2019/02/19 - Amazon Simple Systems Manager (SSM) - 6 updated api methods
Changes AWS Systems Manager now supports adding tags when creating Activations, Patch Baselines, Documents, Parameters, and Maintenance Windows
{'Tags': [{'Key': 'string', 'Value': 'string'}]}
Registers your on-premises server or virtual machine with Amazon EC2 so that you can manage these resources using Run Command. An on-premises server or virtual machine that has been registered with EC2 is called a managed instance. For more information about activations, see Setting Up Systems Manager in Hybrid Environments.
See also: AWS API Documentation
Request Syntax
client.create_activation(
Description='string',
DefaultInstanceName='string',
IamRole='string',
RegistrationLimit=123,
ExpirationDate=datetime(2015, 1, 1),
Tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
string
A user-defined description of the resource that you want to register with Amazon EC2.
Warning
Do not enter personally identifiable information in this field.
string
The name of the registered, managed instance as it will appear in the Amazon EC2 console or when you use the AWS command line tools to list EC2 resources.
Warning
Do not enter personally identifiable information in this field.
string
[REQUIRED]
The Amazon Identity and Access Management (IAM) role that you want to assign to the managed instance.
integer
Specify the maximum number of managed instances you want to register. The default value is 1 instance.
datetime
The date by which this activation request should expire. The default value is 24 hours.
list
Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag an activation to identify which servers or virtual machines (VMs) in your on-premises environment you intend to activate. In this case, you could specify the following key name/value pairs:
Key=OS,Value=Windows
Key=Environment,Value=Production
Warning
When you install SSM Agent on your on-premises servers and VMs, you specify an activation ID and code. When you specify the activation ID and code, tags assigned to the activation are automatically applied to the on-premises servers or VMs.
You can't add tags to or delete tags from an existing activation. You can tag your on-premises servers and VMs after they connect to Systems Manager for the first time and are assigned a managed instance ID. This means they are listed in the AWS Systems Manager console with an ID that is prefixed with "mi-". For information about how to add tags to your managed instances, see AddTagsToResource. For information about how to remove tags from your managed instances, see RemoveTagsFromResource.
(dict) --
Metadata that you assign to your AWS resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Systems Manager, you can apply tags to documents, managed instances, Maintenance Windows, Parameter Store parameters, and patch baselines.
Key (string) -- [REQUIRED]
The name of the tag.
Value (string) -- [REQUIRED]
The value of the tag.
dict
Response Syntax
{
'ActivationId': 'string',
'ActivationCode': 'string'
}
Response Structure
(dict) --
ActivationId (string) --
The ID number generated by the system when it processed the activation. The activation ID functions like a user name.
ActivationCode (string) --
The code the system generates when it processes the activation. The activation code functions like a password to validate the activation ID.
{'Tags': [{'Key': 'string', 'Value': 'string'}]}
Creates a Systems Manager document.
After you create a document, you can use CreateAssociation to associate it with one or more running instances.
See also: AWS API Documentation
Request Syntax
client.create_document(
Content='string',
Attachments=[
{
'Key': 'SourceUrl',
'Values': [
'string',
]
},
],
Name='string',
VersionName='string',
DocumentType='Command'|'Policy'|'Automation'|'Session'|'Package',
DocumentFormat='YAML'|'JSON',
TargetType='string',
Tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
string
[REQUIRED]
A valid JSON or YAML string.
list
A list of key and value pairs that describe attachments to a version of a document.
(dict) --
A key and value pair that identifies the location of an attachment to a document.
Key (string) --
The key of a key and value pair that identifies the location of an attachment to a document.
Values (list) --
The URL of the location of a document attachment, such as the URL of an Amazon S3 bucket.
(string) --
string
[REQUIRED]
A name for the Systems Manager document.
Warning
Do not use the following to begin the names of documents you create. They are reserved by AWS for use as document prefixes:
aws
amazon
amzn
string
An optional field specifying the version of the artifact you are creating with the document. For example, "Release 12, Update 6". This value is unique across all versions of a document, and cannot be changed.
string
The type of document to create. Valid document types include: Command , Policy , Automation , Session , and Package .
string
Specify the document format for the request. The document format can be either JSON or YAML. JSON is the default format.
string
Specify a target type to define the kinds of resources the document can run on. For example, to run a document on EC2 instances, specify the following value: /AWS::EC2::Instance. If you specify a value of '/' the document can run on all types of resources. If you don't specify a value, the document can't run on any resources. For a list of valid resource types, see AWS Resource Types Reference in the AWS CloudFormation User Guide .
list
Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag an SSM document to identify the types of targets or the environment where it will run. In this case, you could specify the following key name/value pairs:
Key=OS,Value=Windows
Key=Environment,Value=Production
Note
To add tags to an existing SSM document, use the AddTagsToResource action.
(dict) --
Metadata that you assign to your AWS resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Systems Manager, you can apply tags to documents, managed instances, Maintenance Windows, Parameter Store parameters, and patch baselines.
Key (string) -- [REQUIRED]
The name of the tag.
Value (string) -- [REQUIRED]
The value of the tag.
dict
Response Syntax
{
'DocumentDescription': {
'Sha1': 'string',
'Hash': 'string',
'HashType': 'Sha256'|'Sha1',
'Name': 'string',
'VersionName': 'string',
'Owner': 'string',
'CreatedDate': datetime(2015, 1, 1),
'Status': 'Creating'|'Active'|'Updating'|'Deleting'|'Failed',
'StatusInformation': 'string',
'DocumentVersion': 'string',
'Description': 'string',
'Parameters': [
{
'Name': 'string',
'Type': 'String'|'StringList',
'Description': 'string',
'DefaultValue': 'string'
},
],
'PlatformTypes': [
'Windows'|'Linux',
],
'DocumentType': 'Command'|'Policy'|'Automation'|'Session'|'Package',
'SchemaVersion': 'string',
'LatestVersion': 'string',
'DefaultVersion': 'string',
'DocumentFormat': 'YAML'|'JSON',
'TargetType': 'string',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'AttachmentsInformation': [
{
'Name': 'string'
},
]
}
}
Response Structure
(dict) --
DocumentDescription (dict) --
Information about the Systems Manager document.
Sha1 (string) --
The SHA1 hash of the document, which you can use for verification.
Hash (string) --
The Sha256 or Sha1 hash created by the system when the document was created.
Note
Sha1 hashes have been deprecated.
HashType (string) --
The hash type of the document. Valid values include Sha256 or Sha1 .
Note
Sha1 hashes have been deprecated.
Name (string) --
The name of the Systems Manager document.
VersionName (string) --
The version of the artifact associated with the document.
Owner (string) --
The AWS user account that created the document.
CreatedDate (datetime) --
The date when the document was created.
Status (string) --
The status of the Systems Manager document.
StatusInformation (string) --
A message returned by AWS Systems Manager that explains the Status value. For example, a Failed status might be explained by the StatusInformation message, "The specified S3 bucket does not exist. Verify that the URL of the S3 bucket is correct."
DocumentVersion (string) --
The document version.
Description (string) --
A description of the document.
Parameters (list) --
A description of the parameters for a document.
(dict) --
Parameters specified in a System Manager document that execute on the server when the command is run.
Name (string) --
The name of the parameter.
Type (string) --
The type of parameter. The type can be either String or StringList.
Description (string) --
A description of what the parameter does, how to use it, the default value, and whether or not the parameter is optional.
DefaultValue (string) --
If specified, the default values for the parameters. Parameters without a default value are required. Parameters with a default value are optional.
PlatformTypes (list) --
The list of OS platforms compatible with this Systems Manager document.
(string) --
DocumentType (string) --
The type of document.
SchemaVersion (string) --
The schema version.
LatestVersion (string) --
The latest version of the document.
DefaultVersion (string) --
The default version.
DocumentFormat (string) --
The document format, either JSON or YAML.
TargetType (string) --
The target type which defines the kinds of resources the document can run on. For example, /AWS::EC2::Instance. For a list of valid resource types, see AWS Resource Types Reference in the AWS CloudFormation User Guide .
Tags (list) --
The tags, or metadata, that have been applied to the document.
(dict) --
Metadata that you assign to your AWS resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Systems Manager, you can apply tags to documents, managed instances, Maintenance Windows, Parameter Store parameters, and patch baselines.
Key (string) --
The name of the tag.
Value (string) --
The value of the tag.
AttachmentsInformation (list) --
Details about the document attachments, including names, locations, sizes, etc.
(dict) --
An attribute of an attachment, such as the attachment name.
Name (string) --
The name of the attachment.
{'Tags': [{'Key': 'string', 'Value': 'string'}]}
Creates a new Maintenance Window.
See also: AWS API Documentation
Request Syntax
client.create_maintenance_window(
Name='string',
Description='string',
StartDate='string',
EndDate='string',
Schedule='string',
ScheduleTimezone='string',
Duration=123,
Cutoff=123,
AllowUnassociatedTargets=True|False,
ClientToken='string',
Tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
string
[REQUIRED]
The name of the Maintenance Window.
string
An optional description for the Maintenance Window. We recommend specifying a description to help you organize your Maintenance Windows.
string
The date and time, in ISO-8601 Extended format, for when you want the Maintenance Window to become active. StartDate allows you to delay activation of the Maintenance Window until the specified future date.
string
The date and time, in ISO-8601 Extended format, for when you want the Maintenance Window to become inactive. EndDate allows you to set a date and time in the future when the Maintenance Window will no longer run.
string
[REQUIRED]
The schedule of the Maintenance Window in the form of a cron or rate expression.
string
The time zone that the scheduled Maintenance Window executions are based on, in Internet Assigned Numbers Authority (IANA) format. For example: "America/Los_Angeles", "etc/UTC", or "Asia/Seoul". For more information, see the Time Zone Database on the IANA website.
integer
[REQUIRED]
The duration of the Maintenance Window in hours.
integer
[REQUIRED]
The number of hours before the end of the Maintenance Window that Systems Manager stops scheduling new tasks for execution.
boolean
[REQUIRED]
Enables a Maintenance Window task to execute on managed instances, even if you have not registered those instances as targets. If enabled, then you must specify the unregistered instances (by instance ID) when you register a task with the Maintenance Window
If you don't enable this option, then you must specify previously-registered targets when you register a task with the Maintenance Window.
string
User-provided idempotency token.
This field is autopopulated if not provided.
list
Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a Maintenance Window to identify the type of tasks it will run, the types of targets, and the environment it will run in. In this case, you could specify the following key name/value pairs:
Key=TaskType,Value=AgentUpdate
Key=OS,Value=Windows
Key=Environment,Value=Production
Note
To add tags to an existing Maintenance Window, use the AddTagsToResource action.
(dict) --
Metadata that you assign to your AWS resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Systems Manager, you can apply tags to documents, managed instances, Maintenance Windows, Parameter Store parameters, and patch baselines.
Key (string) -- [REQUIRED]
The name of the tag.
Value (string) -- [REQUIRED]
The value of the tag.
dict
Response Syntax
{
'WindowId': 'string'
}
Response Structure
(dict) --
WindowId (string) --
The ID of the created Maintenance Window.
{'Tags': [{'Key': 'string', 'Value': 'string'}]}
Creates a patch baseline.
Note
For information about valid key and value pairs in PatchFilters for each supported operating system type, see PatchFilter.
See also: AWS API Documentation
Request Syntax
client.create_patch_baseline(
OperatingSystem='WINDOWS'|'AMAZON_LINUX'|'AMAZON_LINUX_2'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'|'SUSE'|'CENTOS',
Name='string',
GlobalFilters={
'PatchFilters': [
{
'Key': 'PRODUCT'|'CLASSIFICATION'|'MSRC_SEVERITY'|'PATCH_ID'|'SECTION'|'PRIORITY'|'SEVERITY',
'Values': [
'string',
]
},
]
},
ApprovalRules={
'PatchRules': [
{
'PatchFilterGroup': {
'PatchFilters': [
{
'Key': 'PRODUCT'|'CLASSIFICATION'|'MSRC_SEVERITY'|'PATCH_ID'|'SECTION'|'PRIORITY'|'SEVERITY',
'Values': [
'string',
]
},
]
},
'ComplianceLevel': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED',
'ApproveAfterDays': 123,
'EnableNonSecurity': True|False
},
]
},
ApprovedPatches=[
'string',
],
ApprovedPatchesComplianceLevel='CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED',
ApprovedPatchesEnableNonSecurity=True|False,
RejectedPatches=[
'string',
],
RejectedPatchesAction='ALLOW_AS_DEPENDENCY'|'BLOCK',
Description='string',
Sources=[
{
'Name': 'string',
'Products': [
'string',
],
'Configuration': 'string'
},
],
ClientToken='string',
Tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
string
Defines the operating system the patch baseline applies to. The Default value is WINDOWS.
string
[REQUIRED]
The name of the patch baseline.
dict
A set of global filters used to exclude patches from the baseline.
PatchFilters (list) -- [REQUIRED]
The set of patch filters that make up the group.
(dict) --
Defines a patch filter.
A patch filter consists of key/value pairs, but not all keys are valid for all operating system types. For example, the key PRODUCT is valid for all supported operating system types. The key MSRC_SEVERITY , however, is valid only for Windows operating systems, and the key SECTION is valid only for Ubuntu operating systems.
Refer to the following sections for information about which keys may be used with each major operating system, and which values are valid for each key.
Windows Operating Systems
The supported keys for Windows operating systems are PRODUCT , CLASSIFICATION , and MSRC_SEVERITY . See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
Windows7
Windows8
Windows8.1
Windows8Embedded
Windows10
Windows10LTSB
WindowsServer2008
WindowsServer2008R2
WindowsServer2012
WindowsServer2012R2
WindowsServer2016
WindowsServer2019
* Use a wildcard character () to target all supported operating system versions.*
Supported key: CLASSIFICATION
Supported values:
CriticalUpdates
DefinitionUpdates
Drivers
FeaturePacks
SecurityUpdates
ServicePacks
Tools
UpdateRollups
Updates
Upgrades
Supported key: MSRC_SEVERITY
Supported values:
Critical
Important
Moderate
Low
Unspecified
Ubuntu Operating Systems
The supported keys for Ubuntu operating systems are PRODUCT , PRIORITY , and SECTION . See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
Ubuntu14.04
Ubuntu16.04
* Use a wildcard character () to target all supported operating system versions.*
Supported key: PRIORITY
Supported values:
Required
Important
Standard
Optional
Extra
Supported key: SECTION
Only the length of the key value is validated. Minimum length is 1. Maximum length is 64.
Amazon Linux Operating Systems
The supported keys for Amazon Linux operating systems are PRODUCT , CLASSIFICATION , and SEVERITY . See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
AmazonLinux2012.03
AmazonLinux2012.09
AmazonLinux2013.03
AmazonLinux2013.09
AmazonLinux2014.03
AmazonLinux2014.09
AmazonLinux2015.03
AmazonLinux2015.09
AmazonLinux2016.03
AmazonLinux2016.09
AmazonLinux2017.03
AmazonLinux2017.09
* Use a wildcard character () to target all supported operating system versions.*
Supported key: CLASSIFICATION
Supported values:
Security
Bugfix
Enhancement
Recommended
Newpackage
Supported key: SEVERITY
Supported values:
Critical
Important
Medium
Low
Amazon Linux 2 Operating Systems
The supported keys for Amazon Linux 2 operating systems are PRODUCT , CLASSIFICATION , and SEVERITY . See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
AmazonLinux2
AmazonLinux2.0
* Use a wildcard character () to target all supported operating system versions.*
Supported key: CLASSIFICATION
Supported values:
Security
Bugfix
Enhancement
Recommended
Newpackage
Supported key: SEVERITY
Supported values:
Critical
Important
Medium
Low
RedHat Enterprise Linux (RHEL) Operating Systems
The supported keys for RedHat Enterprise Linux operating systems are PRODUCT , CLASSIFICATION , and SEVERITY . See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
RedhatEnterpriseLinux6.5
RedhatEnterpriseLinux6.6
RedhatEnterpriseLinux6.7
RedhatEnterpriseLinux6.8
RedhatEnterpriseLinux6.9
RedhatEnterpriseLinux7.0
RedhatEnterpriseLinux7.1
RedhatEnterpriseLinux7.2
RedhatEnterpriseLinux7.3
RedhatEnterpriseLinux7.4
RedhatEnterpriseLinux7.5
RedhatEnterpriseLinux7.6
* Use a wildcard character () to target all supported operating system versions.*
Supported key: CLASSIFICATION
Supported values:
Security
Bugfix
Enhancement
Recommended
Newpackage
Supported key: SEVERITY
Supported values:
Critical
Important
Medium
Low
SUSE Linux Enterprise Server (SLES) Operating Systems
The supported keys for SLES operating systems are PRODUCT , CLASSIFICATION , and SEVERITY . See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
Suse12.0
Suse12.1
Suse12.2
Suse12.3
Suse12.4
Suse12.5
Suse12.6
Suse12.7
Suse12.8
Suse12.9
* Use a wildcard character () to target all supported operating system versions.*
Supported key: CLASSIFICATION
Supported values:
Security
Recommended
Optional
Feature
Document
Yast
Supported key: SEVERITY
Supported values:
Critical
Important
Moderate
Low
CentOS Operating Systems
The supported keys for CentOS operating systems are PRODUCT , CLASSIFICATION , and SEVERITY . See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
CentOS6.5
CentOS6.6
CentOS6.7
CentOS6.8
CentOS6.9
CentOS7.0
CentOS7.1
CentOS7.2
CentOS7.3
CentOS7.4
* Use a wildcard character () to target all supported operating system versions.*
Supported key: CLASSIFICATION
Supported values:
Security
Bugfix
Enhancement
Recommended
Newpackage
Supported key: SEVERITY
Supported values:
Critical
Important
Medium
Low
Key (string) -- [REQUIRED]
The key for the filter.
See PatchFilter for lists of valid keys for each operating system type.
Values (list) -- [REQUIRED]
The value for the filter key.
See PatchFilter for lists of valid values for each key based on operating system type.
(string) --
dict
A set of rules used to include patches in the baseline.
PatchRules (list) -- [REQUIRED]
The rules that make up the rule group.
(dict) --
Defines an approval rule for a patch baseline.
PatchFilterGroup (dict) -- [REQUIRED]
The patch filter group that defines the criteria for the rule.
PatchFilters (list) -- [REQUIRED]
The set of patch filters that make up the group.
(dict) --
Defines a patch filter.
A patch filter consists of key/value pairs, but not all keys are valid for all operating system types. For example, the key PRODUCT is valid for all supported operating system types. The key MSRC_SEVERITY , however, is valid only for Windows operating systems, and the key SECTION is valid only for Ubuntu operating systems.
Refer to the following sections for information about which keys may be used with each major operating system, and which values are valid for each key.
Windows Operating Systems
The supported keys for Windows operating systems are PRODUCT , CLASSIFICATION , and MSRC_SEVERITY . See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
Windows7
Windows8
Windows8.1
Windows8Embedded
Windows10
Windows10LTSB
WindowsServer2008
WindowsServer2008R2
WindowsServer2012
WindowsServer2012R2
WindowsServer2016
WindowsServer2019
* Use a wildcard character () to target all supported operating system versions.*
Supported key: CLASSIFICATION
Supported values:
CriticalUpdates
DefinitionUpdates
Drivers
FeaturePacks
SecurityUpdates
ServicePacks
Tools
UpdateRollups
Updates
Upgrades
Supported key: MSRC_SEVERITY
Supported values:
Critical
Important
Moderate
Low
Unspecified
Ubuntu Operating Systems
The supported keys for Ubuntu operating systems are PRODUCT , PRIORITY , and SECTION . See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
Ubuntu14.04
Ubuntu16.04
* Use a wildcard character () to target all supported operating system versions.*
Supported key: PRIORITY
Supported values:
Required
Important
Standard
Optional
Extra
Supported key: SECTION
Only the length of the key value is validated. Minimum length is 1. Maximum length is 64.
Amazon Linux Operating Systems
The supported keys for Amazon Linux operating systems are PRODUCT , CLASSIFICATION , and SEVERITY . See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
AmazonLinux2012.03
AmazonLinux2012.09
AmazonLinux2013.03
AmazonLinux2013.09
AmazonLinux2014.03
AmazonLinux2014.09
AmazonLinux2015.03
AmazonLinux2015.09
AmazonLinux2016.03
AmazonLinux2016.09
AmazonLinux2017.03
AmazonLinux2017.09
* Use a wildcard character () to target all supported operating system versions.*
Supported key: CLASSIFICATION
Supported values:
Security
Bugfix
Enhancement
Recommended
Newpackage
Supported key: SEVERITY
Supported values:
Critical
Important
Medium
Low
Amazon Linux 2 Operating Systems
The supported keys for Amazon Linux 2 operating systems are PRODUCT , CLASSIFICATION , and SEVERITY . See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
AmazonLinux2
AmazonLinux2.0
* Use a wildcard character () to target all supported operating system versions.*
Supported key: CLASSIFICATION
Supported values:
Security
Bugfix
Enhancement
Recommended
Newpackage
Supported key: SEVERITY
Supported values:
Critical
Important
Medium
Low
RedHat Enterprise Linux (RHEL) Operating Systems
The supported keys for RedHat Enterprise Linux operating systems are PRODUCT , CLASSIFICATION , and SEVERITY . See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
RedhatEnterpriseLinux6.5
RedhatEnterpriseLinux6.6
RedhatEnterpriseLinux6.7
RedhatEnterpriseLinux6.8
RedhatEnterpriseLinux6.9
RedhatEnterpriseLinux7.0
RedhatEnterpriseLinux7.1
RedhatEnterpriseLinux7.2
RedhatEnterpriseLinux7.3
RedhatEnterpriseLinux7.4
RedhatEnterpriseLinux7.5
RedhatEnterpriseLinux7.6
* Use a wildcard character () to target all supported operating system versions.*
Supported key: CLASSIFICATION
Supported values:
Security
Bugfix
Enhancement
Recommended
Newpackage
Supported key: SEVERITY
Supported values:
Critical
Important
Medium
Low
SUSE Linux Enterprise Server (SLES) Operating Systems
The supported keys for SLES operating systems are PRODUCT , CLASSIFICATION , and SEVERITY . See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
Suse12.0
Suse12.1
Suse12.2
Suse12.3
Suse12.4
Suse12.5
Suse12.6
Suse12.7
Suse12.8
Suse12.9
* Use a wildcard character () to target all supported operating system versions.*
Supported key: CLASSIFICATION
Supported values:
Security
Recommended
Optional
Feature
Document
Yast
Supported key: SEVERITY
Supported values:
Critical
Important
Moderate
Low
CentOS Operating Systems
The supported keys for CentOS operating systems are PRODUCT , CLASSIFICATION , and SEVERITY . See the following lists for valid values for each of these keys.
Supported key: PRODUCT
Supported values:
CentOS6.5
CentOS6.6
CentOS6.7
CentOS6.8
CentOS6.9
CentOS7.0
CentOS7.1
CentOS7.2
CentOS7.3
CentOS7.4
* Use a wildcard character () to target all supported operating system versions.*
Supported key: CLASSIFICATION
Supported values:
Security
Bugfix
Enhancement
Recommended
Newpackage
Supported key: SEVERITY
Supported values:
Critical
Important
Medium
Low
Key (string) -- [REQUIRED]
The key for the filter.
See PatchFilter for lists of valid keys for each operating system type.
Values (list) -- [REQUIRED]
The value for the filter key.
See PatchFilter for lists of valid values for each key based on operating system type.
(string) --
ComplianceLevel (string) --
A compliance severity level for all approved patches in a patch baseline. Valid compliance severity levels include the following: Unspecified, Critical, High, Medium, Low, and Informational.
ApproveAfterDays (integer) -- [REQUIRED]
The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of 7 means that patches are approved seven days after they are released.
EnableNonSecurity (boolean) --
For instances identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is 'false'. Applies to Linux instances only.
list
A list of explicitly approved patches for the baseline.
For information about accepted formats for lists of approved patches and rejected patches, see Package Name Formats for Approved and Rejected Patch Lists in the AWS Systems Manager User Guide .
(string) --
string
Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. The default value is UNSPECIFIED.
boolean
Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is 'false'. Applies to Linux instances only.
list
A list of explicitly rejected patches for the baseline.
For information about accepted formats for lists of approved patches and rejected patches, see Package Name Formats for Approved and Rejected Patch Lists in the AWS Systems Manager User Guide .
(string) --
string
The action for Patch Manager to take on patches included in the RejectedPackages list.
ALLOW_AS_DEPENDENCY : A package in the Rejected patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported as InstalledOther . This is the default action if no option is specified.
BLOCK : Packages in the RejectedPatches list, and packages that include them as dependencies, are not installed under any circumstances. If a package was installed before it was added to the Rejected patches list, it is considered non-compliant with the patch baseline, and its status is reported as InstalledRejected .
string
A description of the patch baseline.
list
Information about the patches to use to update the instances, including target operating systems and source repositories. Applies to Linux instances only.
(dict) --
Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
Name (string) -- [REQUIRED]
The name specified to identify the patch source.
Products (list) -- [REQUIRED]
The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "AmazonLinux2016.09", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter.
(string) --
Configuration (string) -- [REQUIRED]
The value of the yum repo configuration. For example:
[main]
cachedir=/var/cache/yum/$basesearch$releasever
keepcache=0
debuglevel=2
string
User-provided idempotency token.
This field is autopopulated if not provided.
list
Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a patch baseline to identify the severity level of patches it specifies and the operating system family it applies to. In this case, you could specify the following key name/value pairs:
Key=PatchSeverity,Value=Critical
Key=OS,Value=Windows
Note
To add tags to an existing patch baseline, use the AddTagsToResource action.
(dict) --
Metadata that you assign to your AWS resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Systems Manager, you can apply tags to documents, managed instances, Maintenance Windows, Parameter Store parameters, and patch baselines.
Key (string) -- [REQUIRED]
The name of the tag.
Value (string) -- [REQUIRED]
The value of the tag.
dict
Response Syntax
{
'BaselineId': 'string'
}
Response Structure
(dict) --
BaselineId (string) --
The ID of the created patch baseline.
{'ActivationList': {'Tags': [{'Key': 'string', 'Value': 'string'}]}}
Details about the activation, including: the date and time the activation was created, the expiration date, the IAM role assigned to the instances in the activation, and the number of instances activated by this registration.
See also: AWS API Documentation
Request Syntax
client.describe_activations(
Filters=[
{
'FilterKey': 'ActivationIds'|'DefaultInstanceName'|'IamRole',
'FilterValues': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
list
A filter to view information about your activations.
(dict) --
Filter for the DescribeActivation API.
FilterKey (string) --
The name of the filter.
FilterValues (list) --
The filter values.
(string) --
integer
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
string
A token to start the list. Use this token to get the next set of results.
dict
Response Syntax
{
'ActivationList': [
{
'ActivationId': 'string',
'Description': 'string',
'DefaultInstanceName': 'string',
'IamRole': 'string',
'RegistrationLimit': 123,
'RegistrationsCount': 123,
'ExpirationDate': datetime(2015, 1, 1),
'Expired': True|False,
'CreatedDate': datetime(2015, 1, 1),
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
]
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
ActivationList (list) --
A list of activations for your AWS account.
(dict) --
An activation registers one or more on-premises servers or virtual machines (VMs) with AWS so that you can configure those servers or VMs using Run Command. A server or VM that has been registered with AWS is called a managed instance.
ActivationId (string) --
The ID created by Systems Manager when you submitted the activation.
Description (string) --
A user defined description of the activation.
DefaultInstanceName (string) --
A name for the managed instance when it is created.
IamRole (string) --
The Amazon Identity and Access Management (IAM) role to assign to the managed instance.
RegistrationLimit (integer) --
The maximum number of managed instances that can be registered using this activation.
RegistrationsCount (integer) --
The number of managed instances already registered with this activation.
ExpirationDate (datetime) --
The date when this activation can no longer be used to register managed instances.
Expired (boolean) --
Whether or not the activation is expired.
CreatedDate (datetime) --
The date the activation was created.
Tags (list) --
Tags assigned to the activation.
(dict) --
Metadata that you assign to your AWS resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Systems Manager, you can apply tags to documents, managed instances, Maintenance Windows, Parameter Store parameters, and patch baselines.
Key (string) --
The name of the tag.
Value (string) --
The value of the tag.
NextToken (string) --
The token for the next set of items to return. Use this token to get the next set of results.
{'Tags': [{'Key': 'string', 'Value': 'string'}]}
Add a parameter to the system.
See also: AWS API Documentation
Request Syntax
client.put_parameter(
Name='string',
Description='string',
Value='string',
Type='String'|'StringList'|'SecureString',
KeyId='string',
Overwrite=True|False,
AllowedPattern='string',
Tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
string
[REQUIRED]
The fully qualified name of the parameter that you want to add to the system. The fully qualified name includes the complete hierarchy of the parameter path and name. For example: /Dev/DBServer/MySQL/db-string13
Naming Constraints:
Parameter names are case sensitive.
A parameter name must be unique within an AWS Region
A parameter name can't be prefixed with "aws" or "ssm" (case-insensitive).
Parameter names can include only the following symbols and letters: a-zA-Z0-9_.-/
A parameter name can't include spaces.
Parameter hierarchies are limited to a maximum depth of fifteen levels.
For additional information about valid values for parameter names, see Requirements and Constraints for Parameter Names in the AWS Systems Manager User Guide .
Note
The maximum length constraint listed below includes capacity for additional system attributes that are not part of the name. The maximum length for the fully qualified parameter name is 1011 characters.
string
Information about the parameter that you want to add to the system. Optional but recommended.
Warning
Do not enter personally identifiable information in this field.
string
[REQUIRED]
The parameter value that you want to add to the system.
string
[REQUIRED]
The type of parameter that you want to add to the system.
Items in a StringList must be separated by a comma (,). You can't use other punctuation or special character to escape items in the list. If you have a parameter value that requires a comma, then use the String data type.
Note
SecureString is not currently supported for AWS CloudFormation templates or in the China Regions.
string
The KMS Key ID that you want to use to encrypt a parameter. Either the default AWS Key Management Service (AWS KMS) key automatically assigned to your AWS account or a custom key. Required for parameters that use the SecureString data type.
If you don't specify a key ID, the system uses the default key associated with your AWS account.
To use your default AWS KMS key, choose the SecureString data type, and do not specify the Key ID when you create the parameter. The system automatically populates Key ID with your default KMS key.
To use a custom KMS key, choose the SecureString data type with the Key ID parameter.
boolean
Overwrite an existing parameter. If not specified, will default to "false".
string
A regular expression used to validate the parameter value. For example, for String types with values restricted to numbers, you can specify the following: AllowedPattern=^d+$
list
Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a Systems Manager parameter to identify the type of resource to which it applies, the environment, or the type of configuration data referenced by the parameter. In this case, you could specify the following key name/value pairs:
Key=Resource,Value=S3bucket
Key=OS,Value=Windows
Key=ParameterType,Value=LicenseKey
Note
To add tags to an existing Systems Manager parameter, use the AddTagsToResource action.
(dict) --
Metadata that you assign to your AWS resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Systems Manager, you can apply tags to documents, managed instances, Maintenance Windows, Parameter Store parameters, and patch baselines.
Key (string) -- [REQUIRED]
The name of the tag.
Value (string) -- [REQUIRED]
The value of the tag.
dict
Response Syntax
{
'Version': 123
}
Response Structure
(dict) --
Version (integer) --
The new version number of a parameter. If you edit a parameter value, Parameter Store automatically creates a new version and assigns this new version a unique ID. You can reference a parameter version ID in API actions or in Systems Manager documents (SSM documents). By default, if you don't specify a specific version, the system returns the latest parameter value when a parameter is called.