups Sequence[str]: PatchGroups is used to associate instances with a specific patch baseline
rejected_patches Sequence[str]: A list of explicitly rejected patches for the baseline.
rejected_patches_action PatchBaselineRejectedPatchesAction: The action for Patch Manager to take on patches included in the RejectedPackages list.
sources Sequence[PatchBaselinePatchSource]: Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
tags Sequence[root_Tag]: Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways.

approvalRules Property Map: A set of rules used to include patches in the baseline.
approvedPatches List<String>: A list of explicitly approved patches for the baseline.
approvedPatchesComplianceLevel "CRITICAL" | "HIGH" | "MEDIUM" | "LOW" | "INFORMATIONAL" | "UNSPECIFIED": Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. The default value is UNSPECIFIED.
approvedPatchesEnableNonSecurity Boolean: Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is 'false'. Applies to Linux instances only.
defaultBaseline Boolean: Set the baseline as default baseline. Only registering to default patch baseline is allowed.
description String: The description of the patch baseline.
globalFilters Property Map: A set of global filters used to include patches in the baseline.
id String: The ID of the patch baseline.
name String: The name of the patch baseline.
patchGroups List<String>: PatchGroups is used to associate instances with a specific patch baseline
rejectedPatches List<String>: A list of explicitly rejected patches for the baseline.
rejectedPatchesAction "ALLOW_AS_DEPENDENCY" | "BLOCK": The action for Patch Manager to take on patches included in the RejectedPackages list.
sources List<Property Map>: Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
tags List<Property Map>: Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways.

Supporting Types

PatchBaselineApprovedPatchesComplianceLevel

PatchBaselinePatchFilter

Key Pulumi.AwsNative.Ssm.PatchBaselinePatchFilterKey

The key for the filter.

For information about valid keys, see PatchFilter in the AWS Systems Manager API Reference .

Values List<string>

The value for the filter key.

For information about valid values for each key based on operating system type, see PatchFilter in the AWS Systems Manager API Reference .

Key PatchBaselinePatchFilterKey

The key for the filter.

For information about valid keys, see PatchFilter in the AWS Systems Manager API Reference .

Values []string

The value for the filter key.

For information about valid values for each key based on operating system type, see PatchFilter in the AWS Systems Manager API Reference .

key PatchBaselinePatchFilterKey

The key for the filter.

For information about valid keys, see PatchFilter in the AWS Systems Manager API Reference .

values List<String>

The value for the filter key.

For information about valid values for each key based on operating system type, see PatchFilter in the AWS Systems Manager API Reference .

key PatchBaselinePatchFilterKey

The key for the filter.

For information about valid keys, see PatchFilter in the AWS Systems Manager API Reference .

values string[]

The value for the filter key.

For information about valid values for each key based on operating system type, see PatchFilter in the AWS Systems Manager API Reference .

key PatchBaselinePatchFilterKey

The key for the filter.

For information about valid keys, see PatchFilter in the AWS Systems Manager API Reference .

values Sequence[str]

The value for the filter key.

For information about valid values for each key based on operating system type, see PatchFilter in the AWS Systems Manager API Reference .

The key for the filter.

For information about valid keys, see PatchFilter in the AWS Systems Manager API Reference .

values List<String>

The value for the filter key.

For information about valid values for each key based on operating system type, see PatchFilter in the AWS Systems Manager API Reference .

PatchBaselinePatchFilterGroup

PatchFilters List<Pulumi.AwsNative.Ssm.Inputs.PatchBaselinePatchFilter>: The set of patch filters that make up the group.

PatchFilters []PatchBaselinePatchFilter: The set of patch filters that make up the group.

patchFilters List<PatchBaselinePatchFilter>: The set of patch filters that make up the group.

patchFilters PatchBaselinePatchFilter[]: The set of patch filters that make up the group.

patch_filters Sequence[PatchBaselinePatchFilter]: The set of patch filters that make up the group.

patchFilters List<Property Map>: The set of patch filters that make up the group.

PatchBaselinePatchFilterKey

PatchBaselinePatchSource

Configuration string

The value of the yum repo configuration. For example:

[main]

name=MyCustomRepository

baseurl=https://my-custom-repository

enabled=1

Name string

The name specified to identify the patch source.

Products List<string>

The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter in the AWS Systems Manager API Reference .

Configuration string

The value of the yum repo configuration. For example:

[main]

name=MyCustomRepository

baseurl=https://my-custom-repository

enabled=1

Name string

The name specified to identify the patch source.

Products []string

configuration String

The value of the yum repo configuration. For example:

[main]

name=MyCustomRepository

baseurl=https://my-custom-repository

enabled=1

name String

The name specified to identify the patch source.

products List<String>

configuration string

The value of the yum repo configuration. For example:

[main]

name=MyCustomRepository

baseurl=https://my-custom-repository

enabled=1

name string

The name specified to identify the patch source.

products string[]

configuration str

The value of the yum repo configuration. For example:

[main]

name=MyCustomRepository

baseurl=https://my-custom-repository

enabled=1

name str

The name specified to identify the patch source.

products Sequence[str]

configuration String

The value of the yum repo configuration. For example:

[main]

name=MyCustomRepository

baseurl=https://my-custom-repository

enabled=1

name String

The name specified to identify the patch source.

products List<String>

PatchBaselineRejectedPatchesAction

PatchBaselineRule

ApproveAfterDays int

The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of 7 means that patches are approved seven days after they are released.

This parameter is marked as Required: No , but your request must include a value for either ApproveAfterDays or ApproveUntilDate .

Not supported for Debian Server or Ubuntu Server.

ApproveUntilDate string

The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.

Enter dates in the format YYYY-MM-DD . For example, 2024-12-31 .

This parameter is marked as Required: No , but your request must include a value for either ApproveUntilDate or ApproveAfterDays .

Not supported for Debian Server or Ubuntu Server.

ComplianceLevel Pulumi.AwsNative.Ssm.PatchBaselineRuleComplianceLevel

A compliance severity level for all approved patches in a patch baseline. Valid compliance severity levels include the following: UNSPECIFIED , CRITICAL , HIGH , MEDIUM , LOW , and INFORMATIONAL .

EnableNonSecurity bool

For managed nodes identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is false . Applies to Linux managed nodes only.

PatchFilterGroup Pulumi.AwsNative.Ssm.Inputs.PatchBaselinePatchFilterGroup

The patch filter group that defines the criteria for the rule.

ApproveAfterDays int

This parameter is marked as Required: No , but your request must include a value for either ApproveAfterDays or ApproveUntilDate .

Not supported for Debian Server or Ubuntu Server.

ApproveUntilDate string

The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.

Enter dates in the format YYYY-MM-DD . For example, 2024-12-31 .

This parameter is marked as Required: No , but your request must include a value for either ApproveUntilDate or ApproveAfterDays .

Not supported for Debian Server or Ubuntu Server.

ComplianceLevel PatchBaselineRuleComplianceLevel

EnableNonSecurity bool

PatchFilterGroup PatchBaselinePatchFilterGroup

The patch filter group that defines the criteria for the rule.

approveAfterDays Integer

This parameter is marked as Required: No , but your request must include a value for either ApproveAfterDays or ApproveUntilDate .

Not supported for Debian Server or Ubuntu Server.

approveUntilDate String

The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.

Enter dates in the format YYYY-MM-DD . For example, 2024-12-31 .

This parameter is marked as Required: No , but your request must include a value for either ApproveUntilDate or ApproveAfterDays .

Not supported for Debian Server or Ubuntu Server.

complianceLevel PatchBaselineRuleComplianceLevel

enableNonSecurity Boolean

patchFilterGroup PatchBaselinePatchFilterGroup

The patch filter group that defines the criteria for the rule.

approveAfterDays number

This parameter is marked as Required: No , but your request must include a value for either ApproveAfterDays or ApproveUntilDate .

Not supported for Debian Server or Ubuntu Server.

approveUntilDate string

The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.

Enter dates in the format YYYY-MM-DD . For example, 2024-12-31 .

This parameter is marked as Required: No , but your request must include a value for either ApproveUntilDate or ApproveAfterDays .

Not supported for Debian Server or Ubuntu Server.

complianceLevel PatchBaselineRuleComplianceLevel

enableNonSecurity boolean

patchFilterGroup PatchBaselinePatchFilterGroup

The patch filter group that defines the criteria for the rule.

approve_after_days int

This parameter is marked as Required: No , but your request must include a value for either ApproveAfterDays or ApproveUntilDate .

Not supported for Debian Server or Ubuntu Server.

approve_until_date str

The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.

Enter dates in the format YYYY-MM-DD . For example, 2024-12-31 .

This parameter is marked as Required: No , but your request must include a value for either ApproveUntilDate or ApproveAfterDays .

Not supported for Debian Server or Ubuntu Server.

compliance_level PatchBaselineRuleComplianceLevel

enable_non_security bool

patch_filter_group PatchBaselinePatchFilterGroup

The patch filter group that defines the criteria for the rule.

approveAfterDays Number

This parameter is marked as Required: No , but your request must include a value for either ApproveAfterDays or ApproveUntilDate .

Not supported for Debian Server or Ubuntu Server.

approveUntilDate String

The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.

Enter dates in the format YYYY-MM-DD . For example, 2024-12-31 .

This parameter is marked as Required: No , but your request must include a value for either ApproveUntilDate or ApproveAfterDays .

Not supported for Debian Server or Ubuntu Server.

enableNonSecurity Boolean

patchFilterGroup Property Map

The patch filter group that defines the criteria for the rule.

PatchBaselineRuleComplianceLevel

PatchBaselineRuleGroup

PatchRules List<Pulumi.AwsNative.Ssm.Inputs.PatchBaselineRule>: The rules that make up the rule group.

PatchRules []PatchBaselineRule: The rules that make up the rule group.

patchRules List<PatchBaselineRule>: The rules that make up the rule group.

patchRules PatchBaselineRule[]: The rules that make up the rule group.

patch_rules Sequence[PatchBaselineRule]: The rules that make up the rule group.

patchRules List<Property Map>: The rules that make up the rule group.

Package Details

Repository: AWS Native pulumi/pulumi-aws-native
License: Apache-2.0

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi

pulumi/pulumi-aws-native

aws-native.ssm.getPatchBaseline

On this page

On this page

Using getPatchBaseline

getPatchBaseline Result

Supporting Types

PatchBaselineApprovedPatchesComplianceLevel

PatchBaselinePatchFilter

PatchBaselinePatchFilterGroup

PatchBaselinePatchFilterKey

PatchBaselinePatchSource

PatchBaselineRejectedPatchesAction

PatchBaselineRule

PatchBaselineRuleComplianceLevel

PatchBaselineRuleGroup

Tag

Package Details

On this page

On this page