SSM / Client / describe_available_patches

describe_available_patches

SSM.Client.describe_available_patches(**kwargs)

Lists all patches eligible to be included in a patch baseline.

Note

Currently, DescribeAvailablePatches supports only the Amazon Linux 1, Amazon Linux 2, and Windows Server operating systems.

See also: AWS API Documentation

Request Syntax

response = client.describe_available_patches(
    Filters=[
        {
            'Key': 'string',
            'Values': [
                'string',
            ]
        },
    ],
    MaxResults=123,
    NextToken='string'
)
Parameters:

  • Filters (list) –

    Each element in the array is a structure containing a key-value pair.

    Windows Server

    Supported keys for Windows Server managed node patches include the following:

    • PATCH_SET Sample values: OS | APPLICATION

    • PRODUCT Sample values: WindowsServer2012 | Office 2010 | MicrosoftDefenderAntivirus

    • PRODUCT_FAMILY Sample values: Windows | Office

    • MSRC_SEVERITY Sample values: ServicePacks | Important | Moderate

    • CLASSIFICATION Sample values: ServicePacks | SecurityUpdates | DefinitionUpdates

    • PATCH_ID Sample values: KB123456 | KB4516046

    Linux

    Warning

    When specifying filters for Linux patches, you must specify a key-pair for PRODUCT. For example, using the Command Line Interface (CLI), the following command fails:

    aws ssm describe-available-patches --filters Key=CVE_ID,Values=CVE-2018-3615

    However, the following command succeeds:

    aws ssm describe-available-patches --filters Key=PRODUCT,Values=AmazonLinux2018.03 Key=CVE_ID,Values=CVE-2018-3615

    Supported keys for Linux managed node patches include the following:

    • PRODUCT Sample values: AmazonLinux2018.03 | AmazonLinux2.0

    • NAME Sample values: kernel-headers | samba-python | php

    • SEVERITY Sample values: Critical | Important | Medium | Low

    • EPOCH Sample values: 0 | 1

    • VERSION Sample values: 78.6.1 | 4.10.16

    • RELEASE Sample values: 9.56.amzn1 | 1.amzn2

    • ARCH Sample values: i686 | x86_64

    • REPOSITORY Sample values: Core | Updates

    • ADVISORY_ID Sample values: ALAS-2018-1058 | ALAS2-2021-1594

    • CVE_ID Sample values: CVE-2018-3615 | CVE-2020-1472

    • BUGZILLA_ID Sample values: 1463241

    • (dict) –

      Defines a filter used in Patch Manager APIs. Supported filter keys depend on the API operation that includes the filter. Patch Manager API operations that use PatchOrchestratorFilter include the following:

      • DescribeAvailablePatches

      • DescribeInstancePatches

      • DescribePatchBaselines

      • DescribePatchGroups

      • Key (string) –

        The key for the filter.

      • Values (list) –

        The value for the filter.

        • (string) –

  • MaxResults (integer) – The maximum number of patches to return (per page).

  • NextToken (string) – The token for the next set of items to return. (You received this token from a previous call.)

Return type:

dict

Returns:

Response Syntax

{
    'Patches': [
        {
            'Id': 'string',
            'ReleaseDate': datetime(2015, 1, 1),
            'Title': 'string',
            'Description': 'string',
            'ContentUrl': 'string',
            'Vendor': 'string',
            'ProductFamily': 'string',
            'Product': 'string',
            'Classification': 'string',
            'MsrcSeverity': 'string',
            'KbNumber': 'string',
            'MsrcNumber': 'string',
            'Language': 'string',
            'AdvisoryIds': [
                'string',
            ],
            'BugzillaIds': [
                'string',
            ],
            'CVEIds': [
                'string',
            ],
            'Name': 'string',
            'Epoch': 123,
            'Version': 'string',
            'Release': 'string',
            'Arch': 'string',
            'Severity': 'string',
            'Repository': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) –

    • Patches (list) –

      An array of patches. Each entry in the array is a patch structure.

      • (dict) –

        Represents metadata about a patch.

        • Id (string) –

          The ID of the patch. Applies to Windows patches only.

          Note

          This ID isn’t the same as the Microsoft Knowledge Base ID.

        • ReleaseDate (datetime) –

          The date the patch was released.

        • Title (string) –

          The title of the patch.

        • Description (string) –

          The description of the patch.

        • ContentUrl (string) –

          The URL where more information can be obtained about the patch.

        • Vendor (string) –

          The name of the vendor providing the patch.

        • ProductFamily (string) –

          The product family the patch is applicable for. For example, Windows or Amazon Linux 2.

        • Product (string) –

          The specific product the patch is applicable for. For example, WindowsServer2016 or AmazonLinux2018.03.

        • Classification (string) –

          The classification of the patch. For example, SecurityUpdates, Updates, or CriticalUpdates.

        • MsrcSeverity (string) –

          The severity of the patch, such as Critical, Important, or Moderate. Applies to Windows patches only.

        • KbNumber (string) –

          The Microsoft Knowledge Base ID of the patch. Applies to Windows patches only.

        • MsrcNumber (string) –

          The ID of the Microsoft Security Response Center (MSRC) bulletin the patch is related to. For example, MS14-045. Applies to Windows patches only.

        • Language (string) –

          The language of the patch if it’s language-specific.

        • AdvisoryIds (list) –

          The Advisory ID of the patch. For example, RHSA-2020:3779. Applies to Linux-based managed nodes only.

          • (string) –

        • BugzillaIds (list) –

          The Bugzilla ID of the patch. For example, 1600646. Applies to Linux-based managed nodes only.

          • (string) –

        • CVEIds (list) –

          The Common Vulnerabilities and Exposures (CVE) ID of the patch. For example, CVE-2011-3192. Applies to Linux-based managed nodes only.

          • (string) –

        • Name (string) –

          The name of the patch. Applies to Linux-based managed nodes only.

        • Epoch (integer) –

          The epoch of the patch. For example in pkg-example-EE-20180914-2.2.amzn1.noarch, the epoch value is 20180914-2. Applies to Linux-based managed nodes only.

        • Version (string) –

          The version number of the patch. For example, in example-pkg-1.710.10-2.7.abcd.x86_64, the version number is indicated by -1. Applies to Linux-based managed nodes only.

        • Release (string) –

          The particular release of a patch. For example, in pkg-example-EE-20180914-2.2.amzn1.noarch, the release is 2.amaz1. Applies to Linux-based managed nodes only.

        • Arch (string) –

          The architecture of the patch. For example, in example-pkg-0.710.10-2.7.abcd.x86_64, the architecture is indicated by x86_64. Applies to Linux-based managed nodes only.

        • Severity (string) –

          The severity level of the patch. For example, CRITICAL or MODERATE.

        • Repository (string) –

          The source patch repository for the operating system and version, such as trusty-security for Ubuntu Server 14.04 LTE and focal-security for Ubuntu Server 20.04 LTE. Applies to Linux-based managed nodes only.

    • NextToken (string) –

      The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

Exceptions

  • SSM.Client.exceptions.InternalServerError