SSM / Client / describe_effective_patches_for_patch_baseline
describe_effective_patches_for_patch_baseline#
- SSM.Client.describe_effective_patches_for_patch_baseline(**kwargs)#
Retrieves the current effective patches (the patch and the approval state) for the specified patch baseline. Applies to patch baselines for Windows only.
See also: AWS API Documentation
Request Syntax
response = client.describe_effective_patches_for_patch_baseline( BaselineId='string', MaxResults=123, NextToken='string' )
- Parameters:
BaselineId (string) –
[REQUIRED]
The ID of the patch baseline to retrieve the effective patches for.
MaxResults (integer) – The maximum number of patches to return (per page).
NextToken (string) – The token for the next set of items to return. (You received this token from a previous call.)
- Return type:
dict
- Returns:
Response Syntax
{ 'EffectivePatches': [ { 'Patch': { 'Id': 'string', 'ReleaseDate': datetime(2015, 1, 1), 'Title': 'string', 'Description': 'string', 'ContentUrl': 'string', 'Vendor': 'string', 'ProductFamily': 'string', 'Product': 'string', 'Classification': 'string', 'MsrcSeverity': 'string', 'KbNumber': 'string', 'MsrcNumber': 'string', 'Language': 'string', 'AdvisoryIds': [ 'string', ], 'BugzillaIds': [ 'string', ], 'CVEIds': [ 'string', ], 'Name': 'string', 'Epoch': 123, 'Version': 'string', 'Release': 'string', 'Arch': 'string', 'Severity': 'string', 'Repository': 'string' }, 'PatchStatus': { 'DeploymentStatus': 'APPROVED'|'PENDING_APPROVAL'|'EXPLICIT_APPROVED'|'EXPLICIT_REJECTED', 'ComplianceLevel': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED', 'ApprovalDate': datetime(2015, 1, 1) } }, ], 'NextToken': 'string' }
Response Structure
(dict) –
EffectivePatches (list) –
An array of patches and patch status.
(dict) –
The
EffectivePatch
structure defines metadata about a patch along with the approval state of the patch in a particular patch baseline. The approval state includes information about whether the patch is currently approved, due to be approved by a rule, explicitly approved, or explicitly rejected and the date the patch was or will be approved.Patch (dict) –
Provides metadata for a patch, including information such as the KB ID, severity, classification and a URL for where more information can be obtained about the patch.
Id (string) –
The ID of the patch. Applies to Windows patches only.
Note
This ID isn’t the same as the Microsoft Knowledge Base ID.
ReleaseDate (datetime) –
The date the patch was released.
Title (string) –
The title of the patch.
Description (string) –
The description of the patch.
ContentUrl (string) –
The URL where more information can be obtained about the patch.
Vendor (string) –
The name of the vendor providing the patch.
ProductFamily (string) –
The product family the patch is applicable for. For example,
Windows
orAmazon Linux 2
.Product (string) –
The specific product the patch is applicable for. For example,
WindowsServer2016
orAmazonLinux2018.03
.Classification (string) –
The classification of the patch. For example,
SecurityUpdates
,Updates
, orCriticalUpdates
.MsrcSeverity (string) –
The severity of the patch, such as
Critical
,Important
, orModerate
. Applies to Windows patches only.KbNumber (string) –
The Microsoft Knowledge Base ID of the patch. Applies to Windows patches only.
MsrcNumber (string) –
The ID of the Microsoft Security Response Center (MSRC) bulletin the patch is related to. For example,
MS14-045
. Applies to Windows patches only.Language (string) –
The language of the patch if it’s language-specific.
AdvisoryIds (list) –
The Advisory ID of the patch. For example,
RHSA-2020:3779
. Applies to Linux-based managed nodes only.(string) –
BugzillaIds (list) –
The Bugzilla ID of the patch. For example,
1600646
. Applies to Linux-based managed nodes only.(string) –
CVEIds (list) –
The Common Vulnerabilities and Exposures (CVE) ID of the patch. For example,
CVE-2011-3192
. Applies to Linux-based managed nodes only.(string) –
Name (string) –
The name of the patch. Applies to Linux-based managed nodes only.
Epoch (integer) –
The epoch of the patch. For example in
pkg-example-EE-20180914-2.2.amzn1.noarch
, the epoch value is20180914-2
. Applies to Linux-based managed nodes only.Version (string) –
The version number of the patch. For example, in
example-pkg-1.710.10-2.7.abcd.x86_64
, the version number is indicated by-1
. Applies to Linux-based managed nodes only.Release (string) –
The particular release of a patch. For example, in
pkg-example-EE-20180914-2.2.amzn1.noarch
, the release is2.amaz1
. Applies to Linux-based managed nodes only.Arch (string) –
The architecture of the patch. For example, in
example-pkg-0.710.10-2.7.abcd.x86_64
, the architecture is indicated byx86_64
. Applies to Linux-based managed nodes only.Severity (string) –
The severity level of the patch. For example,
CRITICAL
orMODERATE
.Repository (string) –
The source patch repository for the operating system and version, such as
trusty-security
for Ubuntu Server 14.04 LTE andfocal-security
for Ubuntu Server 20.04 LTE. Applies to Linux-based managed nodes only.
PatchStatus (dict) –
The status of the patch in a patch baseline. This includes information about whether the patch is currently approved, due to be approved by a rule, explicitly approved, or explicitly rejected and the date the patch was or will be approved.
DeploymentStatus (string) –
The approval status of a patch.
ComplianceLevel (string) –
The compliance severity level for a patch.
ApprovalDate (datetime) –
The date the patch was approved (or will be approved if the status is
PENDING_APPROVAL
).
NextToken (string) –
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
SSM.Client.exceptions.InvalidResourceId
SSM.Client.exceptions.DoesNotExistException
SSM.Client.exceptions.UnsupportedOperatingSystem
SSM.Client.exceptions.InternalServerError