1. Packages
  2. AWS
  3. API Docs
  4. ssm
  5. PatchBaseline
AWS v6.60.0 published on Tuesday, Nov 19, 2024 by Pulumi

aws.ssm.PatchBaseline

Explore with Pulumi AI

aws logo
AWS v6.60.0 published on Tuesday, Nov 19, 2024 by Pulumi

    Provides an SSM Patch Baseline resource.

    NOTE on Patch Baselines: The approved_patches and approval_rule are both marked as optional fields, but the Patch Baseline requires that at least one of them is specified.

    Example Usage

    Basic Usage

    Using approved_patches only.

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const production = new aws.ssm.PatchBaseline("production", {
        name: "patch-baseline",
        approvedPatches: ["KB123456"],
    });
    
    import pulumi
    import pulumi_aws as aws
    
    production = aws.ssm.PatchBaseline("production",
        name="patch-baseline",
        approved_patches=["KB123456"])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ssm"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := ssm.NewPatchBaseline(ctx, "production", &ssm.PatchBaselineArgs{
    			Name: pulumi.String("patch-baseline"),
    			ApprovedPatches: pulumi.StringArray{
    				pulumi.String("KB123456"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var production = new Aws.Ssm.PatchBaseline("production", new()
        {
            Name = "patch-baseline",
            ApprovedPatches = new[]
            {
                "KB123456",
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.ssm.PatchBaseline;
    import com.pulumi.aws.ssm.PatchBaselineArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var production = new PatchBaseline("production", PatchBaselineArgs.builder()
                .name("patch-baseline")
                .approvedPatches("KB123456")
                .build());
    
        }
    }
    
    resources:
      production:
        type: aws:ssm:PatchBaseline
        properties:
          name: patch-baseline
          approvedPatches:
            - KB123456
    

    Advanced Usage, specifying patch filters

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const production = new aws.ssm.PatchBaseline("production", {
        name: "patch-baseline",
        description: "Patch Baseline Description",
        approvedPatches: [
            "KB123456",
            "KB456789",
        ],
        rejectedPatches: ["KB987654"],
        globalFilters: [
            {
                key: "PRODUCT",
                values: ["WindowsServer2008"],
            },
            {
                key: "CLASSIFICATION",
                values: ["ServicePacks"],
            },
            {
                key: "MSRC_SEVERITY",
                values: ["Low"],
            },
        ],
        approvalRules: [
            {
                approveAfterDays: 7,
                complianceLevel: "HIGH",
                patchFilters: [
                    {
                        key: "PRODUCT",
                        values: ["WindowsServer2016"],
                    },
                    {
                        key: "CLASSIFICATION",
                        values: [
                            "CriticalUpdates",
                            "SecurityUpdates",
                            "Updates",
                        ],
                    },
                    {
                        key: "MSRC_SEVERITY",
                        values: [
                            "Critical",
                            "Important",
                            "Moderate",
                        ],
                    },
                ],
            },
            {
                approveAfterDays: 7,
                patchFilters: [{
                    key: "PRODUCT",
                    values: ["WindowsServer2012"],
                }],
            },
        ],
    });
    
    import pulumi
    import pulumi_aws as aws
    
    production = aws.ssm.PatchBaseline("production",
        name="patch-baseline",
        description="Patch Baseline Description",
        approved_patches=[
            "KB123456",
            "KB456789",
        ],
        rejected_patches=["KB987654"],
        global_filters=[
            {
                "key": "PRODUCT",
                "values": ["WindowsServer2008"],
            },
            {
                "key": "CLASSIFICATION",
                "values": ["ServicePacks"],
            },
            {
                "key": "MSRC_SEVERITY",
                "values": ["Low"],
            },
        ],
        approval_rules=[
            {
                "approve_after_days": 7,
                "compliance_level": "HIGH",
                "patch_filters": [
                    {
                        "key": "PRODUCT",
                        "values": ["WindowsServer2016"],
                    },
                    {
                        "key": "CLASSIFICATION",
                        "values": [
                            "CriticalUpdates",
                            "SecurityUpdates",
                            "Updates",
                        ],
                    },
                    {
                        "key": "MSRC_SEVERITY",
                        "values": [
                            "Critical",
                            "Important",
                            "Moderate",
                        ],
                    },
                ],
            },
            {
                "approve_after_days": 7,
                "patch_filters": [{
                    "key": "PRODUCT",
                    "values": ["WindowsServer2012"],
                }],
            },
        ])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ssm"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := ssm.NewPatchBaseline(ctx, "production", &ssm.PatchBaselineArgs{
    			Name:        pulumi.String("patch-baseline"),
    			Description: pulumi.String("Patch Baseline Description"),
    			ApprovedPatches: pulumi.StringArray{
    				pulumi.String("KB123456"),
    				pulumi.String("KB456789"),
    			},
    			RejectedPatches: pulumi.StringArray{
    				pulumi.String("KB987654"),
    			},
    			GlobalFilters: ssm.PatchBaselineGlobalFilterArray{
    				&ssm.PatchBaselineGlobalFilterArgs{
    					Key: pulumi.String("PRODUCT"),
    					Values: pulumi.StringArray{
    						pulumi.String("WindowsServer2008"),
    					},
    				},
    				&ssm.PatchBaselineGlobalFilterArgs{
    					Key: pulumi.String("CLASSIFICATION"),
    					Values: pulumi.StringArray{
    						pulumi.String("ServicePacks"),
    					},
    				},
    				&ssm.PatchBaselineGlobalFilterArgs{
    					Key: pulumi.String("MSRC_SEVERITY"),
    					Values: pulumi.StringArray{
    						pulumi.String("Low"),
    					},
    				},
    			},
    			ApprovalRules: ssm.PatchBaselineApprovalRuleArray{
    				&ssm.PatchBaselineApprovalRuleArgs{
    					ApproveAfterDays: pulumi.Int(7),
    					ComplianceLevel:  pulumi.String("HIGH"),
    					PatchFilters: ssm.PatchBaselineApprovalRulePatchFilterArray{
    						&ssm.PatchBaselineApprovalRulePatchFilterArgs{
    							Key: pulumi.String("PRODUCT"),
    							Values: pulumi.StringArray{
    								pulumi.String("WindowsServer2016"),
    							},
    						},
    						&ssm.PatchBaselineApprovalRulePatchFilterArgs{
    							Key: pulumi.String("CLASSIFICATION"),
    							Values: pulumi.StringArray{
    								pulumi.String("CriticalUpdates"),
    								pulumi.String("SecurityUpdates"),
    								pulumi.String("Updates"),
    							},
    						},
    						&ssm.PatchBaselineApprovalRulePatchFilterArgs{
    							Key: pulumi.String("MSRC_SEVERITY"),
    							Values: pulumi.StringArray{
    								pulumi.String("Critical"),
    								pulumi.String("Important"),
    								pulumi.String("Moderate"),
    							},
    						},
    					},
    				},
    				&ssm.PatchBaselineApprovalRuleArgs{
    					ApproveAfterDays: pulumi.Int(7),
    					PatchFilters: ssm.PatchBaselineApprovalRulePatchFilterArray{
    						&ssm.PatchBaselineApprovalRulePatchFilterArgs{
    							Key: pulumi.String("PRODUCT"),
    							Values: pulumi.StringArray{
    								pulumi.String("WindowsServer2012"),
    							},
    						},
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var production = new Aws.Ssm.PatchBaseline("production", new()
        {
            Name = "patch-baseline",
            Description = "Patch Baseline Description",
            ApprovedPatches = new[]
            {
                "KB123456",
                "KB456789",
            },
            RejectedPatches = new[]
            {
                "KB987654",
            },
            GlobalFilters = new[]
            {
                new Aws.Ssm.Inputs.PatchBaselineGlobalFilterArgs
                {
                    Key = "PRODUCT",
                    Values = new[]
                    {
                        "WindowsServer2008",
                    },
                },
                new Aws.Ssm.Inputs.PatchBaselineGlobalFilterArgs
                {
                    Key = "CLASSIFICATION",
                    Values = new[]
                    {
                        "ServicePacks",
                    },
                },
                new Aws.Ssm.Inputs.PatchBaselineGlobalFilterArgs
                {
                    Key = "MSRC_SEVERITY",
                    Values = new[]
                    {
                        "Low",
                    },
                },
            },
            ApprovalRules = new[]
            {
                new Aws.Ssm.Inputs.PatchBaselineApprovalRuleArgs
                {
                    ApproveAfterDays = 7,
                    ComplianceLevel = "HIGH",
                    PatchFilters = new[]
                    {
                        new Aws.Ssm.Inputs.PatchBaselineApprovalRulePatchFilterArgs
                        {
                            Key = "PRODUCT",
                            Values = new[]
                            {
                                "WindowsServer2016",
                            },
                        },
                        new Aws.Ssm.Inputs.PatchBaselineApprovalRulePatchFilterArgs
                        {
                            Key = "CLASSIFICATION",
                            Values = new[]
                            {
                                "CriticalUpdates",
                                "SecurityUpdates",
                                "Updates",
                            },
                        },
                        new Aws.Ssm.Inputs.PatchBaselineApprovalRulePatchFilterArgs
                        {
                            Key = "MSRC_SEVERITY",
                            Values = new[]
                            {
                                "Critical",
                                "Important",
                                "Moderate",
                            },
                        },
                    },
                },
                new Aws.Ssm.Inputs.PatchBaselineApprovalRuleArgs
                {
                    ApproveAfterDays = 7,
                    PatchFilters = new[]
                    {
                        new Aws.Ssm.Inputs.PatchBaselineApprovalRulePatchFilterArgs
                        {
                            Key = "PRODUCT",
                            Values = new[]
                            {
                                "WindowsServer2012",
                            },
                        },
                    },
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.ssm.PatchBaseline;
    import com.pulumi.aws.ssm.PatchBaselineArgs;
    import com.pulumi.aws.ssm.inputs.PatchBaselineGlobalFilterArgs;
    import com.pulumi.aws.ssm.inputs.PatchBaselineApprovalRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var production = new PatchBaseline("production", PatchBaselineArgs.builder()
                .name("patch-baseline")
                .description("Patch Baseline Description")
                .approvedPatches(            
                    "KB123456",
                    "KB456789")
                .rejectedPatches("KB987654")
                .globalFilters(            
                    PatchBaselineGlobalFilterArgs.builder()
                        .key("PRODUCT")
                        .values("WindowsServer2008")
                        .build(),
                    PatchBaselineGlobalFilterArgs.builder()
                        .key("CLASSIFICATION")
                        .values("ServicePacks")
                        .build(),
                    PatchBaselineGlobalFilterArgs.builder()
                        .key("MSRC_SEVERITY")
                        .values("Low")
                        .build())
                .approvalRules(            
                    PatchBaselineApprovalRuleArgs.builder()
                        .approveAfterDays(7)
                        .complianceLevel("HIGH")
                        .patchFilters(                    
                            PatchBaselineApprovalRulePatchFilterArgs.builder()
                                .key("PRODUCT")
                                .values("WindowsServer2016")
                                .build(),
                            PatchBaselineApprovalRulePatchFilterArgs.builder()
                                .key("CLASSIFICATION")
                                .values(                            
                                    "CriticalUpdates",
                                    "SecurityUpdates",
                                    "Updates")
                                .build(),
                            PatchBaselineApprovalRulePatchFilterArgs.builder()
                                .key("MSRC_SEVERITY")
                                .values(                            
                                    "Critical",
                                    "Important",
                                    "Moderate")
                                .build())
                        .build(),
                    PatchBaselineApprovalRuleArgs.builder()
                        .approveAfterDays(7)
                        .patchFilters(PatchBaselineApprovalRulePatchFilterArgs.builder()
                            .key("PRODUCT")
                            .values("WindowsServer2012")
                            .build())
                        .build())
                .build());
    
        }
    }
    
    resources:
      production:
        type: aws:ssm:PatchBaseline
        properties:
          name: patch-baseline
          description: Patch Baseline Description
          approvedPatches:
            - KB123456
            - KB456789
          rejectedPatches:
            - KB987654
          globalFilters:
            - key: PRODUCT
              values:
                - WindowsServer2008
            - key: CLASSIFICATION
              values:
                - ServicePacks
            - key: MSRC_SEVERITY
              values:
                - Low
          approvalRules:
            - approveAfterDays: 7
              complianceLevel: HIGH
              patchFilters:
                - key: PRODUCT
                  values:
                    - WindowsServer2016
                - key: CLASSIFICATION
                  values:
                    - CriticalUpdates
                    - SecurityUpdates
                    - Updates
                - key: MSRC_SEVERITY
                  values:
                    - Critical
                    - Important
                    - Moderate
            - approveAfterDays: 7
              patchFilters:
                - key: PRODUCT
                  values:
                    - WindowsServer2012
    

    Advanced usage, specifying Microsoft application and Windows patch rules

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const windowsOsApps = new aws.ssm.PatchBaseline("windows_os_apps", {
        name: "WindowsOSAndMicrosoftApps",
        description: "Patch both Windows and Microsoft apps",
        operatingSystem: "WINDOWS",
        approvalRules: [
            {
                approveAfterDays: 7,
                patchFilters: [
                    {
                        key: "CLASSIFICATION",
                        values: [
                            "CriticalUpdates",
                            "SecurityUpdates",
                        ],
                    },
                    {
                        key: "MSRC_SEVERITY",
                        values: [
                            "Critical",
                            "Important",
                        ],
                    },
                ],
            },
            {
                approveAfterDays: 7,
                patchFilters: [
                    {
                        key: "PATCH_SET",
                        values: ["APPLICATION"],
                    },
                    {
                        key: "PRODUCT",
                        values: [
                            "Office 2013",
                            "Office 2016",
                        ],
                    },
                ],
            },
        ],
    });
    
    import pulumi
    import pulumi_aws as aws
    
    windows_os_apps = aws.ssm.PatchBaseline("windows_os_apps",
        name="WindowsOSAndMicrosoftApps",
        description="Patch both Windows and Microsoft apps",
        operating_system="WINDOWS",
        approval_rules=[
            {
                "approve_after_days": 7,
                "patch_filters": [
                    {
                        "key": "CLASSIFICATION",
                        "values": [
                            "CriticalUpdates",
                            "SecurityUpdates",
                        ],
                    },
                    {
                        "key": "MSRC_SEVERITY",
                        "values": [
                            "Critical",
                            "Important",
                        ],
                    },
                ],
            },
            {
                "approve_after_days": 7,
                "patch_filters": [
                    {
                        "key": "PATCH_SET",
                        "values": ["APPLICATION"],
                    },
                    {
                        "key": "PRODUCT",
                        "values": [
                            "Office 2013",
                            "Office 2016",
                        ],
                    },
                ],
            },
        ])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ssm"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := ssm.NewPatchBaseline(ctx, "windows_os_apps", &ssm.PatchBaselineArgs{
    			Name:            pulumi.String("WindowsOSAndMicrosoftApps"),
    			Description:     pulumi.String("Patch both Windows and Microsoft apps"),
    			OperatingSystem: pulumi.String("WINDOWS"),
    			ApprovalRules: ssm.PatchBaselineApprovalRuleArray{
    				&ssm.PatchBaselineApprovalRuleArgs{
    					ApproveAfterDays: pulumi.Int(7),
    					PatchFilters: ssm.PatchBaselineApprovalRulePatchFilterArray{
    						&ssm.PatchBaselineApprovalRulePatchFilterArgs{
    							Key: pulumi.String("CLASSIFICATION"),
    							Values: pulumi.StringArray{
    								pulumi.String("CriticalUpdates"),
    								pulumi.String("SecurityUpdates"),
    							},
    						},
    						&ssm.PatchBaselineApprovalRulePatchFilterArgs{
    							Key: pulumi.String("MSRC_SEVERITY"),
    							Values: pulumi.StringArray{
    								pulumi.String("Critical"),
    								pulumi.String("Important"),
    							},
    						},
    					},
    				},
    				&ssm.PatchBaselineApprovalRuleArgs{
    					ApproveAfterDays: pulumi.Int(7),
    					PatchFilters: ssm.PatchBaselineApprovalRulePatchFilterArray{
    						&ssm.PatchBaselineApprovalRulePatchFilterArgs{
    							Key: pulumi.String("PATCH_SET"),
    							Values: pulumi.StringArray{
    								pulumi.String("APPLICATION"),
    							},
    						},
    						&ssm.PatchBaselineApprovalRulePatchFilterArgs{
    							Key: pulumi.String("PRODUCT"),
    							Values: pulumi.StringArray{
    								pulumi.String("Office 2013"),
    								pulumi.String("Office 2016"),
    							},
    						},
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var windowsOsApps = new Aws.Ssm.PatchBaseline("windows_os_apps", new()
        {
            Name = "WindowsOSAndMicrosoftApps",
            Description = "Patch both Windows and Microsoft apps",
            OperatingSystem = "WINDOWS",
            ApprovalRules = new[]
            {
                new Aws.Ssm.Inputs.PatchBaselineApprovalRuleArgs
                {
                    ApproveAfterDays = 7,
                    PatchFilters = new[]
                    {
                        new Aws.Ssm.Inputs.PatchBaselineApprovalRulePatchFilterArgs
                        {
                            Key = "CLASSIFICATION",
                            Values = new[]
                            {
                                "CriticalUpdates",
                                "SecurityUpdates",
                            },
                        },
                        new Aws.Ssm.Inputs.PatchBaselineApprovalRulePatchFilterArgs
                        {
                            Key = "MSRC_SEVERITY",
                            Values = new[]
                            {
                                "Critical",
                                "Important",
                            },
                        },
                    },
                },
                new Aws.Ssm.Inputs.PatchBaselineApprovalRuleArgs
                {
                    ApproveAfterDays = 7,
                    PatchFilters = new[]
                    {
                        new Aws.Ssm.Inputs.PatchBaselineApprovalRulePatchFilterArgs
                        {
                            Key = "PATCH_SET",
                            Values = new[]
                            {
                                "APPLICATION",
                            },
                        },
                        new Aws.Ssm.Inputs.PatchBaselineApprovalRulePatchFilterArgs
                        {
                            Key = "PRODUCT",
                            Values = new[]
                            {
                                "Office 2013",
                                "Office 2016",
                            },
                        },
                    },
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.ssm.PatchBaseline;
    import com.pulumi.aws.ssm.PatchBaselineArgs;
    import com.pulumi.aws.ssm.inputs.PatchBaselineApprovalRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var windowsOsApps = new PatchBaseline("windowsOsApps", PatchBaselineArgs.builder()
                .name("WindowsOSAndMicrosoftApps")
                .description("Patch both Windows and Microsoft apps")
                .operatingSystem("WINDOWS")
                .approvalRules(            
                    PatchBaselineApprovalRuleArgs.builder()
                        .approveAfterDays(7)
                        .patchFilters(                    
                            PatchBaselineApprovalRulePatchFilterArgs.builder()
                                .key("CLASSIFICATION")
                                .values(                            
                                    "CriticalUpdates",
                                    "SecurityUpdates")
                                .build(),
                            PatchBaselineApprovalRulePatchFilterArgs.builder()
                                .key("MSRC_SEVERITY")
                                .values(                            
                                    "Critical",
                                    "Important")
                                .build())
                        .build(),
                    PatchBaselineApprovalRuleArgs.builder()
                        .approveAfterDays(7)
                        .patchFilters(                    
                            PatchBaselineApprovalRulePatchFilterArgs.builder()
                                .key("PATCH_SET")
                                .values("APPLICATION")
                                .build(),
                            PatchBaselineApprovalRulePatchFilterArgs.builder()
                                .key("PRODUCT")
                                .values(                            
                                    "Office 2013",
                                    "Office 2016")
                                .build())
                        .build())
                .build());
    
        }
    }
    
    resources:
      windowsOsApps:
        type: aws:ssm:PatchBaseline
        name: windows_os_apps
        properties:
          name: WindowsOSAndMicrosoftApps
          description: Patch both Windows and Microsoft apps
          operatingSystem: WINDOWS
          approvalRules:
            - approveAfterDays: 7
              patchFilters:
                - key: CLASSIFICATION
                  values:
                    - CriticalUpdates
                    - SecurityUpdates
                - key: MSRC_SEVERITY
                  values:
                    - Critical
                    - Important
            - approveAfterDays: 7
              patchFilters:
                - key: PATCH_SET
                  values:
                    - APPLICATION
                - key: PRODUCT
                  values:
                    - Office 2013
                    - Office 2016
    

    Advanced usage, specifying alternate patch source repository

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const al201709 = new aws.ssm.PatchBaseline("al_2017_09", {
        approvalRules: [{}],
        name: "Amazon-Linux-2017.09",
        description: "My patch repository for Amazon Linux 2017.09",
        operatingSystem: "AMAZON_LINUX",
        sources: [{
            name: "My-AL2017.09",
            products: ["AmazonLinux2017.09"],
            configuration: `[amzn-main]
    name=amzn-main-Base
    mirrorlist=http://repo./awsregion./awsdomain//releasever/main/mirror.list
    mirrorlist_expire=300
    metadata_expire=300
    priority=10
    failovermethod=priority
    fastestmirror_enabled=0
    gpgcheck=1
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-amazon-ga
    enabled=1
    retries=3
    timeout=5
    report_instanceid=yes
    `,
        }],
    });
    
    import pulumi
    import pulumi_aws as aws
    
    al201709 = aws.ssm.PatchBaseline("al_2017_09",
        approval_rules=[{}],
        name="Amazon-Linux-2017.09",
        description="My patch repository for Amazon Linux 2017.09",
        operating_system="AMAZON_LINUX",
        sources=[{
            "name": "My-AL2017.09",
            "products": ["AmazonLinux2017.09"],
            "configuration": """[amzn-main]
    name=amzn-main-Base
    mirrorlist=http://repo./$awsregion./$awsdomain//$releasever/main/mirror.list
    mirrorlist_expire=300
    metadata_expire=300
    priority=10
    failovermethod=priority
    fastestmirror_enabled=0
    gpgcheck=1
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-amazon-ga
    enabled=1
    retries=3
    timeout=5
    report_instanceid=yes
    """,
        }])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ssm"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := ssm.NewPatchBaseline(ctx, "al_2017_09", &ssm.PatchBaselineArgs{
    			ApprovalRules: ssm.PatchBaselineApprovalRuleArray{
    				&ssm.PatchBaselineApprovalRuleArgs{},
    			},
    			Name:            pulumi.String("Amazon-Linux-2017.09"),
    			Description:     pulumi.String("My patch repository for Amazon Linux 2017.09"),
    			OperatingSystem: pulumi.String("AMAZON_LINUX"),
    			Sources: ssm.PatchBaselineSourceArray{
    				&ssm.PatchBaselineSourceArgs{
    					Name: pulumi.String("My-AL2017.09"),
    					Products: pulumi.StringArray{
    						pulumi.String("AmazonLinux2017.09"),
    					},
    					Configuration: pulumi.String(`[amzn-main]
    name=amzn-main-Base
    mirrorlist=http://repo./$awsregion./$awsdomain//$releasever/main/mirror.list
    mirrorlist_expire=300
    metadata_expire=300
    priority=10
    failovermethod=priority
    fastestmirror_enabled=0
    gpgcheck=1
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-amazon-ga
    enabled=1
    retries=3
    timeout=5
    report_instanceid=yes
    `),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var al201709 = new Aws.Ssm.PatchBaseline("al_2017_09", new()
        {
            ApprovalRules = new[]
            {
                null,
            },
            Name = "Amazon-Linux-2017.09",
            Description = "My patch repository for Amazon Linux 2017.09",
            OperatingSystem = "AMAZON_LINUX",
            Sources = new[]
            {
                new Aws.Ssm.Inputs.PatchBaselineSourceArgs
                {
                    Name = "My-AL2017.09",
                    Products = new[]
                    {
                        "AmazonLinux2017.09",
                    },
                    Configuration = @"[amzn-main]
    name=amzn-main-Base
    mirrorlist=http://repo./$awsregion./$awsdomain//$releasever/main/mirror.list
    mirrorlist_expire=300
    metadata_expire=300
    priority=10
    failovermethod=priority
    fastestmirror_enabled=0
    gpgcheck=1
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-amazon-ga
    enabled=1
    retries=3
    timeout=5
    report_instanceid=yes
    ",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.ssm.PatchBaseline;
    import com.pulumi.aws.ssm.PatchBaselineArgs;
    import com.pulumi.aws.ssm.inputs.PatchBaselineApprovalRuleArgs;
    import com.pulumi.aws.ssm.inputs.PatchBaselineSourceArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var al201709 = new PatchBaseline("al201709", PatchBaselineArgs.builder()
                .approvalRules()
                .name("Amazon-Linux-2017.09")
                .description("My patch repository for Amazon Linux 2017.09")
                .operatingSystem("AMAZON_LINUX")
                .sources(PatchBaselineSourceArgs.builder()
                    .name("My-AL2017.09")
                    .products("AmazonLinux2017.09")
                    .configuration("""
    [amzn-main]
    name=amzn-main-Base
    mirrorlist=http://repo./$awsregion./$awsdomain//$releasever/main/mirror.list
    mirrorlist_expire=300
    metadata_expire=300
    priority=10
    failovermethod=priority
    fastestmirror_enabled=0
    gpgcheck=1
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-amazon-ga
    enabled=1
    retries=3
    timeout=5
    report_instanceid=yes
                    """)
                    .build())
                .build());
    
        }
    }
    
    resources:
      al201709:
        type: aws:ssm:PatchBaseline
        name: al_2017_09
        properties:
          approvalRules:
            - {}
          name: Amazon-Linux-2017.09
          description: My patch repository for Amazon Linux 2017.09
          operatingSystem: AMAZON_LINUX
          sources:
            - name: My-AL2017.09
              products:
                - AmazonLinux2017.09
              configuration: |
                [amzn-main]
                name=amzn-main-Base
                mirrorlist=http://repo./$awsregion./$awsdomain//$releasever/main/mirror.list
                mirrorlist_expire=300
                metadata_expire=300
                priority=10
                failovermethod=priority
                fastestmirror_enabled=0
                gpgcheck=1
                gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-amazon-ga
                enabled=1
                retries=3
                timeout=5
                report_instanceid=yes            
    

    Create PatchBaseline Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new PatchBaseline(name: string, args?: PatchBaselineArgs, opts?: CustomResourceOptions);
    @overload
    def PatchBaseline(resource_name: str,
                      args: Optional[PatchBaselineArgs] = None,
                      opts: Optional[ResourceOptions] = None)
    
    @overload
    def PatchBaseline(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      approval_rules: Optional[Sequence[PatchBaselineApprovalRuleArgs]] = None,
                      approved_patches: Optional[Sequence[str]] = None,
                      approved_patches_compliance_level: Optional[str] = None,
                      approved_patches_enable_non_security: Optional[bool] = None,
                      description: Optional[str] = None,
                      global_filters: Optional[Sequence[PatchBaselineGlobalFilterArgs]] = None,
                      name: Optional[str] = None,
                      operating_system: Optional[str] = None,
                      rejected_patches: Optional[Sequence[str]] = None,
                      rejected_patches_action: Optional[str] = None,
                      sources: Optional[Sequence[PatchBaselineSourceArgs]] = None,
                      tags: Optional[Mapping[str, str]] = None)
    func NewPatchBaseline(ctx *Context, name string, args *PatchBaselineArgs, opts ...ResourceOption) (*PatchBaseline, error)
    public PatchBaseline(string name, PatchBaselineArgs? args = null, CustomResourceOptions? opts = null)
    public PatchBaseline(String name, PatchBaselineArgs args)
    public PatchBaseline(String name, PatchBaselineArgs args, CustomResourceOptions options)
    
    type: aws:ssm:PatchBaseline
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args PatchBaselineArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args PatchBaselineArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args PatchBaselineArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args PatchBaselineArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args PatchBaselineArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var patchBaselineResource = new Aws.Ssm.PatchBaseline("patchBaselineResource", new()
    {
        ApprovalRules = new[]
        {
            new Aws.Ssm.Inputs.PatchBaselineApprovalRuleArgs
            {
                PatchFilters = new[]
                {
                    new Aws.Ssm.Inputs.PatchBaselineApprovalRulePatchFilterArgs
                    {
                        Key = "string",
                        Values = new[]
                        {
                            "string",
                        },
                    },
                },
                ApproveAfterDays = 0,
                ApproveUntilDate = "string",
                ComplianceLevel = "string",
                EnableNonSecurity = false,
            },
        },
        ApprovedPatches = new[]
        {
            "string",
        },
        ApprovedPatchesComplianceLevel = "string",
        ApprovedPatchesEnableNonSecurity = false,
        Description = "string",
        GlobalFilters = new[]
        {
            new Aws.Ssm.Inputs.PatchBaselineGlobalFilterArgs
            {
                Key = "string",
                Values = new[]
                {
                    "string",
                },
            },
        },
        Name = "string",
        OperatingSystem = "string",
        RejectedPatches = new[]
        {
            "string",
        },
        RejectedPatchesAction = "string",
        Sources = new[]
        {
            new Aws.Ssm.Inputs.PatchBaselineSourceArgs
            {
                Configuration = "string",
                Name = "string",
                Products = new[]
                {
                    "string",
                },
            },
        },
        Tags = 
        {
            { "string", "string" },
        },
    });
    
    example, err := ssm.NewPatchBaseline(ctx, "patchBaselineResource", &ssm.PatchBaselineArgs{
    	ApprovalRules: ssm.PatchBaselineApprovalRuleArray{
    		&ssm.PatchBaselineApprovalRuleArgs{
    			PatchFilters: ssm.PatchBaselineApprovalRulePatchFilterArray{
    				&ssm.PatchBaselineApprovalRulePatchFilterArgs{
    					Key: pulumi.String("string"),
    					Values: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    				},
    			},
    			ApproveAfterDays:  pulumi.Int(0),
    			ApproveUntilDate:  pulumi.String("string"),
    			ComplianceLevel:   pulumi.String("string"),
    			EnableNonSecurity: pulumi.Bool(false),
    		},
    	},
    	ApprovedPatches: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	ApprovedPatchesComplianceLevel:   pulumi.String("string"),
    	ApprovedPatchesEnableNonSecurity: pulumi.Bool(false),
    	Description:                      pulumi.String("string"),
    	GlobalFilters: ssm.PatchBaselineGlobalFilterArray{
    		&ssm.PatchBaselineGlobalFilterArgs{
    			Key: pulumi.String("string"),
    			Values: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    		},
    	},
    	Name:            pulumi.String("string"),
    	OperatingSystem: pulumi.String("string"),
    	RejectedPatches: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	RejectedPatchesAction: pulumi.String("string"),
    	Sources: ssm.PatchBaselineSourceArray{
    		&ssm.PatchBaselineSourceArgs{
    			Configuration: pulumi.String("string"),
    			Name:          pulumi.String("string"),
    			Products: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    		},
    	},
    	Tags: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    })
    
    var patchBaselineResource = new PatchBaseline("patchBaselineResource", PatchBaselineArgs.builder()
        .approvalRules(PatchBaselineApprovalRuleArgs.builder()
            .patchFilters(PatchBaselineApprovalRulePatchFilterArgs.builder()
                .key("string")
                .values("string")
                .build())
            .approveAfterDays(0)
            .approveUntilDate("string")
            .complianceLevel("string")
            .enableNonSecurity(false)
            .build())
        .approvedPatches("string")
        .approvedPatchesComplianceLevel("string")
        .approvedPatchesEnableNonSecurity(false)
        .description("string")
        .globalFilters(PatchBaselineGlobalFilterArgs.builder()
            .key("string")
            .values("string")
            .build())
        .name("string")
        .operatingSystem("string")
        .rejectedPatches("string")
        .rejectedPatchesAction("string")
        .sources(PatchBaselineSourceArgs.builder()
            .configuration("string")
            .name("string")
            .products("string")
            .build())
        .tags(Map.of("string", "string"))
        .build());
    
    patch_baseline_resource = aws.ssm.PatchBaseline("patchBaselineResource",
        approval_rules=[{
            "patch_filters": [{
                "key": "string",
                "values": ["string"],
            }],
            "approve_after_days": 0,
            "approve_until_date": "string",
            "compliance_level": "string",
            "enable_non_security": False,
        }],
        approved_patches=["string"],
        approved_patches_compliance_level="string",
        approved_patches_enable_non_security=False,
        description="string",
        global_filters=[{
            "key": "string",
            "values": ["string"],
        }],
        name="string",
        operating_system="string",
        rejected_patches=["string"],
        rejected_patches_action="string",
        sources=[{
            "configuration": "string",
            "name": "string",
            "products": ["string"],
        }],
        tags={
            "string": "string",
        })
    
    const patchBaselineResource = new aws.ssm.PatchBaseline("patchBaselineResource", {
        approvalRules: [{
            patchFilters: [{
                key: "string",
                values: ["string"],
            }],
            approveAfterDays: 0,
            approveUntilDate: "string",
            complianceLevel: "string",
            enableNonSecurity: false,
        }],
        approvedPatches: ["string"],
        approvedPatchesComplianceLevel: "string",
        approvedPatchesEnableNonSecurity: false,
        description: "string",
        globalFilters: [{
            key: "string",
            values: ["string"],
        }],
        name: "string",
        operatingSystem: "string",
        rejectedPatches: ["string"],
        rejectedPatchesAction: "string",
        sources: [{
            configuration: "string",
            name: "string",
            products: ["string"],
        }],
        tags: {
            string: "string",
        },
    });
    
    type: aws:ssm:PatchBaseline
    properties:
        approvalRules:
            - approveAfterDays: 0
              approveUntilDate: string
              complianceLevel: string
              enableNonSecurity: false
              patchFilters:
                - key: string
                  values:
                    - string
        approvedPatches:
            - string
        approvedPatchesComplianceLevel: string
        approvedPatchesEnableNonSecurity: false
        description: string
        globalFilters:
            - key: string
              values:
                - string
        name: string
        operatingSystem: string
        rejectedPatches:
            - string
        rejectedPatchesAction: string
        sources:
            - configuration: string
              name: string
              products:
                - string
        tags:
            string: string
    

    PatchBaseline Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The PatchBaseline resource accepts the following input properties:

    ApprovalRules List<PatchBaselineApprovalRule>
    Set of rules used to include patches in the baseline. Up to 10 approval rules can be specified. See approval_rule below.
    ApprovedPatches List<string>
    List of explicitly approved patches for the baseline. Cannot be specified with approval_rule.
    ApprovedPatchesComplianceLevel string
    Compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid values are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.
    ApprovedPatchesEnableNonSecurity bool
    Whether the list of approved patches includes non-security updates that should be applied to the instances. Applies to Linux instances only.
    Description string
    Description of the patch baseline.
    GlobalFilters List<PatchBaselineGlobalFilter>
    Set of global filters used to exclude patches from the baseline. Up to 4 global filters can be specified using Key/Value pairs. Valid Keys are PRODUCT, CLASSIFICATION, MSRC_SEVERITY, and PATCH_ID.
    Name string

    Name of the patch baseline.

    The following arguments are optional:

    OperatingSystem string
    Operating system the patch baseline applies to. Valid values are ALMA_LINUX, AMAZON_LINUX, AMAZON_LINUX_2, AMAZON_LINUX_2022, AMAZON_LINUX_2023, CENTOS, DEBIAN, MACOS, ORACLE_LINUX, RASPBIAN, REDHAT_ENTERPRISE_LINUX, ROCKY_LINUX, SUSE, UBUNTU, and WINDOWS. The default value is WINDOWS.
    RejectedPatches List<string>
    List of rejected patches.
    RejectedPatchesAction string
    Action for Patch Manager to take on patches included in the rejected_patches list. Valid values are ALLOW_AS_DEPENDENCY and BLOCK.
    Sources List<PatchBaselineSource>
    Configuration block with alternate sources for patches. Applies to Linux instances only. See source below.
    Tags Dictionary<string, string>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    ApprovalRules []PatchBaselineApprovalRuleArgs
    Set of rules used to include patches in the baseline. Up to 10 approval rules can be specified. See approval_rule below.
    ApprovedPatches []string
    List of explicitly approved patches for the baseline. Cannot be specified with approval_rule.
    ApprovedPatchesComplianceLevel string
    Compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid values are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.
    ApprovedPatchesEnableNonSecurity bool
    Whether the list of approved patches includes non-security updates that should be applied to the instances. Applies to Linux instances only.
    Description string
    Description of the patch baseline.
    GlobalFilters []PatchBaselineGlobalFilterArgs
    Set of global filters used to exclude patches from the baseline. Up to 4 global filters can be specified using Key/Value pairs. Valid Keys are PRODUCT, CLASSIFICATION, MSRC_SEVERITY, and PATCH_ID.
    Name string

    Name of the patch baseline.

    The following arguments are optional:

    OperatingSystem string
    Operating system the patch baseline applies to. Valid values are ALMA_LINUX, AMAZON_LINUX, AMAZON_LINUX_2, AMAZON_LINUX_2022, AMAZON_LINUX_2023, CENTOS, DEBIAN, MACOS, ORACLE_LINUX, RASPBIAN, REDHAT_ENTERPRISE_LINUX, ROCKY_LINUX, SUSE, UBUNTU, and WINDOWS. The default value is WINDOWS.
    RejectedPatches []string
    List of rejected patches.
    RejectedPatchesAction string
    Action for Patch Manager to take on patches included in the rejected_patches list. Valid values are ALLOW_AS_DEPENDENCY and BLOCK.
    Sources []PatchBaselineSourceArgs
    Configuration block with alternate sources for patches. Applies to Linux instances only. See source below.
    Tags map[string]string
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    approvalRules List<PatchBaselineApprovalRule>
    Set of rules used to include patches in the baseline. Up to 10 approval rules can be specified. See approval_rule below.
    approvedPatches List<String>
    List of explicitly approved patches for the baseline. Cannot be specified with approval_rule.
    approvedPatchesComplianceLevel String
    Compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid values are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.
    approvedPatchesEnableNonSecurity Boolean
    Whether the list of approved patches includes non-security updates that should be applied to the instances. Applies to Linux instances only.
    description String
    Description of the patch baseline.
    globalFilters List<PatchBaselineGlobalFilter>
    Set of global filters used to exclude patches from the baseline. Up to 4 global filters can be specified using Key/Value pairs. Valid Keys are PRODUCT, CLASSIFICATION, MSRC_SEVERITY, and PATCH_ID.
    name String

    Name of the patch baseline.

    The following arguments are optional:

    operatingSystem String
    Operating system the patch baseline applies to. Valid values are ALMA_LINUX, AMAZON_LINUX, AMAZON_LINUX_2, AMAZON_LINUX_2022, AMAZON_LINUX_2023, CENTOS, DEBIAN, MACOS, ORACLE_LINUX, RASPBIAN, REDHAT_ENTERPRISE_LINUX, ROCKY_LINUX, SUSE, UBUNTU, and WINDOWS. The default value is WINDOWS.
    rejectedPatches List<String>
    List of rejected patches.
    rejectedPatchesAction String
    Action for Patch Manager to take on patches included in the rejected_patches list. Valid values are ALLOW_AS_DEPENDENCY and BLOCK.
    sources List<PatchBaselineSource>
    Configuration block with alternate sources for patches. Applies to Linux instances only. See source below.
    tags Map<String,String>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    approvalRules PatchBaselineApprovalRule[]
    Set of rules used to include patches in the baseline. Up to 10 approval rules can be specified. See approval_rule below.
    approvedPatches string[]
    List of explicitly approved patches for the baseline. Cannot be specified with approval_rule.
    approvedPatchesComplianceLevel string
    Compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid values are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.
    approvedPatchesEnableNonSecurity boolean
    Whether the list of approved patches includes non-security updates that should be applied to the instances. Applies to Linux instances only.
    description string
    Description of the patch baseline.
    globalFilters PatchBaselineGlobalFilter[]
    Set of global filters used to exclude patches from the baseline. Up to 4 global filters can be specified using Key/Value pairs. Valid Keys are PRODUCT, CLASSIFICATION, MSRC_SEVERITY, and PATCH_ID.
    name string

    Name of the patch baseline.

    The following arguments are optional:

    operatingSystem string
    Operating system the patch baseline applies to. Valid values are ALMA_LINUX, AMAZON_LINUX, AMAZON_LINUX_2, AMAZON_LINUX_2022, AMAZON_LINUX_2023, CENTOS, DEBIAN, MACOS, ORACLE_LINUX, RASPBIAN, REDHAT_ENTERPRISE_LINUX, ROCKY_LINUX, SUSE, UBUNTU, and WINDOWS. The default value is WINDOWS.
    rejectedPatches string[]
    List of rejected patches.
    rejectedPatchesAction string
    Action for Patch Manager to take on patches included in the rejected_patches list. Valid values are ALLOW_AS_DEPENDENCY and BLOCK.
    sources PatchBaselineSource[]
    Configuration block with alternate sources for patches. Applies to Linux instances only. See source below.
    tags {[key: string]: string}
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    approval_rules Sequence[PatchBaselineApprovalRuleArgs]
    Set of rules used to include patches in the baseline. Up to 10 approval rules can be specified. See approval_rule below.
    approved_patches Sequence[str]
    List of explicitly approved patches for the baseline. Cannot be specified with approval_rule.
    approved_patches_compliance_level str
    Compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid values are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.
    approved_patches_enable_non_security bool
    Whether the list of approved patches includes non-security updates that should be applied to the instances. Applies to Linux instances only.
    description str
    Description of the patch baseline.
    global_filters Sequence[PatchBaselineGlobalFilterArgs]
    Set of global filters used to exclude patches from the baseline. Up to 4 global filters can be specified using Key/Value pairs. Valid Keys are PRODUCT, CLASSIFICATION, MSRC_SEVERITY, and PATCH_ID.
    name str

    Name of the patch baseline.

    The following arguments are optional:

    operating_system str
    Operating system the patch baseline applies to. Valid values are ALMA_LINUX, AMAZON_LINUX, AMAZON_LINUX_2, AMAZON_LINUX_2022, AMAZON_LINUX_2023, CENTOS, DEBIAN, MACOS, ORACLE_LINUX, RASPBIAN, REDHAT_ENTERPRISE_LINUX, ROCKY_LINUX, SUSE, UBUNTU, and WINDOWS. The default value is WINDOWS.
    rejected_patches Sequence[str]
    List of rejected patches.
    rejected_patches_action str
    Action for Patch Manager to take on patches included in the rejected_patches list. Valid values are ALLOW_AS_DEPENDENCY and BLOCK.
    sources Sequence[PatchBaselineSourceArgs]
    Configuration block with alternate sources for patches. Applies to Linux instances only. See source below.
    tags Mapping[str, str]
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    approvalRules List<Property Map>
    Set of rules used to include patches in the baseline. Up to 10 approval rules can be specified. See approval_rule below.
    approvedPatches List<String>
    List of explicitly approved patches for the baseline. Cannot be specified with approval_rule.
    approvedPatchesComplianceLevel String
    Compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid values are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.
    approvedPatchesEnableNonSecurity Boolean
    Whether the list of approved patches includes non-security updates that should be applied to the instances. Applies to Linux instances only.
    description String
    Description of the patch baseline.
    globalFilters List<Property Map>
    Set of global filters used to exclude patches from the baseline. Up to 4 global filters can be specified using Key/Value pairs. Valid Keys are PRODUCT, CLASSIFICATION, MSRC_SEVERITY, and PATCH_ID.
    name String

    Name of the patch baseline.

    The following arguments are optional:

    operatingSystem String
    Operating system the patch baseline applies to. Valid values are ALMA_LINUX, AMAZON_LINUX, AMAZON_LINUX_2, AMAZON_LINUX_2022, AMAZON_LINUX_2023, CENTOS, DEBIAN, MACOS, ORACLE_LINUX, RASPBIAN, REDHAT_ENTERPRISE_LINUX, ROCKY_LINUX, SUSE, UBUNTU, and WINDOWS. The default value is WINDOWS.
    rejectedPatches List<String>
    List of rejected patches.
    rejectedPatchesAction String
    Action for Patch Manager to take on patches included in the rejected_patches list. Valid values are ALLOW_AS_DEPENDENCY and BLOCK.
    sources List<Property Map>
    Configuration block with alternate sources for patches. Applies to Linux instances only. See source below.
    tags Map<String>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the PatchBaseline resource produces the following output properties:

    Arn string
    ARN of the baseline.
    Id string
    The provider-assigned unique ID for this managed resource.
    Json string
    JSON definition of the baseline.
    TagsAll Dictionary<string, string>
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    Arn string
    ARN of the baseline.
    Id string
    The provider-assigned unique ID for this managed resource.
    Json string
    JSON definition of the baseline.
    TagsAll map[string]string
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    arn String
    ARN of the baseline.
    id String
    The provider-assigned unique ID for this managed resource.
    json String
    JSON definition of the baseline.
    tagsAll Map<String,String>
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    arn string
    ARN of the baseline.
    id string
    The provider-assigned unique ID for this managed resource.
    json string
    JSON definition of the baseline.
    tagsAll {[key: string]: string}
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    arn str
    ARN of the baseline.
    id str
    The provider-assigned unique ID for this managed resource.
    json str
    JSON definition of the baseline.
    tags_all Mapping[str, str]
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    arn String
    ARN of the baseline.
    id String
    The provider-assigned unique ID for this managed resource.
    json String
    JSON definition of the baseline.
    tagsAll Map<String>
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    Look up Existing PatchBaseline Resource

    Get an existing PatchBaseline resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: PatchBaselineState, opts?: CustomResourceOptions): PatchBaseline
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            approval_rules: Optional[Sequence[PatchBaselineApprovalRuleArgs]] = None,
            approved_patches: Optional[Sequence[str]] = None,
            approved_patches_compliance_level: Optional[str] = None,
            approved_patches_enable_non_security: Optional[bool] = None,
            arn: Optional[str] = None,
            description: Optional[str] = None,
            global_filters: Optional[Sequence[PatchBaselineGlobalFilterArgs]] = None,
            json: Optional[str] = None,
            name: Optional[str] = None,
            operating_system: Optional[str] = None,
            rejected_patches: Optional[Sequence[str]] = None,
            rejected_patches_action: Optional[str] = None,
            sources: Optional[Sequence[PatchBaselineSourceArgs]] = None,
            tags: Optional[Mapping[str, str]] = None,
            tags_all: Optional[Mapping[str, str]] = None) -> PatchBaseline
    func GetPatchBaseline(ctx *Context, name string, id IDInput, state *PatchBaselineState, opts ...ResourceOption) (*PatchBaseline, error)
    public static PatchBaseline Get(string name, Input<string> id, PatchBaselineState? state, CustomResourceOptions? opts = null)
    public static PatchBaseline get(String name, Output<String> id, PatchBaselineState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    ApprovalRules List<PatchBaselineApprovalRule>
    Set of rules used to include patches in the baseline. Up to 10 approval rules can be specified. See approval_rule below.
    ApprovedPatches List<string>
    List of explicitly approved patches for the baseline. Cannot be specified with approval_rule.
    ApprovedPatchesComplianceLevel string
    Compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid values are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.
    ApprovedPatchesEnableNonSecurity bool
    Whether the list of approved patches includes non-security updates that should be applied to the instances. Applies to Linux instances only.
    Arn string
    ARN of the baseline.
    Description string
    Description of the patch baseline.
    GlobalFilters List<PatchBaselineGlobalFilter>
    Set of global filters used to exclude patches from the baseline. Up to 4 global filters can be specified using Key/Value pairs. Valid Keys are PRODUCT, CLASSIFICATION, MSRC_SEVERITY, and PATCH_ID.
    Json string
    JSON definition of the baseline.
    Name string

    Name of the patch baseline.

    The following arguments are optional:

    OperatingSystem string
    Operating system the patch baseline applies to. Valid values are ALMA_LINUX, AMAZON_LINUX, AMAZON_LINUX_2, AMAZON_LINUX_2022, AMAZON_LINUX_2023, CENTOS, DEBIAN, MACOS, ORACLE_LINUX, RASPBIAN, REDHAT_ENTERPRISE_LINUX, ROCKY_LINUX, SUSE, UBUNTU, and WINDOWS. The default value is WINDOWS.
    RejectedPatches List<string>
    List of rejected patches.
    RejectedPatchesAction string
    Action for Patch Manager to take on patches included in the rejected_patches list. Valid values are ALLOW_AS_DEPENDENCY and BLOCK.
    Sources List<PatchBaselineSource>
    Configuration block with alternate sources for patches. Applies to Linux instances only. See source below.
    Tags Dictionary<string, string>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TagsAll Dictionary<string, string>
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    ApprovalRules []PatchBaselineApprovalRuleArgs
    Set of rules used to include patches in the baseline. Up to 10 approval rules can be specified. See approval_rule below.
    ApprovedPatches []string
    List of explicitly approved patches for the baseline. Cannot be specified with approval_rule.
    ApprovedPatchesComplianceLevel string
    Compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid values are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.
    ApprovedPatchesEnableNonSecurity bool
    Whether the list of approved patches includes non-security updates that should be applied to the instances. Applies to Linux instances only.
    Arn string
    ARN of the baseline.
    Description string
    Description of the patch baseline.
    GlobalFilters []PatchBaselineGlobalFilterArgs
    Set of global filters used to exclude patches from the baseline. Up to 4 global filters can be specified using Key/Value pairs. Valid Keys are PRODUCT, CLASSIFICATION, MSRC_SEVERITY, and PATCH_ID.
    Json string
    JSON definition of the baseline.
    Name string

    Name of the patch baseline.

    The following arguments are optional:

    OperatingSystem string
    Operating system the patch baseline applies to. Valid values are ALMA_LINUX, AMAZON_LINUX, AMAZON_LINUX_2, AMAZON_LINUX_2022, AMAZON_LINUX_2023, CENTOS, DEBIAN, MACOS, ORACLE_LINUX, RASPBIAN, REDHAT_ENTERPRISE_LINUX, ROCKY_LINUX, SUSE, UBUNTU, and WINDOWS. The default value is WINDOWS.
    RejectedPatches []string
    List of rejected patches.
    RejectedPatchesAction string
    Action for Patch Manager to take on patches included in the rejected_patches list. Valid values are ALLOW_AS_DEPENDENCY and BLOCK.
    Sources []PatchBaselineSourceArgs
    Configuration block with alternate sources for patches. Applies to Linux instances only. See source below.
    Tags map[string]string
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TagsAll map[string]string
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    approvalRules List<PatchBaselineApprovalRule>
    Set of rules used to include patches in the baseline. Up to 10 approval rules can be specified. See approval_rule below.
    approvedPatches List<String>
    List of explicitly approved patches for the baseline. Cannot be specified with approval_rule.
    approvedPatchesComplianceLevel String
    Compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid values are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.
    approvedPatchesEnableNonSecurity Boolean
    Whether the list of approved patches includes non-security updates that should be applied to the instances. Applies to Linux instances only.
    arn String
    ARN of the baseline.
    description String
    Description of the patch baseline.
    globalFilters List<PatchBaselineGlobalFilter>
    Set of global filters used to exclude patches from the baseline. Up to 4 global filters can be specified using Key/Value pairs. Valid Keys are PRODUCT, CLASSIFICATION, MSRC_SEVERITY, and PATCH_ID.
    json String
    JSON definition of the baseline.
    name String

    Name of the patch baseline.

    The following arguments are optional:

    operatingSystem String
    Operating system the patch baseline applies to. Valid values are ALMA_LINUX, AMAZON_LINUX, AMAZON_LINUX_2, AMAZON_LINUX_2022, AMAZON_LINUX_2023, CENTOS, DEBIAN, MACOS, ORACLE_LINUX, RASPBIAN, REDHAT_ENTERPRISE_LINUX, ROCKY_LINUX, SUSE, UBUNTU, and WINDOWS. The default value is WINDOWS.
    rejectedPatches List<String>
    List of rejected patches.
    rejectedPatchesAction String
    Action for Patch Manager to take on patches included in the rejected_patches list. Valid values are ALLOW_AS_DEPENDENCY and BLOCK.
    sources List<PatchBaselineSource>
    Configuration block with alternate sources for patches. Applies to Linux instances only. See source below.
    tags Map<String,String>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll Map<String,String>
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    approvalRules PatchBaselineApprovalRule[]
    Set of rules used to include patches in the baseline. Up to 10 approval rules can be specified. See approval_rule below.
    approvedPatches string[]
    List of explicitly approved patches for the baseline. Cannot be specified with approval_rule.
    approvedPatchesComplianceLevel string
    Compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid values are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.
    approvedPatchesEnableNonSecurity boolean
    Whether the list of approved patches includes non-security updates that should be applied to the instances. Applies to Linux instances only.
    arn string
    ARN of the baseline.
    description string
    Description of the patch baseline.
    globalFilters PatchBaselineGlobalFilter[]
    Set of global filters used to exclude patches from the baseline. Up to 4 global filters can be specified using Key/Value pairs. Valid Keys are PRODUCT, CLASSIFICATION, MSRC_SEVERITY, and PATCH_ID.
    json string
    JSON definition of the baseline.
    name string

    Name of the patch baseline.

    The following arguments are optional:

    operatingSystem string
    Operating system the patch baseline applies to. Valid values are ALMA_LINUX, AMAZON_LINUX, AMAZON_LINUX_2, AMAZON_LINUX_2022, AMAZON_LINUX_2023, CENTOS, DEBIAN, MACOS, ORACLE_LINUX, RASPBIAN, REDHAT_ENTERPRISE_LINUX, ROCKY_LINUX, SUSE, UBUNTU, and WINDOWS. The default value is WINDOWS.
    rejectedPatches string[]
    List of rejected patches.
    rejectedPatchesAction string
    Action for Patch Manager to take on patches included in the rejected_patches list. Valid values are ALLOW_AS_DEPENDENCY and BLOCK.
    sources PatchBaselineSource[]
    Configuration block with alternate sources for patches. Applies to Linux instances only. See source below.
    tags {[key: string]: string}
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll {[key: string]: string}
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    approval_rules Sequence[PatchBaselineApprovalRuleArgs]
    Set of rules used to include patches in the baseline. Up to 10 approval rules can be specified. See approval_rule below.
    approved_patches Sequence[str]
    List of explicitly approved patches for the baseline. Cannot be specified with approval_rule.
    approved_patches_compliance_level str
    Compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid values are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.
    approved_patches_enable_non_security bool
    Whether the list of approved patches includes non-security updates that should be applied to the instances. Applies to Linux instances only.
    arn str
    ARN of the baseline.
    description str
    Description of the patch baseline.
    global_filters Sequence[PatchBaselineGlobalFilterArgs]
    Set of global filters used to exclude patches from the baseline. Up to 4 global filters can be specified using Key/Value pairs. Valid Keys are PRODUCT, CLASSIFICATION, MSRC_SEVERITY, and PATCH_ID.
    json str
    JSON definition of the baseline.
    name str

    Name of the patch baseline.

    The following arguments are optional:

    operating_system str
    Operating system the patch baseline applies to. Valid values are ALMA_LINUX, AMAZON_LINUX, AMAZON_LINUX_2, AMAZON_LINUX_2022, AMAZON_LINUX_2023, CENTOS, DEBIAN, MACOS, ORACLE_LINUX, RASPBIAN, REDHAT_ENTERPRISE_LINUX, ROCKY_LINUX, SUSE, UBUNTU, and WINDOWS. The default value is WINDOWS.
    rejected_patches Sequence[str]
    List of rejected patches.
    rejected_patches_action str
    Action for Patch Manager to take on patches included in the rejected_patches list. Valid values are ALLOW_AS_DEPENDENCY and BLOCK.
    sources Sequence[PatchBaselineSourceArgs]
    Configuration block with alternate sources for patches. Applies to Linux instances only. See source below.
    tags Mapping[str, str]
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tags_all Mapping[str, str]
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    approvalRules List<Property Map>
    Set of rules used to include patches in the baseline. Up to 10 approval rules can be specified. See approval_rule below.
    approvedPatches List<String>
    List of explicitly approved patches for the baseline. Cannot be specified with approval_rule.
    approvedPatchesComplianceLevel String
    Compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid values are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.
    approvedPatchesEnableNonSecurity Boolean
    Whether the list of approved patches includes non-security updates that should be applied to the instances. Applies to Linux instances only.
    arn String
    ARN of the baseline.
    description String
    Description of the patch baseline.
    globalFilters List<Property Map>
    Set of global filters used to exclude patches from the baseline. Up to 4 global filters can be specified using Key/Value pairs. Valid Keys are PRODUCT, CLASSIFICATION, MSRC_SEVERITY, and PATCH_ID.
    json String
    JSON definition of the baseline.
    name String

    Name of the patch baseline.

    The following arguments are optional:

    operatingSystem String
    Operating system the patch baseline applies to. Valid values are ALMA_LINUX, AMAZON_LINUX, AMAZON_LINUX_2, AMAZON_LINUX_2022, AMAZON_LINUX_2023, CENTOS, DEBIAN, MACOS, ORACLE_LINUX, RASPBIAN, REDHAT_ENTERPRISE_LINUX, ROCKY_LINUX, SUSE, UBUNTU, and WINDOWS. The default value is WINDOWS.
    rejectedPatches List<String>
    List of rejected patches.
    rejectedPatchesAction String
    Action for Patch Manager to take on patches included in the rejected_patches list. Valid values are ALLOW_AS_DEPENDENCY and BLOCK.
    sources List<Property Map>
    Configuration block with alternate sources for patches. Applies to Linux instances only. See source below.
    tags Map<String>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll Map<String>
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    Supporting Types

    PatchBaselineApprovalRule, PatchBaselineApprovalRuleArgs

    PatchFilters List<PatchBaselineApprovalRulePatchFilter>
    Patch filter group that defines the criteria for the rule. Up to 5 patch filters can be specified per approval rule using Key/Value pairs. Valid combinations of these Keys and the operating_system value can be found in the SSM DescribePatchProperties API Reference. Valid Values are exact values for the patch property given as the key, or a wildcard *, which matches all values. PATCH_SET defaults to OS if unspecified
    ApproveAfterDays int
    Number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline. Valid Range: 0 to 360. Conflicts with approve_until_date.
    ApproveUntilDate string
    Cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as YYYY-MM-DD. Conflicts with approve_after_days
    ComplianceLevel string
    Compliance level for patches approved by this rule. Valid values are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, and UNSPECIFIED. The default value is UNSPECIFIED.
    EnableNonSecurity bool
    Boolean enabling the application of non-security updates. The default value is false. Valid for Linux instances only.
    PatchFilters []PatchBaselineApprovalRulePatchFilter
    Patch filter group that defines the criteria for the rule. Up to 5 patch filters can be specified per approval rule using Key/Value pairs. Valid combinations of these Keys and the operating_system value can be found in the SSM DescribePatchProperties API Reference. Valid Values are exact values for the patch property given as the key, or a wildcard *, which matches all values. PATCH_SET defaults to OS if unspecified
    ApproveAfterDays int
    Number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline. Valid Range: 0 to 360. Conflicts with approve_until_date.
    ApproveUntilDate string
    Cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as YYYY-MM-DD. Conflicts with approve_after_days
    ComplianceLevel string
    Compliance level for patches approved by this rule. Valid values are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, and UNSPECIFIED. The default value is UNSPECIFIED.
    EnableNonSecurity bool
    Boolean enabling the application of non-security updates. The default value is false. Valid for Linux instances only.
    patchFilters List<PatchBaselineApprovalRulePatchFilter>
    Patch filter group that defines the criteria for the rule. Up to 5 patch filters can be specified per approval rule using Key/Value pairs. Valid combinations of these Keys and the operating_system value can be found in the SSM DescribePatchProperties API Reference. Valid Values are exact values for the patch property given as the key, or a wildcard *, which matches all values. PATCH_SET defaults to OS if unspecified
    approveAfterDays Integer
    Number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline. Valid Range: 0 to 360. Conflicts with approve_until_date.
    approveUntilDate String
    Cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as YYYY-MM-DD. Conflicts with approve_after_days
    complianceLevel String
    Compliance level for patches approved by this rule. Valid values are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, and UNSPECIFIED. The default value is UNSPECIFIED.
    enableNonSecurity Boolean
    Boolean enabling the application of non-security updates. The default value is false. Valid for Linux instances only.
    patchFilters PatchBaselineApprovalRulePatchFilter[]
    Patch filter group that defines the criteria for the rule. Up to 5 patch filters can be specified per approval rule using Key/Value pairs. Valid combinations of these Keys and the operating_system value can be found in the SSM DescribePatchProperties API Reference. Valid Values are exact values for the patch property given as the key, or a wildcard *, which matches all values. PATCH_SET defaults to OS if unspecified
    approveAfterDays number
    Number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline. Valid Range: 0 to 360. Conflicts with approve_until_date.
    approveUntilDate string
    Cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as YYYY-MM-DD. Conflicts with approve_after_days
    complianceLevel string
    Compliance level for patches approved by this rule. Valid values are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, and UNSPECIFIED. The default value is UNSPECIFIED.
    enableNonSecurity boolean
    Boolean enabling the application of non-security updates. The default value is false. Valid for Linux instances only.
    patch_filters Sequence[PatchBaselineApprovalRulePatchFilter]
    Patch filter group that defines the criteria for the rule. Up to 5 patch filters can be specified per approval rule using Key/Value pairs. Valid combinations of these Keys and the operating_system value can be found in the SSM DescribePatchProperties API Reference. Valid Values are exact values for the patch property given as the key, or a wildcard *, which matches all values. PATCH_SET defaults to OS if unspecified
    approve_after_days int
    Number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline. Valid Range: 0 to 360. Conflicts with approve_until_date.
    approve_until_date str
    Cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as YYYY-MM-DD. Conflicts with approve_after_days
    compliance_level str
    Compliance level for patches approved by this rule. Valid values are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, and UNSPECIFIED. The default value is UNSPECIFIED.
    enable_non_security bool
    Boolean enabling the application of non-security updates. The default value is false. Valid for Linux instances only.
    patchFilters List<Property Map>
    Patch filter group that defines the criteria for the rule. Up to 5 patch filters can be specified per approval rule using Key/Value pairs. Valid combinations of these Keys and the operating_system value can be found in the SSM DescribePatchProperties API Reference. Valid Values are exact values for the patch property given as the key, or a wildcard *, which matches all values. PATCH_SET defaults to OS if unspecified
    approveAfterDays Number
    Number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline. Valid Range: 0 to 360. Conflicts with approve_until_date.
    approveUntilDate String
    Cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as YYYY-MM-DD. Conflicts with approve_after_days
    complianceLevel String
    Compliance level for patches approved by this rule. Valid values are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, and UNSPECIFIED. The default value is UNSPECIFIED.
    enableNonSecurity Boolean
    Boolean enabling the application of non-security updates. The default value is false. Valid for Linux instances only.

    PatchBaselineApprovalRulePatchFilter, PatchBaselineApprovalRulePatchFilterArgs

    Key string
    Values List<string>
    Key string
    Values []string
    key String
    values List<String>
    key string
    values string[]
    key str
    values Sequence[str]
    key String
    values List<String>

    PatchBaselineGlobalFilter, PatchBaselineGlobalFilterArgs

    Key string
    Values List<string>
    Key string
    Values []string
    key String
    values List<String>
    key string
    values string[]
    key str
    values Sequence[str]
    key String
    values List<String>

    PatchBaselineSource, PatchBaselineSourceArgs

    Configuration string
    Value of the yum repo configuration. For information about other options available for your yum repository configuration, see the dnf.conf documentation
    Name string
    Name specified to identify the patch source.
    Products List<string>
    Specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "AmazonLinux2016.09", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter.
    Configuration string
    Value of the yum repo configuration. For information about other options available for your yum repository configuration, see the dnf.conf documentation
    Name string
    Name specified to identify the patch source.
    Products []string
    Specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "AmazonLinux2016.09", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter.
    configuration String
    Value of the yum repo configuration. For information about other options available for your yum repository configuration, see the dnf.conf documentation
    name String
    Name specified to identify the patch source.
    products List<String>
    Specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "AmazonLinux2016.09", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter.
    configuration string
    Value of the yum repo configuration. For information about other options available for your yum repository configuration, see the dnf.conf documentation
    name string
    Name specified to identify the patch source.
    products string[]
    Specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "AmazonLinux2016.09", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter.
    configuration str
    Value of the yum repo configuration. For information about other options available for your yum repository configuration, see the dnf.conf documentation
    name str
    Name specified to identify the patch source.
    products Sequence[str]
    Specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "AmazonLinux2016.09", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter.
    configuration String
    Value of the yum repo configuration. For information about other options available for your yum repository configuration, see the dnf.conf documentation
    name String
    Name specified to identify the patch source.
    products List<String>
    Specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "AmazonLinux2016.09", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter.

    Import

    Using pulumi import, import SSM Patch Baselines using their baseline ID. For example:

    $ pulumi import aws:ssm/patchBaseline:PatchBaseline example pb-12345678
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo
    AWS v6.60.0 published on Tuesday, Nov 19, 2024 by Pulumi