SSM.Client.
put_compliance_items
(**kwargs)¶Registers a compliance type and other compliance details on a designated resource. This operation lets you register custom compliance details with a resource. This call overwrites existing compliance information on the resource, so you must provide a full list of compliance items each time that you send the request.
ComplianceType can be one of the following:
string
.approved
for patches, or Failed
for associations.Critical
.AWS-RunPatchBaseline
.security updates
.Critical
.InstancesWithFailedPatches
.See also: AWS API Documentation
Request Syntax
response = client.put_compliance_items(
ResourceId='string',
ResourceType='string',
ComplianceType='string',
ExecutionSummary={
'ExecutionTime': datetime(2015, 1, 1),
'ExecutionId': 'string',
'ExecutionType': 'string'
},
Items=[
{
'Id': 'string',
'Title': 'string',
'Severity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED',
'Status': 'COMPLIANT'|'NON_COMPLIANT',
'Details': {
'string': 'string'
}
},
],
ItemContentHash='string',
UploadType='COMPLETE'|'PARTIAL'
)
[REQUIRED]
Specify an ID for this resource. For a managed node, this is the node ID.
[REQUIRED]
Specify the type of resource. ManagedInstance
is currently the only supported resource type.
[REQUIRED]
Specify the compliance type. For example, specify Association (for a State Manager association), Patch, or Custom: string
.
[REQUIRED]
A summary of the call execution that includes an execution ID, the type of execution (for example, Command
), and the date/time of the execution using a datetime object that is saved in the following format: yyyy-MM-dd'T'HH:mm:ss'Z'.
The time the execution ran as a datetime object that is saved in the following format: yyyy-MM-dd'T'HH:mm:ss'Z'.
An ID created by the system when PutComplianceItems
was called. For example, CommandID
is a valid execution ID. You can use this ID in subsequent calls.
The type of execution. For example, Command
is a valid execution type.
[REQUIRED]
Information about the compliance as defined by the resource type. For example, for a patch compliance type, Items
includes information about the PatchSeverity, Classification, and so on.
Information about a compliance item.
The compliance item ID. For example, if the compliance item is a Windows patch, the ID could be the number of the KB article.
The title of the compliance item. For example, if the compliance item is a Windows patch, the title could be the title of the KB article for the patch; for example: Security Update for Active Directory Federation Services.
The severity of the compliance status. Severity can be one of the following: Critical, High, Medium, Low, Informational, Unspecified.
The status of the compliance item. An item is either COMPLIANT or NON_COMPLIANT.
A "Key": "Value" tag combination for the compliance item.
The mode for uploading compliance items. You can specify COMPLETE
or PARTIAL
. In COMPLETE
mode, the system overwrites all existing compliance information for the resource. You must provide a full list of compliance items each time you send the request.
In PARTIAL
mode, the system overwrites compliance information for a specific association. The association must be configured with SyncCompliance
set to MANUAL
. By default, all requests use COMPLETE
mode.
Note
This attribute is only valid for association compliance.
dict
Response Syntax
{}
Response Structure
Exceptions
SSM.Client.exceptions.InternalServerError
SSM.Client.exceptions.InvalidItemContentException
SSM.Client.exceptions.TotalSizeLimitExceededException
SSM.Client.exceptions.ItemSizeLimitExceededException
SSM.Client.exceptions.ComplianceTypeCountLimitExceededException
SSM.Client.exceptions.InvalidResourceType
SSM.Client.exceptions.InvalidResourceId