2018/02/06 - Amazon Simple Systems Manager (SSM) - 7 updated api methods
Changes Update ssm client to latest version
{'ApprovalRules': {'PatchRules': {'EnableNonSecurity': 'boolean'}}, 'ApprovedPatchesEnableNonSecurity': 'boolean', 'OperatingSystem': {'SUSE'}, 'Sources': [{'Configuration': 'string', 'Name': 'string', 'Products': ['string']}]}
Creates a patch baseline.
See also: AWS API Documentation
Request Syntax
client.create_patch_baseline( OperatingSystem='WINDOWS'|'AMAZON_LINUX'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'|'SUSE', Name='string', GlobalFilters={ 'PatchFilters': [ { 'Key': 'PRODUCT'|'CLASSIFICATION'|'MSRC_SEVERITY'|'PATCH_ID'|'SECTION'|'PRIORITY'|'SEVERITY', 'Values': [ 'string', ] }, ] }, ApprovalRules={ 'PatchRules': [ { 'PatchFilterGroup': { 'PatchFilters': [ { 'Key': 'PRODUCT'|'CLASSIFICATION'|'MSRC_SEVERITY'|'PATCH_ID'|'SECTION'|'PRIORITY'|'SEVERITY', 'Values': [ 'string', ] }, ] }, 'ComplianceLevel': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED', 'ApproveAfterDays': 123, 'EnableNonSecurity': True|False }, ] }, ApprovedPatches=[ 'string', ], ApprovedPatchesComplianceLevel='CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED', ApprovedPatchesEnableNonSecurity=True|False, RejectedPatches=[ 'string', ], Description='string', Sources=[ { 'Name': 'string', 'Products': [ 'string', ], 'Configuration': 'string' }, ], ClientToken='string' )
string
Defines the operating system the patch baseline applies to. The Default value is WINDOWS.
string
[REQUIRED]
The name of the patch baseline.
dict
A set of global filters used to exclude patches from the baseline.
PatchFilters (list) -- [REQUIRED]
The set of patch filters that make up the group.
(dict) --
Defines a patch filter.
A patch filter consists of key/value pairs, but not all keys are valid for all operating system types. For example, the key PRODUCT is valid for all supported operating system types. The key MSRC_SEVERITY, however, is valid only for Windows operating systems, and the key SECTION is valid only for Ubuntu operating systems.
Refer to the following sections for information about which keys may be used with each major operating system, and which values are valid for each key.
Windows Operating Systems
The supported keys for Windows operating systems are PRODUCT, CLASSIFICATION, and MSRC_SEVERITY. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
Windows7
Windows8
Windows8.1
Windows8Embedded
Windows10
Windows10LTSB
WindowsServer2008
WindowsServer2008R2
WindowsServer2012
WindowsServer2012R2
WindowsServer2016
Supported key: CLASSIFICATION
Supported values:
CriticalUpdates
DefinitionUpdates
Drivers
FeaturePacks
SecurityUpdates
ServicePacks
Tools
UpdateRollups
Updates
Upgrades
Supported key: MSRC_SEVERITY
Supported values:
Critical
Important
Moderate
Low
Unspecified
Ubuntu Operating Systems
The supported keys for Ubuntu operating systems are PRODUCT, PRIORITY, and SECTION. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
Ubuntu14.04
Ubuntu16.04
Supported key: PRIORITY
Supported values:
Required
Important
Standard
Optional
Extra
Supported key: SECTION
Only the length of the key value is validated. Minimum length is 1. Maximum length is 64.
Amazon Linux Operating Systems
The supported keys for Amazon Linux operating systems are PRODUCT, CLASSIFICATION, and SEVERITY. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
AmazonLinux2012.03
AmazonLinux2012.09
AmazonLinux2013.03
AmazonLinux2013.09
AmazonLinux2014.03
AmazonLinux2014.09
AmazonLinux2015.03
AmazonLinux2015.09
AmazonLinux2016.03
AmazonLinux2016.09
AmazonLinux2017.03
AmazonLinux2017.09
Supported key: CLASSIFICATION
Supported values:
Security
Bugfix
Enhancement
Recommended
Newpackage
Supported key: SEVERITY
Supported values:
Critical
Important
Medium
Low
RedHat Enterprise Linux (RHEL) Operating Systems
The supported keys for RedHat Enterprise Linux operating systems are PRODUCT, CLASSIFICATION, and SEVERITY. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
RedhatEnterpriseLinux6.5
RedhatEnterpriseLinux6.6
RedhatEnterpriseLinux6.7
RedhatEnterpriseLinux6.8
RedhatEnterpriseLinux6.9
RedhatEnterpriseLinux7.0
RedhatEnterpriseLinux7.1
RedhatEnterpriseLinux7.2
RedhatEnterpriseLinux7.3
RedhatEnterpriseLinux7.4
Supported key: CLASSIFICATION
Supported values:
Security
Bugfix
Enhancement
Recommended
Newpackage
Supported key: SEVERITY
Supported values:
Critical
Important
Medium
Low
SUSE Linux Enterprise Server (SUSE) Operating Systems
The supported keys for SUSE operating systems are PRODUCT, CLASSIFICATION, and SEVERITY. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
Suse12.0
Suse12.1
Suse12.2
Suse12.3
Suse12.4
Suse12.5
Suse12.6
Suse12.7
Suse12.8
Suse12.9
Supported key: CLASSIFICATION
Supported values:
Security
Recommended
Optional
Feature
Document
Yast
Supported key: SEVERITY
Supported values:
Critical
Important
Moderate
Low
Key (string) -- [REQUIRED]
The key for the filter.
See PatchFilter for lists of valid keys for each operating system type.
Values (list) -- [REQUIRED]
The value for the filter key.
See PatchFilter for lists of valid values for each key based on operating system type.
(string) --
dict
A set of rules used to include patches in the baseline.
PatchRules (list) -- [REQUIRED]
The rules that make up the rule group.
(dict) --
Defines an approval rule for a patch baseline.
PatchFilterGroup (dict) -- [REQUIRED]
The patch filter group that defines the criteria for the rule.
PatchFilters (list) -- [REQUIRED]
The set of patch filters that make up the group.
(dict) --
Defines a patch filter.
A patch filter consists of key/value pairs, but not all keys are valid for all operating system types. For example, the key PRODUCT is valid for all supported operating system types. The key MSRC_SEVERITY, however, is valid only for Windows operating systems, and the key SECTION is valid only for Ubuntu operating systems.
Refer to the following sections for information about which keys may be used with each major operating system, and which values are valid for each key.
Windows Operating Systems
The supported keys for Windows operating systems are PRODUCT, CLASSIFICATION, and MSRC_SEVERITY. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
Windows7
Windows8
Windows8.1
Windows8Embedded
Windows10
Windows10LTSB
WindowsServer2008
WindowsServer2008R2
WindowsServer2012
WindowsServer2012R2
WindowsServer2016
Supported key: CLASSIFICATION
Supported values:
CriticalUpdates
DefinitionUpdates
Drivers
FeaturePacks
SecurityUpdates
ServicePacks
Tools
UpdateRollups
Updates
Upgrades
Supported key: MSRC_SEVERITY
Supported values:
Critical
Important
Moderate
Low
Unspecified
Ubuntu Operating Systems
The supported keys for Ubuntu operating systems are PRODUCT, PRIORITY, and SECTION. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
Ubuntu14.04
Ubuntu16.04
Supported key: PRIORITY
Supported values:
Required
Important
Standard
Optional
Extra
Supported key: SECTION
Only the length of the key value is validated. Minimum length is 1. Maximum length is 64.
Amazon Linux Operating Systems
The supported keys for Amazon Linux operating systems are PRODUCT, CLASSIFICATION, and SEVERITY. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
AmazonLinux2012.03
AmazonLinux2012.09
AmazonLinux2013.03
AmazonLinux2013.09
AmazonLinux2014.03
AmazonLinux2014.09
AmazonLinux2015.03
AmazonLinux2015.09
AmazonLinux2016.03
AmazonLinux2016.09
AmazonLinux2017.03
AmazonLinux2017.09
Supported key: CLASSIFICATION
Supported values:
Security
Bugfix
Enhancement
Recommended
Newpackage
Supported key: SEVERITY
Supported values:
Critical
Important
Medium
Low
RedHat Enterprise Linux (RHEL) Operating Systems
The supported keys for RedHat Enterprise Linux operating systems are PRODUCT, CLASSIFICATION, and SEVERITY. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
RedhatEnterpriseLinux6.5
RedhatEnterpriseLinux6.6
RedhatEnterpriseLinux6.7
RedhatEnterpriseLinux6.8
RedhatEnterpriseLinux6.9
RedhatEnterpriseLinux7.0
RedhatEnterpriseLinux7.1
RedhatEnterpriseLinux7.2
RedhatEnterpriseLinux7.3
RedhatEnterpriseLinux7.4
Supported key: CLASSIFICATION
Supported values:
Security
Bugfix
Enhancement
Recommended
Newpackage
Supported key: SEVERITY
Supported values:
Critical
Important
Medium
Low
SUSE Linux Enterprise Server (SUSE) Operating Systems
The supported keys for SUSE operating systems are PRODUCT, CLASSIFICATION, and SEVERITY. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
Suse12.0
Suse12.1
Suse12.2
Suse12.3
Suse12.4
Suse12.5
Suse12.6
Suse12.7
Suse12.8
Suse12.9
Supported key: CLASSIFICATION
Supported values:
Security
Recommended
Optional
Feature
Document
Yast
Supported key: SEVERITY
Supported values:
Critical
Important
Moderate
Low
Key (string) -- [REQUIRED]
The key for the filter.
See PatchFilter for lists of valid keys for each operating system type.
Values (list) -- [REQUIRED]
The value for the filter key.
See PatchFilter for lists of valid values for each key based on operating system type.
(string) --
ComplianceLevel (string) --
A compliance severity level for all approved patches in a patch baseline. Valid compliance severity levels include the following: Unspecified, Critical, High, Medium, Low, and Informational.
ApproveAfterDays (integer) -- [REQUIRED]
The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline.
EnableNonSecurity (boolean) --
For instances identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is 'false'. Applies to Linux instances only.
list
A list of explicitly approved patches for the baseline.
(string) --
string
Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid compliance severity levels include the following: CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.
boolean
Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is 'false'. Applies to Linux instances only.
list
A list of explicitly rejected patches for the baseline.
(string) --
string
A description of the patch baseline.
list
Information about the patches to use to update the instances, including target operating systems and source repositories. Applies to Linux instances only.
(dict) --
Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
Name (string) -- [REQUIRED]
The name specified to identify the patch source.
Products (list) -- [REQUIRED]
The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "AmazonLinux2016.09", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter.
(string) --
Configuration (string) -- [REQUIRED]
The value of the yum repo configuration. For example:
cachedir=/var/cache/yum/$basesearch
$releasever
keepcache=0
debualevel=2
string
User-provided idempotency token.
This field is autopopulated if not provided.
dict
Response Syntax
{ 'BaselineId': 'string' }
Response Structure
(dict) --
BaselineId (string) --
The ID of the created patch baseline.
{'BaselineIdentities': {'OperatingSystem': {'SUSE'}}}
Lists the patch baselines in your AWS account.
See also: AWS API Documentation
Request Syntax
client.describe_patch_baselines( Filters=[ { 'Key': 'string', 'Values': [ 'string', ] }, ], MaxResults=123, NextToken='string' )
list
Each element in the array is a structure containing:
Key: (string, "NAME_PREFIX" or "OWNER")
Value: (array of strings, exactly 1 entry, between 1 and 255 characters)
(dict) --
Defines a filter used in Patch Manager APIs.
Key (string) --
The key for the filter.
Values (list) --
The value for the filter.
(string) --
integer
The maximum number of patch baselines to return (per page).
string
The token for the next set of items to return. (You received this token from a previous call.)
dict
Response Syntax
{ 'BaselineIdentities': [ { 'BaselineId': 'string', 'BaselineName': 'string', 'OperatingSystem': 'WINDOWS'|'AMAZON_LINUX'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'|'SUSE', 'BaselineDescription': 'string', 'DefaultBaseline': True|False }, ], 'NextToken': 'string' }
Response Structure
(dict) --
BaselineIdentities (list) --
An array of PatchBaselineIdentity elements.
(dict) --
Defines the basic information about a patch baseline.
BaselineId (string) --
The ID of the patch baseline.
BaselineName (string) --
The name of the patch baseline.
OperatingSystem (string) --
Defines the operating system the patch baseline applies to. The Default value is WINDOWS.
BaselineDescription (string) --
The description of the patch baseline.
DefaultBaseline (boolean) --
Whether this is the default baseline. Note that Systems Manager supports creating multiple default patch baselines. For example, you can create a default patch baseline for each operating system.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
{'Mappings': {'BaselineIdentity': {'OperatingSystem': {'SUSE'}}}}
Lists all patch groups that have been registered with patch baselines.
See also: AWS API Documentation
Request Syntax
client.describe_patch_groups( MaxResults=123, Filters=[ { 'Key': 'string', 'Values': [ 'string', ] }, ], NextToken='string' )
integer
The maximum number of patch groups to return (per page).
list
One or more filters. Use a filter to return a more specific list of results.
(dict) --
Defines a filter used in Patch Manager APIs.
Key (string) --
The key for the filter.
Values (list) --
The value for the filter.
(string) --
string
The token for the next set of items to return. (You received this token from a previous call.)
dict
Response Syntax
{ 'Mappings': [ { 'PatchGroup': 'string', 'BaselineIdentity': { 'BaselineId': 'string', 'BaselineName': 'string', 'OperatingSystem': 'WINDOWS'|'AMAZON_LINUX'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'|'SUSE', 'BaselineDescription': 'string', 'DefaultBaseline': True|False } }, ], 'NextToken': 'string' }
Response Structure
(dict) --
Mappings (list) --
Each entry in the array contains:
PatchGroup: string (between 1 and 256 characters, Regex: ^([p{L}p{Z}p{N}_.:/=+-@]*)$)
PatchBaselineIdentity: A PatchBaselineIdentity element.
(dict) --
The mapping between a patch group and the patch baseline the patch group is registered with.
PatchGroup (string) --
The name of the patch group registered with the patch baseline.
BaselineIdentity (dict) --
The patch baseline the patch group is registered with.
BaselineId (string) --
The ID of the patch baseline.
BaselineName (string) --
The name of the patch baseline.
OperatingSystem (string) --
Defines the operating system the patch baseline applies to. The Default value is WINDOWS.
BaselineDescription (string) --
The description of the patch baseline.
DefaultBaseline (boolean) --
Whether this is the default baseline. Note that Systems Manager supports creating multiple default patch baselines. For example, you can create a default patch baseline for each operating system.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
{'OperatingSystem': {'SUSE'}}
Retrieves the default patch baseline. Note that Systems Manager supports creating multiple default patch baselines. For example, you can create a default patch baseline for each operating system.
See also: AWS API Documentation
Request Syntax
client.get_default_patch_baseline( OperatingSystem='WINDOWS'|'AMAZON_LINUX'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'|'SUSE' )
string
Returns the default patch baseline for the specified operating system.
dict
Response Syntax
{ 'BaselineId': 'string', 'OperatingSystem': 'WINDOWS'|'AMAZON_LINUX'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'|'SUSE' }
Response Structure
(dict) --
BaselineId (string) --
The ID of the default patch baseline.
OperatingSystem (string) --
The operating system for the returned patch baseline.
{'ApprovalRules': {'PatchRules': {'EnableNonSecurity': 'boolean'}}, 'ApprovedPatchesEnableNonSecurity': 'boolean', 'OperatingSystem': {'SUSE'}, 'Sources': [{'Configuration': 'string', 'Name': 'string', 'Products': ['string']}]}
Retrieves information about a patch baseline.
See also: AWS API Documentation
Request Syntax
client.get_patch_baseline( BaselineId='string' )
string
[REQUIRED]
The ID of the patch baseline to retrieve.
dict
Response Syntax
{ 'BaselineId': 'string', 'Name': 'string', 'OperatingSystem': 'WINDOWS'|'AMAZON_LINUX'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'|'SUSE', 'GlobalFilters': { 'PatchFilters': [ { 'Key': 'PRODUCT'|'CLASSIFICATION'|'MSRC_SEVERITY'|'PATCH_ID'|'SECTION'|'PRIORITY'|'SEVERITY', 'Values': [ 'string', ] }, ] }, 'ApprovalRules': { 'PatchRules': [ { 'PatchFilterGroup': { 'PatchFilters': [ { 'Key': 'PRODUCT'|'CLASSIFICATION'|'MSRC_SEVERITY'|'PATCH_ID'|'SECTION'|'PRIORITY'|'SEVERITY', 'Values': [ 'string', ] }, ] }, 'ComplianceLevel': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED', 'ApproveAfterDays': 123, 'EnableNonSecurity': True|False }, ] }, 'ApprovedPatches': [ 'string', ], 'ApprovedPatchesComplianceLevel': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED', 'ApprovedPatchesEnableNonSecurity': True|False, 'RejectedPatches': [ 'string', ], 'PatchGroups': [ 'string', ], 'CreatedDate': datetime(2015, 1, 1), 'ModifiedDate': datetime(2015, 1, 1), 'Description': 'string', 'Sources': [ { 'Name': 'string', 'Products': [ 'string', ], 'Configuration': 'string' }, ] }
Response Structure
(dict) --
BaselineId (string) --
The ID of the retrieved patch baseline.
Name (string) --
The name of the patch baseline.
OperatingSystem (string) --
Returns the operating system specified for the patch baseline.
GlobalFilters (dict) --
A set of global filters used to exclude patches from the baseline.
PatchFilters (list) --
The set of patch filters that make up the group.
(dict) --
Defines a patch filter.
A patch filter consists of key/value pairs, but not all keys are valid for all operating system types. For example, the key PRODUCT is valid for all supported operating system types. The key MSRC_SEVERITY, however, is valid only for Windows operating systems, and the key SECTION is valid only for Ubuntu operating systems.
Refer to the following sections for information about which keys may be used with each major operating system, and which values are valid for each key.
Windows Operating Systems
The supported keys for Windows operating systems are PRODUCT, CLASSIFICATION, and MSRC_SEVERITY. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
Windows7
Windows8
Windows8.1
Windows8Embedded
Windows10
Windows10LTSB
WindowsServer2008
WindowsServer2008R2
WindowsServer2012
WindowsServer2012R2
WindowsServer2016
Supported key: CLASSIFICATION
Supported values:
CriticalUpdates
DefinitionUpdates
Drivers
FeaturePacks
SecurityUpdates
ServicePacks
Tools
UpdateRollups
Updates
Upgrades
Supported key: MSRC_SEVERITY
Supported values:
Critical
Important
Moderate
Low
Unspecified
Ubuntu Operating Systems
The supported keys for Ubuntu operating systems are PRODUCT, PRIORITY, and SECTION. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
Ubuntu14.04
Ubuntu16.04
Supported key: PRIORITY
Supported values:
Required
Important
Standard
Optional
Extra
Supported key: SECTION
Only the length of the key value is validated. Minimum length is 1. Maximum length is 64.
Amazon Linux Operating Systems
The supported keys for Amazon Linux operating systems are PRODUCT, CLASSIFICATION, and SEVERITY. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
AmazonLinux2012.03
AmazonLinux2012.09
AmazonLinux2013.03
AmazonLinux2013.09
AmazonLinux2014.03
AmazonLinux2014.09
AmazonLinux2015.03
AmazonLinux2015.09
AmazonLinux2016.03
AmazonLinux2016.09
AmazonLinux2017.03
AmazonLinux2017.09
Supported key: CLASSIFICATION
Supported values:
Security
Bugfix
Enhancement
Recommended
Newpackage
Supported key: SEVERITY
Supported values:
Critical
Important
Medium
Low
RedHat Enterprise Linux (RHEL) Operating Systems
The supported keys for RedHat Enterprise Linux operating systems are PRODUCT, CLASSIFICATION, and SEVERITY. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
RedhatEnterpriseLinux6.5
RedhatEnterpriseLinux6.6
RedhatEnterpriseLinux6.7
RedhatEnterpriseLinux6.8
RedhatEnterpriseLinux6.9
RedhatEnterpriseLinux7.0
RedhatEnterpriseLinux7.1
RedhatEnterpriseLinux7.2
RedhatEnterpriseLinux7.3
RedhatEnterpriseLinux7.4
Supported key: CLASSIFICATION
Supported values:
Security
Bugfix
Enhancement
Recommended
Newpackage
Supported key: SEVERITY
Supported values:
Critical
Important
Medium
Low
SUSE Linux Enterprise Server (SUSE) Operating Systems
The supported keys for SUSE operating systems are PRODUCT, CLASSIFICATION, and SEVERITY. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
Suse12.0
Suse12.1
Suse12.2
Suse12.3
Suse12.4
Suse12.5
Suse12.6
Suse12.7
Suse12.8
Suse12.9
Supported key: CLASSIFICATION
Supported values:
Security
Recommended
Optional
Feature
Document
Yast
Supported key: SEVERITY
Supported values:
Critical
Important
Moderate
Low
Key (string) --
The key for the filter.
See PatchFilter for lists of valid keys for each operating system type.
Values (list) --
The value for the filter key.
See PatchFilter for lists of valid values for each key based on operating system type.
(string) --
ApprovalRules (dict) --
A set of rules used to include patches in the baseline.
PatchRules (list) --
The rules that make up the rule group.
(dict) --
Defines an approval rule for a patch baseline.
PatchFilterGroup (dict) --
The patch filter group that defines the criteria for the rule.
PatchFilters (list) --
The set of patch filters that make up the group.
(dict) --
Defines a patch filter.
A patch filter consists of key/value pairs, but not all keys are valid for all operating system types. For example, the key PRODUCT is valid for all supported operating system types. The key MSRC_SEVERITY, however, is valid only for Windows operating systems, and the key SECTION is valid only for Ubuntu operating systems.
Refer to the following sections for information about which keys may be used with each major operating system, and which values are valid for each key.
Windows Operating Systems
The supported keys for Windows operating systems are PRODUCT, CLASSIFICATION, and MSRC_SEVERITY. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
Windows7
Windows8
Windows8.1
Windows8Embedded
Windows10
Windows10LTSB
WindowsServer2008
WindowsServer2008R2
WindowsServer2012
WindowsServer2012R2
WindowsServer2016
Supported key: CLASSIFICATION
Supported values:
CriticalUpdates
DefinitionUpdates
Drivers
FeaturePacks
SecurityUpdates
ServicePacks
Tools
UpdateRollups
Updates
Upgrades
Supported key: MSRC_SEVERITY
Supported values:
Critical
Important
Moderate
Low
Unspecified
Ubuntu Operating Systems
The supported keys for Ubuntu operating systems are PRODUCT, PRIORITY, and SECTION. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
Ubuntu14.04
Ubuntu16.04
Supported key: PRIORITY
Supported values:
Required
Important
Standard
Optional
Extra
Supported key: SECTION
Only the length of the key value is validated. Minimum length is 1. Maximum length is 64.
Amazon Linux Operating Systems
The supported keys for Amazon Linux operating systems are PRODUCT, CLASSIFICATION, and SEVERITY. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
AmazonLinux2012.03
AmazonLinux2012.09
AmazonLinux2013.03
AmazonLinux2013.09
AmazonLinux2014.03
AmazonLinux2014.09
AmazonLinux2015.03
AmazonLinux2015.09
AmazonLinux2016.03
AmazonLinux2016.09
AmazonLinux2017.03
AmazonLinux2017.09
Supported key: CLASSIFICATION
Supported values:
Security
Bugfix
Enhancement
Recommended
Newpackage
Supported key: SEVERITY
Supported values:
Critical
Important
Medium
Low
RedHat Enterprise Linux (RHEL) Operating Systems
The supported keys for RedHat Enterprise Linux operating systems are PRODUCT, CLASSIFICATION, and SEVERITY. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
RedhatEnterpriseLinux6.5
RedhatEnterpriseLinux6.6
RedhatEnterpriseLinux6.7
RedhatEnterpriseLinux6.8
RedhatEnterpriseLinux6.9
RedhatEnterpriseLinux7.0
RedhatEnterpriseLinux7.1
RedhatEnterpriseLinux7.2
RedhatEnterpriseLinux7.3
RedhatEnterpriseLinux7.4
Supported key: CLASSIFICATION
Supported values:
Security
Bugfix
Enhancement
Recommended
Newpackage
Supported key: SEVERITY
Supported values:
Critical
Important
Medium
Low
SUSE Linux Enterprise Server (SUSE) Operating Systems
The supported keys for SUSE operating systems are PRODUCT, CLASSIFICATION, and SEVERITY. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
Suse12.0
Suse12.1
Suse12.2
Suse12.3
Suse12.4
Suse12.5
Suse12.6
Suse12.7
Suse12.8
Suse12.9
Supported key: CLASSIFICATION
Supported values:
Security
Recommended
Optional
Feature
Document
Yast
Supported key: SEVERITY
Supported values:
Critical
Important
Moderate
Low
Key (string) --
The key for the filter.
See PatchFilter for lists of valid keys for each operating system type.
Values (list) --
The value for the filter key.
See PatchFilter for lists of valid values for each key based on operating system type.
(string) --
ComplianceLevel (string) --
A compliance severity level for all approved patches in a patch baseline. Valid compliance severity levels include the following: Unspecified, Critical, High, Medium, Low, and Informational.
ApproveAfterDays (integer) --
The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline.
EnableNonSecurity (boolean) --
For instances identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is 'false'. Applies to Linux instances only.
ApprovedPatches (list) --
A list of explicitly approved patches for the baseline.
(string) --
ApprovedPatchesComplianceLevel (string) --
Returns the specified compliance severity level for approved patches in the patch baseline.
ApprovedPatchesEnableNonSecurity (boolean) --
Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is 'false'. Applies to Linux instances only.
RejectedPatches (list) --
A list of explicitly rejected patches for the baseline.
(string) --
PatchGroups (list) --
Patch groups included in the patch baseline.
(string) --
CreatedDate (datetime) --
The date the patch baseline was created.
ModifiedDate (datetime) --
The date the patch baseline was last modified.
Description (string) --
A description of the patch baseline.
Sources (list) --
Information about the patches to use to update the instances, including target operating systems and source repositories. Applies to Linux instances only.
(dict) --
Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
Name (string) --
The name specified to identify the patch source.
Products (list) --
The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "AmazonLinux2016.09", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter.
(string) --
Configuration (string) --
The value of the yum repo configuration. For example:
cachedir=/var/cache/yum/$basesearch
$releasever
keepcache=0
debualevel=2
{'OperatingSystem': {'SUSE'}}
Retrieves the patch baseline that should be used for the specified patch group.
See also: AWS API Documentation
Request Syntax
client.get_patch_baseline_for_patch_group( PatchGroup='string', OperatingSystem='WINDOWS'|'AMAZON_LINUX'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'|'SUSE' )
string
[REQUIRED]
The name of the patch group whose patch baseline should be retrieved.
string
Returns he operating system rule specified for patch groups using the patch baseline.
dict
Response Syntax
{ 'BaselineId': 'string', 'PatchGroup': 'string', 'OperatingSystem': 'WINDOWS'|'AMAZON_LINUX'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'|'SUSE' }
Response Structure
(dict) --
BaselineId (string) --
The ID of the patch baseline that should be used for the patch group.
PatchGroup (string) --
The name of the patch group.
OperatingSystem (string) --
The operating system rule specified for patch groups using the patch baseline.
{'ApprovalRules': {'PatchRules': {'EnableNonSecurity': 'boolean'}}, 'ApprovedPatchesEnableNonSecurity': 'boolean', 'Replace': 'boolean', 'Sources': [{'Configuration': 'string', 'Name': 'string', 'Products': ['string']}]}Response
{'ApprovalRules': {'PatchRules': {'EnableNonSecurity': 'boolean'}}, 'ApprovedPatchesEnableNonSecurity': 'boolean', 'OperatingSystem': {'SUSE'}, 'Sources': [{'Configuration': 'string', 'Name': 'string', 'Products': ['string']}]}
Modifies an existing patch baseline. Fields not specified in the request are left unchanged.
See also: AWS API Documentation
Request Syntax
client.update_patch_baseline( BaselineId='string', Name='string', GlobalFilters={ 'PatchFilters': [ { 'Key': 'PRODUCT'|'CLASSIFICATION'|'MSRC_SEVERITY'|'PATCH_ID'|'SECTION'|'PRIORITY'|'SEVERITY', 'Values': [ 'string', ] }, ] }, ApprovalRules={ 'PatchRules': [ { 'PatchFilterGroup': { 'PatchFilters': [ { 'Key': 'PRODUCT'|'CLASSIFICATION'|'MSRC_SEVERITY'|'PATCH_ID'|'SECTION'|'PRIORITY'|'SEVERITY', 'Values': [ 'string', ] }, ] }, 'ComplianceLevel': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED', 'ApproveAfterDays': 123, 'EnableNonSecurity': True|False }, ] }, ApprovedPatches=[ 'string', ], ApprovedPatchesComplianceLevel='CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED', ApprovedPatchesEnableNonSecurity=True|False, RejectedPatches=[ 'string', ], Description='string', Sources=[ { 'Name': 'string', 'Products': [ 'string', ], 'Configuration': 'string' }, ], Replace=True|False )
string
[REQUIRED]
The ID of the patch baseline to update.
string
The name of the patch baseline.
dict
A set of global filters used to exclude patches from the baseline.
PatchFilters (list) -- [REQUIRED]
The set of patch filters that make up the group.
(dict) --
Defines a patch filter.
A patch filter consists of key/value pairs, but not all keys are valid for all operating system types. For example, the key PRODUCT is valid for all supported operating system types. The key MSRC_SEVERITY, however, is valid only for Windows operating systems, and the key SECTION is valid only for Ubuntu operating systems.
Refer to the following sections for information about which keys may be used with each major operating system, and which values are valid for each key.
Windows Operating Systems
The supported keys for Windows operating systems are PRODUCT, CLASSIFICATION, and MSRC_SEVERITY. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
Windows7
Windows8
Windows8.1
Windows8Embedded
Windows10
Windows10LTSB
WindowsServer2008
WindowsServer2008R2
WindowsServer2012
WindowsServer2012R2
WindowsServer2016
Supported key: CLASSIFICATION
Supported values:
CriticalUpdates
DefinitionUpdates
Drivers
FeaturePacks
SecurityUpdates
ServicePacks
Tools
UpdateRollups
Updates
Upgrades
Supported key: MSRC_SEVERITY
Supported values:
Critical
Important
Moderate
Low
Unspecified
Ubuntu Operating Systems
The supported keys for Ubuntu operating systems are PRODUCT, PRIORITY, and SECTION. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
Ubuntu14.04
Ubuntu16.04
Supported key: PRIORITY
Supported values:
Required
Important
Standard
Optional
Extra
Supported key: SECTION
Only the length of the key value is validated. Minimum length is 1. Maximum length is 64.
Amazon Linux Operating Systems
The supported keys for Amazon Linux operating systems are PRODUCT, CLASSIFICATION, and SEVERITY. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
AmazonLinux2012.03
AmazonLinux2012.09
AmazonLinux2013.03
AmazonLinux2013.09
AmazonLinux2014.03
AmazonLinux2014.09
AmazonLinux2015.03
AmazonLinux2015.09
AmazonLinux2016.03
AmazonLinux2016.09
AmazonLinux2017.03
AmazonLinux2017.09
Supported key: CLASSIFICATION
Supported values:
Security
Bugfix
Enhancement
Recommended
Newpackage
Supported key: SEVERITY
Supported values:
Critical
Important
Medium
Low
RedHat Enterprise Linux (RHEL) Operating Systems
The supported keys for RedHat Enterprise Linux operating systems are PRODUCT, CLASSIFICATION, and SEVERITY. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
RedhatEnterpriseLinux6.5
RedhatEnterpriseLinux6.6
RedhatEnterpriseLinux6.7
RedhatEnterpriseLinux6.8
RedhatEnterpriseLinux6.9
RedhatEnterpriseLinux7.0
RedhatEnterpriseLinux7.1
RedhatEnterpriseLinux7.2
RedhatEnterpriseLinux7.3
RedhatEnterpriseLinux7.4
Supported key: CLASSIFICATION
Supported values:
Security
Bugfix
Enhancement
Recommended
Newpackage
Supported key: SEVERITY
Supported values:
Critical
Important
Medium
Low
SUSE Linux Enterprise Server (SUSE) Operating Systems
The supported keys for SUSE operating systems are PRODUCT, CLASSIFICATION, and SEVERITY. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
Suse12.0
Suse12.1
Suse12.2
Suse12.3
Suse12.4
Suse12.5
Suse12.6
Suse12.7
Suse12.8
Suse12.9
Supported key: CLASSIFICATION
Supported values:
Security
Recommended
Optional
Feature
Document
Yast
Supported key: SEVERITY
Supported values:
Critical
Important
Moderate
Low
Key (string) -- [REQUIRED]
The key for the filter.
See PatchFilter for lists of valid keys for each operating system type.
Values (list) -- [REQUIRED]
The value for the filter key.
See PatchFilter for lists of valid values for each key based on operating system type.
(string) --
dict
A set of rules used to include patches in the baseline.
PatchRules (list) -- [REQUIRED]
The rules that make up the rule group.
(dict) --
Defines an approval rule for a patch baseline.
PatchFilterGroup (dict) -- [REQUIRED]
The patch filter group that defines the criteria for the rule.
PatchFilters (list) -- [REQUIRED]
The set of patch filters that make up the group.
(dict) --
Defines a patch filter.
A patch filter consists of key/value pairs, but not all keys are valid for all operating system types. For example, the key PRODUCT is valid for all supported operating system types. The key MSRC_SEVERITY, however, is valid only for Windows operating systems, and the key SECTION is valid only for Ubuntu operating systems.
Refer to the following sections for information about which keys may be used with each major operating system, and which values are valid for each key.
Windows Operating Systems
The supported keys for Windows operating systems are PRODUCT, CLASSIFICATION, and MSRC_SEVERITY. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
Windows7
Windows8
Windows8.1
Windows8Embedded
Windows10
Windows10LTSB
WindowsServer2008
WindowsServer2008R2
WindowsServer2012
WindowsServer2012R2
WindowsServer2016
Supported key: CLASSIFICATION
Supported values:
CriticalUpdates
DefinitionUpdates
Drivers
FeaturePacks
SecurityUpdates
ServicePacks
Tools
UpdateRollups
Updates
Upgrades
Supported key: MSRC_SEVERITY
Supported values:
Critical
Important
Moderate
Low
Unspecified
Ubuntu Operating Systems
The supported keys for Ubuntu operating systems are PRODUCT, PRIORITY, and SECTION. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
Ubuntu14.04
Ubuntu16.04
Supported key: PRIORITY
Supported values:
Required
Important
Standard
Optional
Extra
Supported key: SECTION
Only the length of the key value is validated. Minimum length is 1. Maximum length is 64.
Amazon Linux Operating Systems
The supported keys for Amazon Linux operating systems are PRODUCT, CLASSIFICATION, and SEVERITY. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
AmazonLinux2012.03
AmazonLinux2012.09
AmazonLinux2013.03
AmazonLinux2013.09
AmazonLinux2014.03
AmazonLinux2014.09
AmazonLinux2015.03
AmazonLinux2015.09
AmazonLinux2016.03
AmazonLinux2016.09
AmazonLinux2017.03
AmazonLinux2017.09
Supported key: CLASSIFICATION
Supported values:
Security
Bugfix
Enhancement
Recommended
Newpackage
Supported key: SEVERITY
Supported values:
Critical
Important
Medium
Low
RedHat Enterprise Linux (RHEL) Operating Systems
The supported keys for RedHat Enterprise Linux operating systems are PRODUCT, CLASSIFICATION, and SEVERITY. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
RedhatEnterpriseLinux6.5
RedhatEnterpriseLinux6.6
RedhatEnterpriseLinux6.7
RedhatEnterpriseLinux6.8
RedhatEnterpriseLinux6.9
RedhatEnterpriseLinux7.0
RedhatEnterpriseLinux7.1
RedhatEnterpriseLinux7.2
RedhatEnterpriseLinux7.3
RedhatEnterpriseLinux7.4
Supported key: CLASSIFICATION
Supported values:
Security
Bugfix
Enhancement
Recommended
Newpackage
Supported key: SEVERITY
Supported values:
Critical
Important
Medium
Low
SUSE Linux Enterprise Server (SUSE) Operating Systems
The supported keys for SUSE operating systems are PRODUCT, CLASSIFICATION, and SEVERITY. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
Suse12.0
Suse12.1
Suse12.2
Suse12.3
Suse12.4
Suse12.5
Suse12.6
Suse12.7
Suse12.8
Suse12.9
Supported key: CLASSIFICATION
Supported values:
Security
Recommended
Optional
Feature
Document
Yast
Supported key: SEVERITY
Supported values:
Critical
Important
Moderate
Low
Key (string) -- [REQUIRED]
The key for the filter.
See PatchFilter for lists of valid keys for each operating system type.
Values (list) -- [REQUIRED]
The value for the filter key.
See PatchFilter for lists of valid values for each key based on operating system type.
(string) --
ComplianceLevel (string) --
A compliance severity level for all approved patches in a patch baseline. Valid compliance severity levels include the following: Unspecified, Critical, High, Medium, Low, and Informational.
ApproveAfterDays (integer) -- [REQUIRED]
The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline.
EnableNonSecurity (boolean) --
For instances identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is 'false'. Applies to Linux instances only.
list
A list of explicitly approved patches for the baseline.
(string) --
string
Assigns a new compliance severity level to an existing patch baseline.
boolean
Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is 'false'. Applies to Linux instances only.
list
A list of explicitly rejected patches for the baseline.
(string) --
string
A description of the patch baseline.
list
Information about the patches to use to update the instances, including target operating systems and source repositories. Applies to Linux instances only.
(dict) --
Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
Name (string) -- [REQUIRED]
The name specified to identify the patch source.
Products (list) -- [REQUIRED]
The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "AmazonLinux2016.09", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter.
(string) --
Configuration (string) -- [REQUIRED]
The value of the yum repo configuration. For example:
cachedir=/var/cache/yum/$basesearch
$releasever
keepcache=0
debualevel=2
boolean
If True, then all fields that are required by the CreatePatchBaseline action are also required for this API request. Optional fields that are not specified are set to null.
dict
Response Syntax
{ 'BaselineId': 'string', 'Name': 'string', 'OperatingSystem': 'WINDOWS'|'AMAZON_LINUX'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'|'SUSE', 'GlobalFilters': { 'PatchFilters': [ { 'Key': 'PRODUCT'|'CLASSIFICATION'|'MSRC_SEVERITY'|'PATCH_ID'|'SECTION'|'PRIORITY'|'SEVERITY', 'Values': [ 'string', ] }, ] }, 'ApprovalRules': { 'PatchRules': [ { 'PatchFilterGroup': { 'PatchFilters': [ { 'Key': 'PRODUCT'|'CLASSIFICATION'|'MSRC_SEVERITY'|'PATCH_ID'|'SECTION'|'PRIORITY'|'SEVERITY', 'Values': [ 'string', ] }, ] }, 'ComplianceLevel': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED', 'ApproveAfterDays': 123, 'EnableNonSecurity': True|False }, ] }, 'ApprovedPatches': [ 'string', ], 'ApprovedPatchesComplianceLevel': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED', 'ApprovedPatchesEnableNonSecurity': True|False, 'RejectedPatches': [ 'string', ], 'CreatedDate': datetime(2015, 1, 1), 'ModifiedDate': datetime(2015, 1, 1), 'Description': 'string', 'Sources': [ { 'Name': 'string', 'Products': [ 'string', ], 'Configuration': 'string' }, ] }
Response Structure
(dict) --
BaselineId (string) --
The ID of the deleted patch baseline.
Name (string) --
The name of the patch baseline.
OperatingSystem (string) --
The operating system rule used by the updated patch baseline.
GlobalFilters (dict) --
A set of global filters used to exclude patches from the baseline.
PatchFilters (list) --
The set of patch filters that make up the group.
(dict) --
Defines a patch filter.
A patch filter consists of key/value pairs, but not all keys are valid for all operating system types. For example, the key PRODUCT is valid for all supported operating system types. The key MSRC_SEVERITY, however, is valid only for Windows operating systems, and the key SECTION is valid only for Ubuntu operating systems.
Refer to the following sections for information about which keys may be used with each major operating system, and which values are valid for each key.
Windows Operating Systems
The supported keys for Windows operating systems are PRODUCT, CLASSIFICATION, and MSRC_SEVERITY. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
Windows7
Windows8
Windows8.1
Windows8Embedded
Windows10
Windows10LTSB
WindowsServer2008
WindowsServer2008R2
WindowsServer2012
WindowsServer2012R2
WindowsServer2016
Supported key: CLASSIFICATION
Supported values:
CriticalUpdates
DefinitionUpdates
Drivers
FeaturePacks
SecurityUpdates
ServicePacks
Tools
UpdateRollups
Updates
Upgrades
Supported key: MSRC_SEVERITY
Supported values:
Critical
Important
Moderate
Low
Unspecified
Ubuntu Operating Systems
The supported keys for Ubuntu operating systems are PRODUCT, PRIORITY, and SECTION. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
Ubuntu14.04
Ubuntu16.04
Supported key: PRIORITY
Supported values:
Required
Important
Standard
Optional
Extra
Supported key: SECTION
Only the length of the key value is validated. Minimum length is 1. Maximum length is 64.
Amazon Linux Operating Systems
The supported keys for Amazon Linux operating systems are PRODUCT, CLASSIFICATION, and SEVERITY. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
AmazonLinux2012.03
AmazonLinux2012.09
AmazonLinux2013.03
AmazonLinux2013.09
AmazonLinux2014.03
AmazonLinux2014.09
AmazonLinux2015.03
AmazonLinux2015.09
AmazonLinux2016.03
AmazonLinux2016.09
AmazonLinux2017.03
AmazonLinux2017.09
Supported key: CLASSIFICATION
Supported values:
Security
Bugfix
Enhancement
Recommended
Newpackage
Supported key: SEVERITY
Supported values:
Critical
Important
Medium
Low
RedHat Enterprise Linux (RHEL) Operating Systems
The supported keys for RedHat Enterprise Linux operating systems are PRODUCT, CLASSIFICATION, and SEVERITY. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
RedhatEnterpriseLinux6.5
RedhatEnterpriseLinux6.6
RedhatEnterpriseLinux6.7
RedhatEnterpriseLinux6.8
RedhatEnterpriseLinux6.9
RedhatEnterpriseLinux7.0
RedhatEnterpriseLinux7.1
RedhatEnterpriseLinux7.2
RedhatEnterpriseLinux7.3
RedhatEnterpriseLinux7.4
Supported key: CLASSIFICATION
Supported values:
Security
Bugfix
Enhancement
Recommended
Newpackage
Supported key: SEVERITY
Supported values:
Critical
Important
Medium
Low
SUSE Linux Enterprise Server (SUSE) Operating Systems
The supported keys for SUSE operating systems are PRODUCT, CLASSIFICATION, and SEVERITY. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
Suse12.0
Suse12.1
Suse12.2
Suse12.3
Suse12.4
Suse12.5
Suse12.6
Suse12.7
Suse12.8
Suse12.9
Supported key: CLASSIFICATION
Supported values:
Security
Recommended
Optional
Feature
Document
Yast
Supported key: SEVERITY
Supported values:
Critical
Important
Moderate
Low
Key (string) --
The key for the filter.
See PatchFilter for lists of valid keys for each operating system type.
Values (list) --
The value for the filter key.
See PatchFilter for lists of valid values for each key based on operating system type.
(string) --
ApprovalRules (dict) --
A set of rules used to include patches in the baseline.
PatchRules (list) --
The rules that make up the rule group.
(dict) --
Defines an approval rule for a patch baseline.
PatchFilterGroup (dict) --
The patch filter group that defines the criteria for the rule.
PatchFilters (list) --
The set of patch filters that make up the group.
(dict) --
Defines a patch filter.
A patch filter consists of key/value pairs, but not all keys are valid for all operating system types. For example, the key PRODUCT is valid for all supported operating system types. The key MSRC_SEVERITY, however, is valid only for Windows operating systems, and the key SECTION is valid only for Ubuntu operating systems.
Refer to the following sections for information about which keys may be used with each major operating system, and which values are valid for each key.
Windows Operating Systems
The supported keys for Windows operating systems are PRODUCT, CLASSIFICATION, and MSRC_SEVERITY. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
Windows7
Windows8
Windows8.1
Windows8Embedded
Windows10
Windows10LTSB
WindowsServer2008
WindowsServer2008R2
WindowsServer2012
WindowsServer2012R2
WindowsServer2016
Supported key: CLASSIFICATION
Supported values:
CriticalUpdates
DefinitionUpdates
Drivers
FeaturePacks
SecurityUpdates
ServicePacks
Tools
UpdateRollups
Updates
Upgrades
Supported key: MSRC_SEVERITY
Supported values:
Critical
Important
Moderate
Low
Unspecified
Ubuntu Operating Systems
The supported keys for Ubuntu operating systems are PRODUCT, PRIORITY, and SECTION. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
Ubuntu14.04
Ubuntu16.04
Supported key: PRIORITY
Supported values:
Required
Important
Standard
Optional
Extra
Supported key: SECTION
Only the length of the key value is validated. Minimum length is 1. Maximum length is 64.
Amazon Linux Operating Systems
The supported keys for Amazon Linux operating systems are PRODUCT, CLASSIFICATION, and SEVERITY. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
AmazonLinux2012.03
AmazonLinux2012.09
AmazonLinux2013.03
AmazonLinux2013.09
AmazonLinux2014.03
AmazonLinux2014.09
AmazonLinux2015.03
AmazonLinux2015.09
AmazonLinux2016.03
AmazonLinux2016.09
AmazonLinux2017.03
AmazonLinux2017.09
Supported key: CLASSIFICATION
Supported values:
Security
Bugfix
Enhancement
Recommended
Newpackage
Supported key: SEVERITY
Supported values:
Critical
Important
Medium
Low
RedHat Enterprise Linux (RHEL) Operating Systems
The supported keys for RedHat Enterprise Linux operating systems are PRODUCT, CLASSIFICATION, and SEVERITY. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
RedhatEnterpriseLinux6.5
RedhatEnterpriseLinux6.6
RedhatEnterpriseLinux6.7
RedhatEnterpriseLinux6.8
RedhatEnterpriseLinux6.9
RedhatEnterpriseLinux7.0
RedhatEnterpriseLinux7.1
RedhatEnterpriseLinux7.2
RedhatEnterpriseLinux7.3
RedhatEnterpriseLinux7.4
Supported key: CLASSIFICATION
Supported values:
Security
Bugfix
Enhancement
Recommended
Newpackage
Supported key: SEVERITY
Supported values:
Critical
Important
Medium
Low
SUSE Linux Enterprise Server (SUSE) Operating Systems
The supported keys for SUSE operating systems are PRODUCT, CLASSIFICATION, and SEVERITY. See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
Suse12.0
Suse12.1
Suse12.2
Suse12.3
Suse12.4
Suse12.5
Suse12.6
Suse12.7
Suse12.8
Suse12.9
Supported key: CLASSIFICATION
Supported values:
Security
Recommended
Optional
Feature
Document
Yast
Supported key: SEVERITY
Supported values:
Critical
Important
Moderate
Low
Key (string) --
The key for the filter.
See PatchFilter for lists of valid keys for each operating system type.
Values (list) --
The value for the filter key.
See PatchFilter for lists of valid values for each key based on operating system type.
(string) --
ComplianceLevel (string) --
A compliance severity level for all approved patches in a patch baseline. Valid compliance severity levels include the following: Unspecified, Critical, High, Medium, Low, and Informational.
ApproveAfterDays (integer) --
The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline.
EnableNonSecurity (boolean) --
For instances identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is 'false'. Applies to Linux instances only.
ApprovedPatches (list) --
A list of explicitly approved patches for the baseline.
(string) --
ApprovedPatchesComplianceLevel (string) --
The compliance severity level assigned to the patch baseline after the update completed.
ApprovedPatchesEnableNonSecurity (boolean) --
Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is 'false'. Applies to Linux instances only.
RejectedPatches (list) --
A list of explicitly rejected patches for the baseline.
(string) --
CreatedDate (datetime) --
The date when the patch baseline was created.
ModifiedDate (datetime) --
The date when the patch baseline was last modified.
Description (string) --
A description of the Patch Baseline.
Sources (list) --
Information about the patches to use to update the instances, including target operating systems and source repositories. Applies to Linux instances only.
(dict) --
Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
Name (string) --
The name specified to identify the patch source.
Products (list) --
The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "AmazonLinux2016.09", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter.
(string) --
Configuration (string) --
The value of the yum repo configuration. For example:
cachedir=/var/cache/yum/$basesearch
$releasever
keepcache=0
debualevel=2