1. Packages
  2. AWS Cloud Control
  3. API Docs
  4. ssm
  5. PatchBaseline

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi

aws-native.ssm.PatchBaseline

Explore with Pulumi AI

aws-native logo

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi

    Resource Type definition for AWS::SSM::PatchBaseline

    Example Usage

    Example

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AwsNative = Pulumi.AwsNative;
    
    return await Deployment.RunAsync(() => 
    {
        var myPatchBaseline = new AwsNative.Ssm.PatchBaseline("myPatchBaseline", new()
        {
            Name = "myPatchBaseline",
            Description = "Baseline containing all updates approved for Windows instances",
            OperatingSystem = AwsNative.Ssm.PatchBaselineOperatingSystem.Windows,
            PatchGroups = new[]
            {
                "myPatchGroup",
            },
            ApprovalRules = new AwsNative.Ssm.Inputs.PatchBaselineRuleGroupArgs
            {
                PatchRules = new[]
                {
                    new AwsNative.Ssm.Inputs.PatchBaselineRuleArgs
                    {
                        PatchFilterGroup = new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterGroupArgs
                        {
                            PatchFilters = new[]
                            {
                                new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
                                {
                                    Values = new[]
                                    {
                                        "Critical",
                                        "Important",
                                        "Moderate",
                                    },
                                    Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.MsrcSeverity,
                                },
                                new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
                                {
                                    Values = new[]
                                    {
                                        "SecurityUpdates",
                                        "CriticalUpdates",
                                    },
                                    Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.Classification,
                                },
                                new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
                                {
                                    Values = new[]
                                    {
                                        "WindowsServer2019",
                                    },
                                    Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.Product,
                                },
                            },
                        },
                        ApproveAfterDays = 7,
                        ComplianceLevel = AwsNative.Ssm.PatchBaselineRuleComplianceLevel.Critical,
                    },
                    new AwsNative.Ssm.Inputs.PatchBaselineRuleArgs
                    {
                        PatchFilterGroup = new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterGroupArgs
                        {
                            PatchFilters = new[]
                            {
                                new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
                                {
                                    Values = new[]
                                    {
                                        "Critical",
                                        "Important",
                                        "Moderate",
                                    },
                                    Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.MsrcSeverity,
                                },
                                new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
                                {
                                    Values = new[]
                                    {
                                        "*",
                                    },
                                    Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.Classification,
                                },
                                new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
                                {
                                    Values = new[]
                                    {
                                        "APPLICATION",
                                    },
                                    Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.PatchSet,
                                },
                                new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
                                {
                                    Values = new[]
                                    {
                                        "Active Directory Rights Management Services Client 2.0",
                                    },
                                    Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.Product,
                                },
                                new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
                                {
                                    Values = new[]
                                    {
                                        "Active Directory",
                                    },
                                    Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.ProductFamily,
                                },
                            },
                        },
                        ApproveAfterDays = 7,
                        ComplianceLevel = AwsNative.Ssm.PatchBaselineRuleComplianceLevel.Critical,
                    },
                },
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/ssm"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := ssm.NewPatchBaseline(ctx, "myPatchBaseline", &ssm.PatchBaselineArgs{
    			Name:            pulumi.String("myPatchBaseline"),
    			Description:     pulumi.String("Baseline containing all updates approved for Windows instances"),
    			OperatingSystem: ssm.PatchBaselineOperatingSystemWindows,
    			PatchGroups: pulumi.StringArray{
    				pulumi.String("myPatchGroup"),
    			},
    			ApprovalRules: &ssm.PatchBaselineRuleGroupArgs{
    				PatchRules: ssm.PatchBaselineRuleArray{
    					&ssm.PatchBaselineRuleArgs{
    						PatchFilterGroup: &ssm.PatchBaselinePatchFilterGroupArgs{
    							PatchFilters: ssm.PatchBaselinePatchFilterArray{
    								&ssm.PatchBaselinePatchFilterArgs{
    									Values: pulumi.StringArray{
    										pulumi.String("Critical"),
    										pulumi.String("Important"),
    										pulumi.String("Moderate"),
    									},
    									Key: ssm.PatchBaselinePatchFilterKeyMsrcSeverity,
    								},
    								&ssm.PatchBaselinePatchFilterArgs{
    									Values: pulumi.StringArray{
    										pulumi.String("SecurityUpdates"),
    										pulumi.String("CriticalUpdates"),
    									},
    									Key: ssm.PatchBaselinePatchFilterKeyClassification,
    								},
    								&ssm.PatchBaselinePatchFilterArgs{
    									Values: pulumi.StringArray{
    										pulumi.String("WindowsServer2019"),
    									},
    									Key: ssm.PatchBaselinePatchFilterKeyProduct,
    								},
    							},
    						},
    						ApproveAfterDays: pulumi.Int(7),
    						ComplianceLevel:  ssm.PatchBaselineRuleComplianceLevelCritical,
    					},
    					&ssm.PatchBaselineRuleArgs{
    						PatchFilterGroup: &ssm.PatchBaselinePatchFilterGroupArgs{
    							PatchFilters: ssm.PatchBaselinePatchFilterArray{
    								&ssm.PatchBaselinePatchFilterArgs{
    									Values: pulumi.StringArray{
    										pulumi.String("Critical"),
    										pulumi.String("Important"),
    										pulumi.String("Moderate"),
    									},
    									Key: ssm.PatchBaselinePatchFilterKeyMsrcSeverity,
    								},
    								&ssm.PatchBaselinePatchFilterArgs{
    									Values: pulumi.StringArray{
    										pulumi.String("*"),
    									},
    									Key: ssm.PatchBaselinePatchFilterKeyClassification,
    								},
    								&ssm.PatchBaselinePatchFilterArgs{
    									Values: pulumi.StringArray{
    										pulumi.String("APPLICATION"),
    									},
    									Key: ssm.PatchBaselinePatchFilterKeyPatchSet,
    								},
    								&ssm.PatchBaselinePatchFilterArgs{
    									Values: pulumi.StringArray{
    										pulumi.String("Active Directory Rights Management Services Client 2.0"),
    									},
    									Key: ssm.PatchBaselinePatchFilterKeyProduct,
    								},
    								&ssm.PatchBaselinePatchFilterArgs{
    									Values: pulumi.StringArray{
    										pulumi.String("Active Directory"),
    									},
    									Key: ssm.PatchBaselinePatchFilterKeyProductFamily,
    								},
    							},
    						},
    						ApproveAfterDays: pulumi.Int(7),
    						ComplianceLevel:  ssm.PatchBaselineRuleComplianceLevelCritical,
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    

    Coming soon!

    import pulumi
    import pulumi_aws_native as aws_native
    
    my_patch_baseline = aws_native.ssm.PatchBaseline("myPatchBaseline",
        name="myPatchBaseline",
        description="Baseline containing all updates approved for Windows instances",
        operating_system=aws_native.ssm.PatchBaselineOperatingSystem.WINDOWS,
        patch_groups=["myPatchGroup"],
        approval_rules={
            "patch_rules": [
                {
                    "patch_filter_group": {
                        "patch_filters": [
                            {
                                "values": [
                                    "Critical",
                                    "Important",
                                    "Moderate",
                                ],
                                "key": aws_native.ssm.PatchBaselinePatchFilterKey.MSRC_SEVERITY,
                            },
                            {
                                "values": [
                                    "SecurityUpdates",
                                    "CriticalUpdates",
                                ],
                                "key": aws_native.ssm.PatchBaselinePatchFilterKey.CLASSIFICATION,
                            },
                            {
                                "values": ["WindowsServer2019"],
                                "key": aws_native.ssm.PatchBaselinePatchFilterKey.PRODUCT,
                            },
                        ],
                    },
                    "approve_after_days": 7,
                    "compliance_level": aws_native.ssm.PatchBaselineRuleComplianceLevel.CRITICAL,
                },
                {
                    "patch_filter_group": {
                        "patch_filters": [
                            {
                                "values": [
                                    "Critical",
                                    "Important",
                                    "Moderate",
                                ],
                                "key": aws_native.ssm.PatchBaselinePatchFilterKey.MSRC_SEVERITY,
                            },
                            {
                                "values": ["*"],
                                "key": aws_native.ssm.PatchBaselinePatchFilterKey.CLASSIFICATION,
                            },
                            {
                                "values": ["APPLICATION"],
                                "key": aws_native.ssm.PatchBaselinePatchFilterKey.PATCH_SET,
                            },
                            {
                                "values": ["Active Directory Rights Management Services Client 2.0"],
                                "key": aws_native.ssm.PatchBaselinePatchFilterKey.PRODUCT,
                            },
                            {
                                "values": ["Active Directory"],
                                "key": aws_native.ssm.PatchBaselinePatchFilterKey.PRODUCT_FAMILY,
                            },
                        ],
                    },
                    "approve_after_days": 7,
                    "compliance_level": aws_native.ssm.PatchBaselineRuleComplianceLevel.CRITICAL,
                },
            ],
        })
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws_native from "@pulumi/aws-native";
    
    const myPatchBaseline = new aws_native.ssm.PatchBaseline("myPatchBaseline", {
        name: "myPatchBaseline",
        description: "Baseline containing all updates approved for Windows instances",
        operatingSystem: aws_native.ssm.PatchBaselineOperatingSystem.Windows,
        patchGroups: ["myPatchGroup"],
        approvalRules: {
            patchRules: [
                {
                    patchFilterGroup: {
                        patchFilters: [
                            {
                                values: [
                                    "Critical",
                                    "Important",
                                    "Moderate",
                                ],
                                key: aws_native.ssm.PatchBaselinePatchFilterKey.MsrcSeverity,
                            },
                            {
                                values: [
                                    "SecurityUpdates",
                                    "CriticalUpdates",
                                ],
                                key: aws_native.ssm.PatchBaselinePatchFilterKey.Classification,
                            },
                            {
                                values: ["WindowsServer2019"],
                                key: aws_native.ssm.PatchBaselinePatchFilterKey.Product,
                            },
                        ],
                    },
                    approveAfterDays: 7,
                    complianceLevel: aws_native.ssm.PatchBaselineRuleComplianceLevel.Critical,
                },
                {
                    patchFilterGroup: {
                        patchFilters: [
                            {
                                values: [
                                    "Critical",
                                    "Important",
                                    "Moderate",
                                ],
                                key: aws_native.ssm.PatchBaselinePatchFilterKey.MsrcSeverity,
                            },
                            {
                                values: ["*"],
                                key: aws_native.ssm.PatchBaselinePatchFilterKey.Classification,
                            },
                            {
                                values: ["APPLICATION"],
                                key: aws_native.ssm.PatchBaselinePatchFilterKey.PatchSet,
                            },
                            {
                                values: ["Active Directory Rights Management Services Client 2.0"],
                                key: aws_native.ssm.PatchBaselinePatchFilterKey.Product,
                            },
                            {
                                values: ["Active Directory"],
                                key: aws_native.ssm.PatchBaselinePatchFilterKey.ProductFamily,
                            },
                        ],
                    },
                    approveAfterDays: 7,
                    complianceLevel: aws_native.ssm.PatchBaselineRuleComplianceLevel.Critical,
                },
            ],
        },
    });
    

    Coming soon!

    Example

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AwsNative = Pulumi.AwsNative;
    
    return await Deployment.RunAsync(() => 
    {
        var myPatchBaseline = new AwsNative.Ssm.PatchBaseline("myPatchBaseline", new()
        {
            Name = "myPatchBaseline",
            Description = "Baseline containing all updates approved for Windows instances",
            OperatingSystem = AwsNative.Ssm.PatchBaselineOperatingSystem.Windows,
            PatchGroups = new[]
            {
                "myPatchGroup",
            },
            ApprovalRules = new AwsNative.Ssm.Inputs.PatchBaselineRuleGroupArgs
            {
                PatchRules = new[]
                {
                    new AwsNative.Ssm.Inputs.PatchBaselineRuleArgs
                    {
                        PatchFilterGroup = new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterGroupArgs
                        {
                            PatchFilters = new[]
                            {
                                new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
                                {
                                    Values = new[]
                                    {
                                        "Critical",
                                        "Important",
                                        "Moderate",
                                    },
                                    Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.MsrcSeverity,
                                },
                                new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
                                {
                                    Values = new[]
                                    {
                                        "SecurityUpdates",
                                        "CriticalUpdates",
                                    },
                                    Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.Classification,
                                },
                                new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
                                {
                                    Values = new[]
                                    {
                                        "WindowsServer2019",
                                    },
                                    Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.Product,
                                },
                            },
                        },
                        ApproveAfterDays = 7,
                        ComplianceLevel = AwsNative.Ssm.PatchBaselineRuleComplianceLevel.Critical,
                    },
                    new AwsNative.Ssm.Inputs.PatchBaselineRuleArgs
                    {
                        PatchFilterGroup = new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterGroupArgs
                        {
                            PatchFilters = new[]
                            {
                                new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
                                {
                                    Values = new[]
                                    {
                                        "Critical",
                                        "Important",
                                        "Moderate",
                                    },
                                    Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.MsrcSeverity,
                                },
                                new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
                                {
                                    Values = new[]
                                    {
                                        "*",
                                    },
                                    Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.Classification,
                                },
                                new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
                                {
                                    Values = new[]
                                    {
                                        "APPLICATION",
                                    },
                                    Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.PatchSet,
                                },
                                new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
                                {
                                    Values = new[]
                                    {
                                        "Active Directory Rights Management Services Client 2.0",
                                    },
                                    Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.Product,
                                },
                                new AwsNative.Ssm.Inputs.PatchBaselinePatchFilterArgs
                                {
                                    Values = new[]
                                    {
                                        "Active Directory",
                                    },
                                    Key = AwsNative.Ssm.PatchBaselinePatchFilterKey.ProductFamily,
                                },
                            },
                        },
                        ApproveAfterDays = 7,
                        ComplianceLevel = AwsNative.Ssm.PatchBaselineRuleComplianceLevel.Critical,
                    },
                },
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/ssm"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := ssm.NewPatchBaseline(ctx, "myPatchBaseline", &ssm.PatchBaselineArgs{
    			Name:            pulumi.String("myPatchBaseline"),
    			Description:     pulumi.String("Baseline containing all updates approved for Windows instances"),
    			OperatingSystem: ssm.PatchBaselineOperatingSystemWindows,
    			PatchGroups: pulumi.StringArray{
    				pulumi.String("myPatchGroup"),
    			},
    			ApprovalRules: &ssm.PatchBaselineRuleGroupArgs{
    				PatchRules: ssm.PatchBaselineRuleArray{
    					&ssm.PatchBaselineRuleArgs{
    						PatchFilterGroup: &ssm.PatchBaselinePatchFilterGroupArgs{
    							PatchFilters: ssm.PatchBaselinePatchFilterArray{
    								&ssm.PatchBaselinePatchFilterArgs{
    									Values: pulumi.StringArray{
    										pulumi.String("Critical"),
    										pulumi.String("Important"),
    										pulumi.String("Moderate"),
    									},
    									Key: ssm.PatchBaselinePatchFilterKeyMsrcSeverity,
    								},
    								&ssm.PatchBaselinePatchFilterArgs{
    									Values: pulumi.StringArray{
    										pulumi.String("SecurityUpdates"),
    										pulumi.String("CriticalUpdates"),
    									},
    									Key: ssm.PatchBaselinePatchFilterKeyClassification,
    								},
    								&ssm.PatchBaselinePatchFilterArgs{
    									Values: pulumi.StringArray{
    										pulumi.String("WindowsServer2019"),
    									},
    									Key: ssm.PatchBaselinePatchFilterKeyProduct,
    								},
    							},
    						},
    						ApproveAfterDays: pulumi.Int(7),
    						ComplianceLevel:  ssm.PatchBaselineRuleComplianceLevelCritical,
    					},
    					&ssm.PatchBaselineRuleArgs{
    						PatchFilterGroup: &ssm.PatchBaselinePatchFilterGroupArgs{
    							PatchFilters: ssm.PatchBaselinePatchFilterArray{
    								&ssm.PatchBaselinePatchFilterArgs{
    									Values: pulumi.StringArray{
    										pulumi.String("Critical"),
    										pulumi.String("Important"),
    										pulumi.String("Moderate"),
    									},
    									Key: ssm.PatchBaselinePatchFilterKeyMsrcSeverity,
    								},
    								&ssm.PatchBaselinePatchFilterArgs{
    									Values: pulumi.StringArray{
    										pulumi.String("*"),
    									},
    									Key: ssm.PatchBaselinePatchFilterKeyClassification,
    								},
    								&ssm.PatchBaselinePatchFilterArgs{
    									Values: pulumi.StringArray{
    										pulumi.String("APPLICATION"),
    									},
    									Key: ssm.PatchBaselinePatchFilterKeyPatchSet,
    								},
    								&ssm.PatchBaselinePatchFilterArgs{
    									Values: pulumi.StringArray{
    										pulumi.String("Active Directory Rights Management Services Client 2.0"),
    									},
    									Key: ssm.PatchBaselinePatchFilterKeyProduct,
    								},
    								&ssm.PatchBaselinePatchFilterArgs{
    									Values: pulumi.StringArray{
    										pulumi.String("Active Directory"),
    									},
    									Key: ssm.PatchBaselinePatchFilterKeyProductFamily,
    								},
    							},
    						},
    						ApproveAfterDays: pulumi.Int(7),
    						ComplianceLevel:  ssm.PatchBaselineRuleComplianceLevelCritical,
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    

    Coming soon!

    import pulumi
    import pulumi_aws_native as aws_native
    
    my_patch_baseline = aws_native.ssm.PatchBaseline("myPatchBaseline",
        name="myPatchBaseline",
        description="Baseline containing all updates approved for Windows instances",
        operating_system=aws_native.ssm.PatchBaselineOperatingSystem.WINDOWS,
        patch_groups=["myPatchGroup"],
        approval_rules={
            "patch_rules": [
                {
                    "patch_filter_group": {
                        "patch_filters": [
                            {
                                "values": [
                                    "Critical",
                                    "Important",
                                    "Moderate",
                                ],
                                "key": aws_native.ssm.PatchBaselinePatchFilterKey.MSRC_SEVERITY,
                            },
                            {
                                "values": [
                                    "SecurityUpdates",
                                    "CriticalUpdates",
                                ],
                                "key": aws_native.ssm.PatchBaselinePatchFilterKey.CLASSIFICATION,
                            },
                            {
                                "values": ["WindowsServer2019"],
                                "key": aws_native.ssm.PatchBaselinePatchFilterKey.PRODUCT,
                            },
                        ],
                    },
                    "approve_after_days": 7,
                    "compliance_level": aws_native.ssm.PatchBaselineRuleComplianceLevel.CRITICAL,
                },
                {
                    "patch_filter_group": {
                        "patch_filters": [
                            {
                                "values": [
                                    "Critical",
                                    "Important",
                                    "Moderate",
                                ],
                                "key": aws_native.ssm.PatchBaselinePatchFilterKey.MSRC_SEVERITY,
                            },
                            {
                                "values": ["*"],
                                "key": aws_native.ssm.PatchBaselinePatchFilterKey.CLASSIFICATION,
                            },
                            {
                                "values": ["APPLICATION"],
                                "key": aws_native.ssm.PatchBaselinePatchFilterKey.PATCH_SET,
                            },
                            {
                                "values": ["Active Directory Rights Management Services Client 2.0"],
                                "key": aws_native.ssm.PatchBaselinePatchFilterKey.PRODUCT,
                            },
                            {
                                "values": ["Active Directory"],
                                "key": aws_native.ssm.PatchBaselinePatchFilterKey.PRODUCT_FAMILY,
                            },
                        ],
                    },
                    "approve_after_days": 7,
                    "compliance_level": aws_native.ssm.PatchBaselineRuleComplianceLevel.CRITICAL,
                },
            ],
        })
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws_native from "@pulumi/aws-native";
    
    const myPatchBaseline = new aws_native.ssm.PatchBaseline("myPatchBaseline", {
        name: "myPatchBaseline",
        description: "Baseline containing all updates approved for Windows instances",
        operatingSystem: aws_native.ssm.PatchBaselineOperatingSystem.Windows,
        patchGroups: ["myPatchGroup"],
        approvalRules: {
            patchRules: [
                {
                    patchFilterGroup: {
                        patchFilters: [
                            {
                                values: [
                                    "Critical",
                                    "Important",
                                    "Moderate",
                                ],
                                key: aws_native.ssm.PatchBaselinePatchFilterKey.MsrcSeverity,
                            },
                            {
                                values: [
                                    "SecurityUpdates",
                                    "CriticalUpdates",
                                ],
                                key: aws_native.ssm.PatchBaselinePatchFilterKey.Classification,
                            },
                            {
                                values: ["WindowsServer2019"],
                                key: aws_native.ssm.PatchBaselinePatchFilterKey.Product,
                            },
                        ],
                    },
                    approveAfterDays: 7,
                    complianceLevel: aws_native.ssm.PatchBaselineRuleComplianceLevel.Critical,
                },
                {
                    patchFilterGroup: {
                        patchFilters: [
                            {
                                values: [
                                    "Critical",
                                    "Important",
                                    "Moderate",
                                ],
                                key: aws_native.ssm.PatchBaselinePatchFilterKey.MsrcSeverity,
                            },
                            {
                                values: ["*"],
                                key: aws_native.ssm.PatchBaselinePatchFilterKey.Classification,
                            },
                            {
                                values: ["APPLICATION"],
                                key: aws_native.ssm.PatchBaselinePatchFilterKey.PatchSet,
                            },
                            {
                                values: ["Active Directory Rights Management Services Client 2.0"],
                                key: aws_native.ssm.PatchBaselinePatchFilterKey.Product,
                            },
                            {
                                values: ["Active Directory"],
                                key: aws_native.ssm.PatchBaselinePatchFilterKey.ProductFamily,
                            },
                        ],
                    },
                    approveAfterDays: 7,
                    complianceLevel: aws_native.ssm.PatchBaselineRuleComplianceLevel.Critical,
                },
            ],
        },
    });
    

    Coming soon!

    Create PatchBaseline Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new PatchBaseline(name: string, args?: PatchBaselineArgs, opts?: CustomResourceOptions);
    @overload
    def PatchBaseline(resource_name: str,
                      args: Optional[PatchBaselineArgs] = None,
                      opts: Optional[ResourceOptions] = None)
    
    @overload
    def PatchBaseline(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      approval_rules: Optional[PatchBaselineRuleGroupArgs] = None,
                      approved_patches: Optional[Sequence[str]] = None,
                      approved_patches_compliance_level: Optional[PatchBaselineApprovedPatchesComplianceLevel] = None,
                      approved_patches_enable_non_security: Optional[bool] = None,
                      default_baseline: Optional[bool] = None,
                      description: Optional[str] = None,
                      global_filters: Optional[PatchBaselinePatchFilterGroupArgs] = None,
                      name: Optional[str] = None,
                      operating_system: Optional[PatchBaselineOperatingSystem] = None,
                      patch_groups: Optional[Sequence[str]] = None,
                      rejected_patches: Optional[Sequence[str]] = None,
                      rejected_patches_action: Optional[PatchBaselineRejectedPatchesAction] = None,
                      sources: Optional[Sequence[PatchBaselinePatchSourceArgs]] = None,
                      tags: Optional[Sequence[_root_inputs.TagArgs]] = None)
    func NewPatchBaseline(ctx *Context, name string, args *PatchBaselineArgs, opts ...ResourceOption) (*PatchBaseline, error)
    public PatchBaseline(string name, PatchBaselineArgs? args = null, CustomResourceOptions? opts = null)
    public PatchBaseline(String name, PatchBaselineArgs args)
    public PatchBaseline(String name, PatchBaselineArgs args, CustomResourceOptions options)
    
    type: aws-native:ssm:PatchBaseline
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args PatchBaselineArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args PatchBaselineArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args PatchBaselineArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args PatchBaselineArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args PatchBaselineArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    PatchBaseline Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The PatchBaseline resource accepts the following input properties:

    ApprovalRules Pulumi.AwsNative.Ssm.Inputs.PatchBaselineRuleGroup
    A set of rules used to include patches in the baseline.
    ApprovedPatches List<string>
    A list of explicitly approved patches for the baseline.
    ApprovedPatchesComplianceLevel Pulumi.AwsNative.Ssm.PatchBaselineApprovedPatchesComplianceLevel
    Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. The default value is UNSPECIFIED.
    ApprovedPatchesEnableNonSecurity bool
    Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is 'false'. Applies to Linux instances only.
    DefaultBaseline bool
    Set the baseline as default baseline. Only registering to default patch baseline is allowed.
    Description string
    The description of the patch baseline.
    GlobalFilters Pulumi.AwsNative.Ssm.Inputs.PatchBaselinePatchFilterGroup
    A set of global filters used to include patches in the baseline.
    Name string
    The name of the patch baseline.
    OperatingSystem Pulumi.AwsNative.Ssm.PatchBaselineOperatingSystem
    Defines the operating system the patch baseline applies to. The Default value is WINDOWS.
    PatchGroups List<string>
    PatchGroups is used to associate instances with a specific patch baseline
    RejectedPatches List<string>
    A list of explicitly rejected patches for the baseline.
    RejectedPatchesAction Pulumi.AwsNative.Ssm.PatchBaselineRejectedPatchesAction
    The action for Patch Manager to take on patches included in the RejectedPackages list.
    Sources List<Pulumi.AwsNative.Ssm.Inputs.PatchBaselinePatchSource>
    Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
    Tags List<Pulumi.AwsNative.Inputs.Tag>
    Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways.
    ApprovalRules PatchBaselineRuleGroupArgs
    A set of rules used to include patches in the baseline.
    ApprovedPatches []string
    A list of explicitly approved patches for the baseline.
    ApprovedPatchesComplianceLevel PatchBaselineApprovedPatchesComplianceLevel
    Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. The default value is UNSPECIFIED.
    ApprovedPatchesEnableNonSecurity bool
    Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is 'false'. Applies to Linux instances only.
    DefaultBaseline bool
    Set the baseline as default baseline. Only registering to default patch baseline is allowed.
    Description string
    The description of the patch baseline.
    GlobalFilters PatchBaselinePatchFilterGroupArgs
    A set of global filters used to include patches in the baseline.
    Name string
    The name of the patch baseline.
    OperatingSystem PatchBaselineOperatingSystem
    Defines the operating system the patch baseline applies to. The Default value is WINDOWS.
    PatchGroups []string
    PatchGroups is used to associate instances with a specific patch baseline
    RejectedPatches []string
    A list of explicitly rejected patches for the baseline.
    RejectedPatchesAction PatchBaselineRejectedPatchesAction
    The action for Patch Manager to take on patches included in the RejectedPackages list.
    Sources []PatchBaselinePatchSourceArgs
    Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
    Tags TagArgs
    Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways.
    approvalRules PatchBaselineRuleGroup
    A set of rules used to include patches in the baseline.
    approvedPatches List<String>
    A list of explicitly approved patches for the baseline.
    approvedPatchesComplianceLevel PatchBaselineApprovedPatchesComplianceLevel
    Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. The default value is UNSPECIFIED.
    approvedPatchesEnableNonSecurity Boolean
    Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is 'false'. Applies to Linux instances only.
    defaultBaseline Boolean
    Set the baseline as default baseline. Only registering to default patch baseline is allowed.
    description String
    The description of the patch baseline.
    globalFilters PatchBaselinePatchFilterGroup
    A set of global filters used to include patches in the baseline.
    name String
    The name of the patch baseline.
    operatingSystem PatchBaselineOperatingSystem
    Defines the operating system the patch baseline applies to. The Default value is WINDOWS.
    patchGroups List<String>
    PatchGroups is used to associate instances with a specific patch baseline
    rejectedPatches List<String>
    A list of explicitly rejected patches for the baseline.
    rejectedPatchesAction PatchBaselineRejectedPatchesAction
    The action for Patch Manager to take on patches included in the RejectedPackages list.
    sources List<PatchBaselinePatchSource>
    Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
    tags List<Tag>
    Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways.
    approvalRules PatchBaselineRuleGroup
    A set of rules used to include patches in the baseline.
    approvedPatches string[]
    A list of explicitly approved patches for the baseline.
    approvedPatchesComplianceLevel PatchBaselineApprovedPatchesComplianceLevel
    Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. The default value is UNSPECIFIED.
    approvedPatchesEnableNonSecurity boolean
    Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is 'false'. Applies to Linux instances only.
    defaultBaseline boolean
    Set the baseline as default baseline. Only registering to default patch baseline is allowed.
    description string
    The description of the patch baseline.
    globalFilters PatchBaselinePatchFilterGroup
    A set of global filters used to include patches in the baseline.
    name string
    The name of the patch baseline.
    operatingSystem PatchBaselineOperatingSystem
    Defines the operating system the patch baseline applies to. The Default value is WINDOWS.
    patchGroups string[]
    PatchGroups is used to associate instances with a specific patch baseline
    rejectedPatches string[]
    A list of explicitly rejected patches for the baseline.
    rejectedPatchesAction PatchBaselineRejectedPatchesAction
    The action for Patch Manager to take on patches included in the RejectedPackages list.
    sources PatchBaselinePatchSource[]
    Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
    tags Tag[]
    Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways.
    approval_rules PatchBaselineRuleGroupArgs
    A set of rules used to include patches in the baseline.
    approved_patches Sequence[str]
    A list of explicitly approved patches for the baseline.
    approved_patches_compliance_level PatchBaselineApprovedPatchesComplianceLevel
    Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. The default value is UNSPECIFIED.
    approved_patches_enable_non_security bool
    Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is 'false'. Applies to Linux instances only.
    default_baseline bool
    Set the baseline as default baseline. Only registering to default patch baseline is allowed.
    description str
    The description of the patch baseline.
    global_filters PatchBaselinePatchFilterGroupArgs
    A set of global filters used to include patches in the baseline.
    name str
    The name of the patch baseline.
    operating_system PatchBaselineOperatingSystem
    Defines the operating system the patch baseline applies to. The Default value is WINDOWS.
    patch_groups Sequence[str]
    PatchGroups is used to associate instances with a specific patch baseline
    rejected_patches Sequence[str]
    A list of explicitly rejected patches for the baseline.
    rejected_patches_action PatchBaselineRejectedPatchesAction
    The action for Patch Manager to take on patches included in the RejectedPackages list.
    sources Sequence[PatchBaselinePatchSourceArgs]
    Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
    tags Sequence[TagArgs]
    Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways.
    approvalRules Property Map
    A set of rules used to include patches in the baseline.
    approvedPatches List<String>
    A list of explicitly approved patches for the baseline.
    approvedPatchesComplianceLevel "CRITICAL" | "HIGH" | "MEDIUM" | "LOW" | "INFORMATIONAL" | "UNSPECIFIED"
    Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. The default value is UNSPECIFIED.
    approvedPatchesEnableNonSecurity Boolean
    Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is 'false'. Applies to Linux instances only.
    defaultBaseline Boolean
    Set the baseline as default baseline. Only registering to default patch baseline is allowed.
    description String
    The description of the patch baseline.
    globalFilters Property Map
    A set of global filters used to include patches in the baseline.
    name String
    The name of the patch baseline.
    operatingSystem "WINDOWS" | "AMAZON_LINUX" | "AMAZON_LINUX_2" | "AMAZON_LINUX_2022" | "AMAZON_LINUX_2023" | "UBUNTU" | "REDHAT_ENTERPRISE_LINUX" | "SUSE" | "CENTOS" | "ORACLE_LINUX" | "DEBIAN" | "MACOS" | "RASPBIAN" | "ROCKY_LINUX" | "ALMA_LINUX"
    Defines the operating system the patch baseline applies to. The Default value is WINDOWS.
    patchGroups List<String>
    PatchGroups is used to associate instances with a specific patch baseline
    rejectedPatches List<String>
    A list of explicitly rejected patches for the baseline.
    rejectedPatchesAction "ALLOW_AS_DEPENDENCY" | "BLOCK"
    The action for Patch Manager to take on patches included in the RejectedPackages list.
    sources List<Property Map>
    Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
    tags List<Property Map>
    Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the PatchBaseline resource produces the following output properties:

    AwsId string
    The ID of the patch baseline.
    Id string
    The provider-assigned unique ID for this managed resource.
    AwsId string
    The ID of the patch baseline.
    Id string
    The provider-assigned unique ID for this managed resource.
    awsId String
    The ID of the patch baseline.
    id String
    The provider-assigned unique ID for this managed resource.
    awsId string
    The ID of the patch baseline.
    id string
    The provider-assigned unique ID for this managed resource.
    aws_id str
    The ID of the patch baseline.
    id str
    The provider-assigned unique ID for this managed resource.
    awsId String
    The ID of the patch baseline.
    id String
    The provider-assigned unique ID for this managed resource.

    Supporting Types

    PatchBaselineApprovedPatchesComplianceLevel, PatchBaselineApprovedPatchesComplianceLevelArgs

    Critical
    CRITICAL
    High
    HIGH
    Medium
    MEDIUM
    Low
    LOW
    Informational
    INFORMATIONAL
    Unspecified
    UNSPECIFIED
    PatchBaselineApprovedPatchesComplianceLevelCritical
    CRITICAL
    PatchBaselineApprovedPatchesComplianceLevelHigh
    HIGH
    PatchBaselineApprovedPatchesComplianceLevelMedium
    MEDIUM
    PatchBaselineApprovedPatchesComplianceLevelLow
    LOW
    PatchBaselineApprovedPatchesComplianceLevelInformational
    INFORMATIONAL
    PatchBaselineApprovedPatchesComplianceLevelUnspecified
    UNSPECIFIED
    Critical
    CRITICAL
    High
    HIGH
    Medium
    MEDIUM
    Low
    LOW
    Informational
    INFORMATIONAL
    Unspecified
    UNSPECIFIED
    Critical
    CRITICAL
    High
    HIGH
    Medium
    MEDIUM
    Low
    LOW
    Informational
    INFORMATIONAL
    Unspecified
    UNSPECIFIED
    CRITICAL
    CRITICAL
    HIGH
    HIGH
    MEDIUM
    MEDIUM
    LOW
    LOW
    INFORMATIONAL
    INFORMATIONAL
    UNSPECIFIED
    UNSPECIFIED
    "CRITICAL"
    CRITICAL
    "HIGH"
    HIGH
    "MEDIUM"
    MEDIUM
    "LOW"
    LOW
    "INFORMATIONAL"
    INFORMATIONAL
    "UNSPECIFIED"
    UNSPECIFIED

    PatchBaselineOperatingSystem, PatchBaselineOperatingSystemArgs

    Windows
    WINDOWS
    AmazonLinux
    AMAZON_LINUX
    AmazonLinux2
    AMAZON_LINUX_2
    AmazonLinux2022
    AMAZON_LINUX_2022
    AmazonLinux2023
    AMAZON_LINUX_2023
    Ubuntu
    UBUNTU
    RedhatEnterpriseLinux
    REDHAT_ENTERPRISE_LINUX
    Suse
    SUSE
    Centos
    CENTOS
    OracleLinux
    ORACLE_LINUX
    Debian
    DEBIAN
    Macos
    MACOS
    Raspbian
    RASPBIAN
    RockyLinux
    ROCKY_LINUX
    AlmaLinux
    ALMA_LINUX
    PatchBaselineOperatingSystemWindows
    WINDOWS
    PatchBaselineOperatingSystemAmazonLinux
    AMAZON_LINUX
    PatchBaselineOperatingSystemAmazonLinux2
    AMAZON_LINUX_2
    PatchBaselineOperatingSystemAmazonLinux2022
    AMAZON_LINUX_2022
    PatchBaselineOperatingSystemAmazonLinux2023
    AMAZON_LINUX_2023
    PatchBaselineOperatingSystemUbuntu
    UBUNTU
    PatchBaselineOperatingSystemRedhatEnterpriseLinux
    REDHAT_ENTERPRISE_LINUX
    PatchBaselineOperatingSystemSuse
    SUSE
    PatchBaselineOperatingSystemCentos
    CENTOS
    PatchBaselineOperatingSystemOracleLinux
    ORACLE_LINUX
    PatchBaselineOperatingSystemDebian
    DEBIAN
    PatchBaselineOperatingSystemMacos
    MACOS
    PatchBaselineOperatingSystemRaspbian
    RASPBIAN
    PatchBaselineOperatingSystemRockyLinux
    ROCKY_LINUX
    PatchBaselineOperatingSystemAlmaLinux
    ALMA_LINUX
    Windows
    WINDOWS
    AmazonLinux
    AMAZON_LINUX
    AmazonLinux2
    AMAZON_LINUX_2
    AmazonLinux2022
    AMAZON_LINUX_2022
    AmazonLinux2023
    AMAZON_LINUX_2023
    Ubuntu
    UBUNTU
    RedhatEnterpriseLinux
    REDHAT_ENTERPRISE_LINUX
    Suse
    SUSE
    Centos
    CENTOS
    OracleLinux
    ORACLE_LINUX
    Debian
    DEBIAN
    Macos
    MACOS
    Raspbian
    RASPBIAN
    RockyLinux
    ROCKY_LINUX
    AlmaLinux
    ALMA_LINUX
    Windows
    WINDOWS
    AmazonLinux
    AMAZON_LINUX
    AmazonLinux2
    AMAZON_LINUX_2
    AmazonLinux2022
    AMAZON_LINUX_2022
    AmazonLinux2023
    AMAZON_LINUX_2023
    Ubuntu
    UBUNTU
    RedhatEnterpriseLinux
    REDHAT_ENTERPRISE_LINUX
    Suse
    SUSE
    Centos
    CENTOS
    OracleLinux
    ORACLE_LINUX
    Debian
    DEBIAN
    Macos
    MACOS
    Raspbian
    RASPBIAN
    RockyLinux
    ROCKY_LINUX
    AlmaLinux
    ALMA_LINUX
    WINDOWS
    WINDOWS
    AMAZON_LINUX
    AMAZON_LINUX
    AMAZON_LINUX2
    AMAZON_LINUX_2
    AMAZON_LINUX2022
    AMAZON_LINUX_2022
    AMAZON_LINUX2023
    AMAZON_LINUX_2023
    UBUNTU
    UBUNTU
    REDHAT_ENTERPRISE_LINUX
    REDHAT_ENTERPRISE_LINUX
    SUSE
    SUSE
    CENTOS
    CENTOS
    ORACLE_LINUX
    ORACLE_LINUX
    DEBIAN
    DEBIAN
    MACOS
    MACOS
    RASPBIAN
    RASPBIAN
    ROCKY_LINUX
    ROCKY_LINUX
    ALMA_LINUX
    ALMA_LINUX
    "WINDOWS"
    WINDOWS
    "AMAZON_LINUX"
    AMAZON_LINUX
    "AMAZON_LINUX_2"
    AMAZON_LINUX_2
    "AMAZON_LINUX_2022"
    AMAZON_LINUX_2022
    "AMAZON_LINUX_2023"
    AMAZON_LINUX_2023
    "UBUNTU"
    UBUNTU
    "REDHAT_ENTERPRISE_LINUX"
    REDHAT_ENTERPRISE_LINUX
    "SUSE"
    SUSE
    "CENTOS"
    CENTOS
    "ORACLE_LINUX"
    ORACLE_LINUX
    "DEBIAN"
    DEBIAN
    "MACOS"
    MACOS
    "RASPBIAN"
    RASPBIAN
    "ROCKY_LINUX"
    ROCKY_LINUX
    "ALMA_LINUX"
    ALMA_LINUX

    PatchBaselinePatchFilter, PatchBaselinePatchFilterArgs

    Key Pulumi.AwsNative.Ssm.PatchBaselinePatchFilterKey

    The key for the filter.

    For information about valid keys, see PatchFilter in the AWS Systems Manager API Reference .

    Values List<string>

    The value for the filter key.

    For information about valid values for each key based on operating system type, see PatchFilter in the AWS Systems Manager API Reference .

    Key PatchBaselinePatchFilterKey

    The key for the filter.

    For information about valid keys, see PatchFilter in the AWS Systems Manager API Reference .

    Values []string

    The value for the filter key.

    For information about valid values for each key based on operating system type, see PatchFilter in the AWS Systems Manager API Reference .

    key PatchBaselinePatchFilterKey

    The key for the filter.

    For information about valid keys, see PatchFilter in the AWS Systems Manager API Reference .

    values List<String>

    The value for the filter key.

    For information about valid values for each key based on operating system type, see PatchFilter in the AWS Systems Manager API Reference .

    key PatchBaselinePatchFilterKey

    The key for the filter.

    For information about valid keys, see PatchFilter in the AWS Systems Manager API Reference .

    values string[]

    The value for the filter key.

    For information about valid values for each key based on operating system type, see PatchFilter in the AWS Systems Manager API Reference .

    key PatchBaselinePatchFilterKey

    The key for the filter.

    For information about valid keys, see PatchFilter in the AWS Systems Manager API Reference .

    values Sequence[str]

    The value for the filter key.

    For information about valid values for each key based on operating system type, see PatchFilter in the AWS Systems Manager API Reference .

    key "ADVISORY_ID" | "ARCH" | "BUGZILLA_ID" | "CLASSIFICATION" | "CVE_ID" | "EPOCH" | "MSRC_SEVERITY" | "NAME" | "PATCH_ID" | "PATCH_SET" | "PRIORITY" | "PRODUCT" | "PRODUCT_FAMILY" | "RELEASE" | "REPOSITORY" | "SECTION" | "SECURITY" | "SEVERITY" | "VERSION"

    The key for the filter.

    For information about valid keys, see PatchFilter in the AWS Systems Manager API Reference .

    values List<String>

    The value for the filter key.

    For information about valid values for each key based on operating system type, see PatchFilter in the AWS Systems Manager API Reference .

    PatchBaselinePatchFilterGroup, PatchBaselinePatchFilterGroupArgs

    PatchFilters List<Pulumi.AwsNative.Ssm.Inputs.PatchBaselinePatchFilter>
    The set of patch filters that make up the group.
    PatchFilters []PatchBaselinePatchFilter
    The set of patch filters that make up the group.
    patchFilters List<PatchBaselinePatchFilter>
    The set of patch filters that make up the group.
    patchFilters PatchBaselinePatchFilter[]
    The set of patch filters that make up the group.
    patch_filters Sequence[PatchBaselinePatchFilter]
    The set of patch filters that make up the group.
    patchFilters List<Property Map>
    The set of patch filters that make up the group.

    PatchBaselinePatchFilterKey, PatchBaselinePatchFilterKeyArgs

    AdvisoryId
    ADVISORY_ID
    Arch
    ARCH
    BugzillaId
    BUGZILLA_ID
    Classification
    CLASSIFICATION
    CveId
    CVE_ID
    Epoch
    EPOCH
    MsrcSeverity
    MSRC_SEVERITY
    Name
    NAME
    PatchId
    PATCH_ID
    PatchSet
    PATCH_SET
    Priority
    PRIORITY
    Product
    PRODUCT
    ProductFamily
    PRODUCT_FAMILY
    Release
    RELEASE
    Repository
    REPOSITORY
    Section
    SECTION
    Security
    SECURITY
    Severity
    SEVERITY
    Version
    VERSION
    PatchBaselinePatchFilterKeyAdvisoryId
    ADVISORY_ID
    PatchBaselinePatchFilterKeyArch
    ARCH
    PatchBaselinePatchFilterKeyBugzillaId
    BUGZILLA_ID
    PatchBaselinePatchFilterKeyClassification
    CLASSIFICATION
    PatchBaselinePatchFilterKeyCveId
    CVE_ID
    PatchBaselinePatchFilterKeyEpoch
    EPOCH
    PatchBaselinePatchFilterKeyMsrcSeverity
    MSRC_SEVERITY
    PatchBaselinePatchFilterKeyName
    NAME
    PatchBaselinePatchFilterKeyPatchId
    PATCH_ID
    PatchBaselinePatchFilterKeyPatchSet
    PATCH_SET
    PatchBaselinePatchFilterKeyPriority
    PRIORITY
    PatchBaselinePatchFilterKeyProduct
    PRODUCT
    PatchBaselinePatchFilterKeyProductFamily
    PRODUCT_FAMILY
    PatchBaselinePatchFilterKeyRelease
    RELEASE
    PatchBaselinePatchFilterKeyRepository
    REPOSITORY
    PatchBaselinePatchFilterKeySection
    SECTION
    PatchBaselinePatchFilterKeySecurity
    SECURITY
    PatchBaselinePatchFilterKeySeverity
    SEVERITY
    PatchBaselinePatchFilterKeyVersion
    VERSION
    AdvisoryId
    ADVISORY_ID
    Arch
    ARCH
    BugzillaId
    BUGZILLA_ID
    Classification
    CLASSIFICATION
    CveId
    CVE_ID
    Epoch
    EPOCH
    MsrcSeverity
    MSRC_SEVERITY
    Name
    NAME
    PatchId
    PATCH_ID
    PatchSet
    PATCH_SET
    Priority
    PRIORITY
    Product
    PRODUCT
    ProductFamily
    PRODUCT_FAMILY
    Release
    RELEASE
    Repository
    REPOSITORY
    Section
    SECTION
    Security
    SECURITY
    Severity
    SEVERITY
    Version
    VERSION
    AdvisoryId
    ADVISORY_ID
    Arch
    ARCH
    BugzillaId
    BUGZILLA_ID
    Classification
    CLASSIFICATION
    CveId
    CVE_ID
    Epoch
    EPOCH
    MsrcSeverity
    MSRC_SEVERITY
    Name
    NAME
    PatchId
    PATCH_ID
    PatchSet
    PATCH_SET
    Priority
    PRIORITY
    Product
    PRODUCT
    ProductFamily
    PRODUCT_FAMILY
    Release
    RELEASE
    Repository
    REPOSITORY
    Section
    SECTION
    Security
    SECURITY
    Severity
    SEVERITY
    Version
    VERSION
    ADVISORY_ID
    ADVISORY_ID
    ARCH
    ARCH
    BUGZILLA_ID
    BUGZILLA_ID
    CLASSIFICATION
    CLASSIFICATION
    CVE_ID
    CVE_ID
    EPOCH
    EPOCH
    MSRC_SEVERITY
    MSRC_SEVERITY
    NAME
    NAME
    PATCH_ID
    PATCH_ID
    PATCH_SET
    PATCH_SET
    PRIORITY
    PRIORITY
    PRODUCT
    PRODUCT
    PRODUCT_FAMILY
    PRODUCT_FAMILY
    RELEASE
    RELEASE
    REPOSITORY
    REPOSITORY
    SECTION
    SECTION
    SECURITY
    SECURITY
    SEVERITY
    SEVERITY
    VERSION
    VERSION
    "ADVISORY_ID"
    ADVISORY_ID
    "ARCH"
    ARCH
    "BUGZILLA_ID"
    BUGZILLA_ID
    "CLASSIFICATION"
    CLASSIFICATION
    "CVE_ID"
    CVE_ID
    "EPOCH"
    EPOCH
    "MSRC_SEVERITY"
    MSRC_SEVERITY
    "NAME"
    NAME
    "PATCH_ID"
    PATCH_ID
    "PATCH_SET"
    PATCH_SET
    "PRIORITY"
    PRIORITY
    "PRODUCT"
    PRODUCT
    "PRODUCT_FAMILY"
    PRODUCT_FAMILY
    "RELEASE"
    RELEASE
    "REPOSITORY"
    REPOSITORY
    "SECTION"
    SECTION
    "SECURITY"
    SECURITY
    "SEVERITY"
    SEVERITY
    "VERSION"
    VERSION

    PatchBaselinePatchSource, PatchBaselinePatchSourceArgs

    Configuration string

    The value of the yum repo configuration. For example:

    [main]

    name=MyCustomRepository

    baseurl=https://my-custom-repository

    enabled=1

    For information about other options available for your yum repository configuration, see dnf.conf(5) .

    Name string
    The name specified to identify the patch source.
    Products List<string>
    The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter in the AWS Systems Manager API Reference .
    Configuration string

    The value of the yum repo configuration. For example:

    [main]

    name=MyCustomRepository

    baseurl=https://my-custom-repository

    enabled=1

    For information about other options available for your yum repository configuration, see dnf.conf(5) .

    Name string
    The name specified to identify the patch source.
    Products []string
    The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter in the AWS Systems Manager API Reference .
    configuration String

    The value of the yum repo configuration. For example:

    [main]

    name=MyCustomRepository

    baseurl=https://my-custom-repository

    enabled=1

    For information about other options available for your yum repository configuration, see dnf.conf(5) .

    name String
    The name specified to identify the patch source.
    products List<String>
    The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter in the AWS Systems Manager API Reference .
    configuration string

    The value of the yum repo configuration. For example:

    [main]

    name=MyCustomRepository

    baseurl=https://my-custom-repository

    enabled=1

    For information about other options available for your yum repository configuration, see dnf.conf(5) .

    name string
    The name specified to identify the patch source.
    products string[]
    The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter in the AWS Systems Manager API Reference .
    configuration str

    The value of the yum repo configuration. For example:

    [main]

    name=MyCustomRepository

    baseurl=https://my-custom-repository

    enabled=1

    For information about other options available for your yum repository configuration, see dnf.conf(5) .

    name str
    The name specified to identify the patch source.
    products Sequence[str]
    The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter in the AWS Systems Manager API Reference .
    configuration String

    The value of the yum repo configuration. For example:

    [main]

    name=MyCustomRepository

    baseurl=https://my-custom-repository

    enabled=1

    For information about other options available for your yum repository configuration, see dnf.conf(5) .

    name String
    The name specified to identify the patch source.
    products List<String>
    The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter in the AWS Systems Manager API Reference .

    PatchBaselineRejectedPatchesAction, PatchBaselineRejectedPatchesActionArgs

    AllowAsDependency
    ALLOW_AS_DEPENDENCY
    Block
    BLOCK
    PatchBaselineRejectedPatchesActionAllowAsDependency
    ALLOW_AS_DEPENDENCY
    PatchBaselineRejectedPatchesActionBlock
    BLOCK
    AllowAsDependency
    ALLOW_AS_DEPENDENCY
    Block
    BLOCK
    AllowAsDependency
    ALLOW_AS_DEPENDENCY
    Block
    BLOCK
    ALLOW_AS_DEPENDENCY
    ALLOW_AS_DEPENDENCY
    BLOCK
    BLOCK
    "ALLOW_AS_DEPENDENCY"
    ALLOW_AS_DEPENDENCY
    "BLOCK"
    BLOCK

    PatchBaselineRule, PatchBaselineRuleArgs

    ApproveAfterDays int

    The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of 7 means that patches are approved seven days after they are released.

    This parameter is marked as Required: No , but your request must include a value for either ApproveAfterDays or ApproveUntilDate .

    Not supported for Debian Server or Ubuntu Server.

    Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .

    ApproveUntilDate string

    The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.

    Enter dates in the format YYYY-MM-DD . For example, 2024-12-31 .

    This parameter is marked as Required: No , but your request must include a value for either ApproveUntilDate or ApproveAfterDays .

    Not supported for Debian Server or Ubuntu Server.

    Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .

    ComplianceLevel Pulumi.AwsNative.Ssm.PatchBaselineRuleComplianceLevel
    A compliance severity level for all approved patches in a patch baseline. Valid compliance severity levels include the following: UNSPECIFIED , CRITICAL , HIGH , MEDIUM , LOW , and INFORMATIONAL .
    EnableNonSecurity bool
    For managed nodes identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is false . Applies to Linux managed nodes only.
    PatchFilterGroup Pulumi.AwsNative.Ssm.Inputs.PatchBaselinePatchFilterGroup
    The patch filter group that defines the criteria for the rule.
    ApproveAfterDays int

    The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of 7 means that patches are approved seven days after they are released.

    This parameter is marked as Required: No , but your request must include a value for either ApproveAfterDays or ApproveUntilDate .

    Not supported for Debian Server or Ubuntu Server.

    Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .

    ApproveUntilDate string

    The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.

    Enter dates in the format YYYY-MM-DD . For example, 2024-12-31 .

    This parameter is marked as Required: No , but your request must include a value for either ApproveUntilDate or ApproveAfterDays .

    Not supported for Debian Server or Ubuntu Server.

    Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .

    ComplianceLevel PatchBaselineRuleComplianceLevel
    A compliance severity level for all approved patches in a patch baseline. Valid compliance severity levels include the following: UNSPECIFIED , CRITICAL , HIGH , MEDIUM , LOW , and INFORMATIONAL .
    EnableNonSecurity bool
    For managed nodes identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is false . Applies to Linux managed nodes only.
    PatchFilterGroup PatchBaselinePatchFilterGroup
    The patch filter group that defines the criteria for the rule.
    approveAfterDays Integer

    The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of 7 means that patches are approved seven days after they are released.

    This parameter is marked as Required: No , but your request must include a value for either ApproveAfterDays or ApproveUntilDate .

    Not supported for Debian Server or Ubuntu Server.

    Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .

    approveUntilDate String

    The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.

    Enter dates in the format YYYY-MM-DD . For example, 2024-12-31 .

    This parameter is marked as Required: No , but your request must include a value for either ApproveUntilDate or ApproveAfterDays .

    Not supported for Debian Server or Ubuntu Server.

    Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .

    complianceLevel PatchBaselineRuleComplianceLevel
    A compliance severity level for all approved patches in a patch baseline. Valid compliance severity levels include the following: UNSPECIFIED , CRITICAL , HIGH , MEDIUM , LOW , and INFORMATIONAL .
    enableNonSecurity Boolean
    For managed nodes identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is false . Applies to Linux managed nodes only.
    patchFilterGroup PatchBaselinePatchFilterGroup
    The patch filter group that defines the criteria for the rule.
    approveAfterDays number

    The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of 7 means that patches are approved seven days after they are released.

    This parameter is marked as Required: No , but your request must include a value for either ApproveAfterDays or ApproveUntilDate .

    Not supported for Debian Server or Ubuntu Server.

    Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .

    approveUntilDate string

    The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.

    Enter dates in the format YYYY-MM-DD . For example, 2024-12-31 .

    This parameter is marked as Required: No , but your request must include a value for either ApproveUntilDate or ApproveAfterDays .

    Not supported for Debian Server or Ubuntu Server.

    Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .

    complianceLevel PatchBaselineRuleComplianceLevel
    A compliance severity level for all approved patches in a patch baseline. Valid compliance severity levels include the following: UNSPECIFIED , CRITICAL , HIGH , MEDIUM , LOW , and INFORMATIONAL .
    enableNonSecurity boolean
    For managed nodes identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is false . Applies to Linux managed nodes only.
    patchFilterGroup PatchBaselinePatchFilterGroup
    The patch filter group that defines the criteria for the rule.
    approve_after_days int

    The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of 7 means that patches are approved seven days after they are released.

    This parameter is marked as Required: No , but your request must include a value for either ApproveAfterDays or ApproveUntilDate .

    Not supported for Debian Server or Ubuntu Server.

    Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .

    approve_until_date str

    The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.

    Enter dates in the format YYYY-MM-DD . For example, 2024-12-31 .

    This parameter is marked as Required: No , but your request must include a value for either ApproveUntilDate or ApproveAfterDays .

    Not supported for Debian Server or Ubuntu Server.

    Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .

    compliance_level PatchBaselineRuleComplianceLevel
    A compliance severity level for all approved patches in a patch baseline. Valid compliance severity levels include the following: UNSPECIFIED , CRITICAL , HIGH , MEDIUM , LOW , and INFORMATIONAL .
    enable_non_security bool
    For managed nodes identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is false . Applies to Linux managed nodes only.
    patch_filter_group PatchBaselinePatchFilterGroup
    The patch filter group that defines the criteria for the rule.
    approveAfterDays Number

    The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of 7 means that patches are approved seven days after they are released.

    This parameter is marked as Required: No , but your request must include a value for either ApproveAfterDays or ApproveUntilDate .

    Not supported for Debian Server or Ubuntu Server.

    Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .

    approveUntilDate String

    The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.

    Enter dates in the format YYYY-MM-DD . For example, 2024-12-31 .

    This parameter is marked as Required: No , but your request must include a value for either ApproveUntilDate or ApproveAfterDays .

    Not supported for Debian Server or Ubuntu Server.

    Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .

    complianceLevel "CRITICAL" | "HIGH" | "INFORMATIONAL" | "LOW" | "MEDIUM" | "UNSPECIFIED"
    A compliance severity level for all approved patches in a patch baseline. Valid compliance severity levels include the following: UNSPECIFIED , CRITICAL , HIGH , MEDIUM , LOW , and INFORMATIONAL .
    enableNonSecurity Boolean
    For managed nodes identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is false . Applies to Linux managed nodes only.
    patchFilterGroup Property Map
    The patch filter group that defines the criteria for the rule.

    PatchBaselineRuleComplianceLevel, PatchBaselineRuleComplianceLevelArgs

    Critical
    CRITICAL
    High
    HIGH
    Informational
    INFORMATIONAL
    Low
    LOW
    Medium
    MEDIUM
    Unspecified
    UNSPECIFIED
    PatchBaselineRuleComplianceLevelCritical
    CRITICAL
    PatchBaselineRuleComplianceLevelHigh
    HIGH
    PatchBaselineRuleComplianceLevelInformational
    INFORMATIONAL
    PatchBaselineRuleComplianceLevelLow
    LOW
    PatchBaselineRuleComplianceLevelMedium
    MEDIUM
    PatchBaselineRuleComplianceLevelUnspecified
    UNSPECIFIED
    Critical
    CRITICAL
    High
    HIGH
    Informational
    INFORMATIONAL
    Low
    LOW
    Medium
    MEDIUM
    Unspecified
    UNSPECIFIED
    Critical
    CRITICAL
    High
    HIGH
    Informational
    INFORMATIONAL
    Low
    LOW
    Medium
    MEDIUM
    Unspecified
    UNSPECIFIED
    CRITICAL
    CRITICAL
    HIGH
    HIGH
    INFORMATIONAL
    INFORMATIONAL
    LOW
    LOW
    MEDIUM
    MEDIUM
    UNSPECIFIED
    UNSPECIFIED
    "CRITICAL"
    CRITICAL
    "HIGH"
    HIGH
    "INFORMATIONAL"
    INFORMATIONAL
    "LOW"
    LOW
    "MEDIUM"
    MEDIUM
    "UNSPECIFIED"
    UNSPECIFIED

    PatchBaselineRuleGroup, PatchBaselineRuleGroupArgs

    PatchRules []PatchBaselineRule
    The rules that make up the rule group.
    patchRules List<PatchBaselineRule>
    The rules that make up the rule group.
    patchRules PatchBaselineRule[]
    The rules that make up the rule group.
    patch_rules Sequence[PatchBaselineRule]
    The rules that make up the rule group.
    patchRules List<Property Map>
    The rules that make up the rule group.

    Tag, TagArgs

    Key string
    The key name of the tag
    Value string
    The value of the tag
    Key string
    The key name of the tag
    Value string
    The value of the tag
    key String
    The key name of the tag
    value String
    The value of the tag
    key string
    The key name of the tag
    value string
    The value of the tag
    key str
    The key name of the tag
    value str
    The value of the tag
    key String
    The key name of the tag
    value String
    The value of the tag

    Package Details

    Repository
    AWS Native pulumi/pulumi-aws-native
    License
    Apache-2.0
    aws-native logo

    We recommend new projects start with resources from the AWS provider.

    AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi