2019/11/22 - Amazon Simple Systems Manager (SSM) - 4 updated api methods
Changes Add RebootOption and LastNoRebootInstallOperationTime for DescribeInstancePatchStates and DescribeInstancePatchStatesForPatchGroup API
{'InstancePatchStates': {'InstalledPendingRebootCount': 'integer',
'LastNoRebootInstallOperationTime': 'timestamp',
'RebootOption': 'RebootIfNeeded | NoReboot'}}
Retrieves the high-level patch state of one or more instances.
See also: AWS API Documentation
Request Syntax
client.describe_instance_patch_states(
InstanceIds=[
'string',
],
NextToken='string',
MaxResults=123
)
list
[REQUIRED]
The ID of the instance whose patch state information should be retrieved.
(string) --
string
The token for the next set of items to return. (You received this token from a previous call.)
integer
The maximum number of instances to return (per page).
dict
Response Syntax
{
'InstancePatchStates': [
{
'InstanceId': 'string',
'PatchGroup': 'string',
'BaselineId': 'string',
'SnapshotId': 'string',
'InstallOverrideList': 'string',
'OwnerInformation': 'string',
'InstalledCount': 123,
'InstalledOtherCount': 123,
'InstalledPendingRebootCount': 123,
'InstalledRejectedCount': 123,
'MissingCount': 123,
'FailedCount': 123,
'UnreportedNotApplicableCount': 123,
'NotApplicableCount': 123,
'OperationStartTime': datetime(2015, 1, 1),
'OperationEndTime': datetime(2015, 1, 1),
'Operation': 'Scan'|'Install',
'LastNoRebootInstallOperationTime': datetime(2015, 1, 1),
'RebootOption': 'RebootIfNeeded'|'NoReboot'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
InstancePatchStates (list) --
The high-level patch state for the requested instances.
(dict) --
Defines the high-level patch compliance state for a managed instance, providing information about the number of installed, missing, not applicable, and failed patches along with metadata about the operation when this information was gathered for the instance.
InstanceId (string) --
The ID of the managed instance the high-level patch compliance information was collected for.
PatchGroup (string) --
The name of the patch group the managed instance belongs to.
BaselineId (string) --
The ID of the patch baseline used to patch the instance.
SnapshotId (string) --
The ID of the patch baseline snapshot used during the patching operation when this compliance data was collected.
InstallOverrideList (string) --
An https URL or an Amazon S3 path-style URL to a list of patches to be installed. This patch installation list, which you maintain in an Amazon S3 bucket in YAML format and specify in the SSM document AWS-RunPatchBaseline , overrides the patches specified by the default patch baseline.
For more information about the InstallOverrideList parameter, see About the SSM Document AWS-RunPatchBaseline in the AWS Systems Manager User Guide .
OwnerInformation (string) --
Placeholder information. This field will always be empty in the current release of the service.
InstalledCount (integer) --
The number of patches from the patch baseline that are installed on the instance.
InstalledOtherCount (integer) --
The number of patches not specified in the patch baseline that are installed on the instance.
InstalledPendingRebootCount (integer) --
The number of patches installed since the last time the instance was rebooted.
InstalledRejectedCount (integer) --
The number of instances with patches installed that are specified in a RejectedPatches list. Patches with a status of InstalledRejected were typically installed before they were added to a RejectedPatches list.
Note
If ALLOW_AS_DEPENDENCY is the specified option for RejectedPatchesAction, the value of InstalledRejectedCount will always be 0 (zero).
MissingCount (integer) --
The number of patches from the patch baseline that are applicable for the instance but aren't currently installed.
FailedCount (integer) --
The number of patches from the patch baseline that were attempted to be installed during the last patching operation, but failed to install.
UnreportedNotApplicableCount (integer) --
The number of patches beyond the supported limit of NotApplicableCount that are not reported by name to Systems Manager Inventory.
NotApplicableCount (integer) --
The number of patches from the patch baseline that aren't applicable for the instance and therefore aren't installed on the instance. This number may be truncated if the list of patch names is very large. The number of patches beyond this limit are reported in UnreportedNotApplicableCount .
OperationStartTime (datetime) --
The time the most recent patching operation was started on the instance.
OperationEndTime (datetime) --
The time the most recent patching operation completed on the instance.
Operation (string) --
The type of patching operation that was performed: SCAN (assess patch compliance state) or INSTALL (install missing patches).
LastNoRebootInstallOperationTime (datetime) --
The time of the last attempt to patch the instance with NoReboot specified as the reboot option.
RebootOption (string) --
Indicates the reboot option specified in the patch baseline.
Note
Reboot options apply to Install operations only. Reboots are not attempted for Patch Manager Scan operations.
RebootIfNeeded : Patch Manager tries to reboot the instance if it installed any patches, or if any patches are detected with a status of InstalledPendingReboot .
NoReboot : Patch Manager attempts to install missing packages without trying to reboot the system. Patches installed with this option are assigned a status of InstalledPendingReboot . These patches might not be in effect until a reboot is performed.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
{'InstancePatchStates': {'InstalledPendingRebootCount': 'integer',
'LastNoRebootInstallOperationTime': 'timestamp',
'RebootOption': 'RebootIfNeeded | NoReboot'}}
Retrieves the high-level patch state for the instances in the specified patch group.
See also: AWS API Documentation
Request Syntax
client.describe_instance_patch_states_for_patch_group(
PatchGroup='string',
Filters=[
{
'Key': 'string',
'Values': [
'string',
],
'Type': 'Equal'|'NotEqual'|'LessThan'|'GreaterThan'
},
],
NextToken='string',
MaxResults=123
)
string
[REQUIRED]
The name of the patch group for which the patch state information should be retrieved.
list
Each entry in the array is a structure containing:
Key (string between 1 and 200 characters)
Values (array containing a single string)
Type (string "Equal", "NotEqual", "LessThan", "GreaterThan")
(dict) --
Defines a filter used in DescribeInstancePatchStatesForPatchGroup used to scope down the information returned by the API.
Key (string) -- [REQUIRED]
The key for the filter. Supported values are FailedCount, InstalledCount, InstalledOtherCount, MissingCount and NotApplicableCount.
Values (list) -- [REQUIRED]
The value for the filter, must be an integer greater than or equal to 0.
(string) --
Type (string) -- [REQUIRED]
The type of comparison that should be performed for the value: Equal, NotEqual, LessThan or GreaterThan.
string
The token for the next set of items to return. (You received this token from a previous call.)
integer
The maximum number of patches to return (per page).
dict
Response Syntax
{
'InstancePatchStates': [
{
'InstanceId': 'string',
'PatchGroup': 'string',
'BaselineId': 'string',
'SnapshotId': 'string',
'InstallOverrideList': 'string',
'OwnerInformation': 'string',
'InstalledCount': 123,
'InstalledOtherCount': 123,
'InstalledPendingRebootCount': 123,
'InstalledRejectedCount': 123,
'MissingCount': 123,
'FailedCount': 123,
'UnreportedNotApplicableCount': 123,
'NotApplicableCount': 123,
'OperationStartTime': datetime(2015, 1, 1),
'OperationEndTime': datetime(2015, 1, 1),
'Operation': 'Scan'|'Install',
'LastNoRebootInstallOperationTime': datetime(2015, 1, 1),
'RebootOption': 'RebootIfNeeded'|'NoReboot'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
InstancePatchStates (list) --
The high-level patch state for the requested instances.
(dict) --
Defines the high-level patch compliance state for a managed instance, providing information about the number of installed, missing, not applicable, and failed patches along with metadata about the operation when this information was gathered for the instance.
InstanceId (string) --
The ID of the managed instance the high-level patch compliance information was collected for.
PatchGroup (string) --
The name of the patch group the managed instance belongs to.
BaselineId (string) --
The ID of the patch baseline used to patch the instance.
SnapshotId (string) --
The ID of the patch baseline snapshot used during the patching operation when this compliance data was collected.
InstallOverrideList (string) --
An https URL or an Amazon S3 path-style URL to a list of patches to be installed. This patch installation list, which you maintain in an Amazon S3 bucket in YAML format and specify in the SSM document AWS-RunPatchBaseline , overrides the patches specified by the default patch baseline.
For more information about the InstallOverrideList parameter, see About the SSM Document AWS-RunPatchBaseline in the AWS Systems Manager User Guide .
OwnerInformation (string) --
Placeholder information. This field will always be empty in the current release of the service.
InstalledCount (integer) --
The number of patches from the patch baseline that are installed on the instance.
InstalledOtherCount (integer) --
The number of patches not specified in the patch baseline that are installed on the instance.
InstalledPendingRebootCount (integer) --
The number of patches installed since the last time the instance was rebooted.
InstalledRejectedCount (integer) --
The number of instances with patches installed that are specified in a RejectedPatches list. Patches with a status of InstalledRejected were typically installed before they were added to a RejectedPatches list.
Note
If ALLOW_AS_DEPENDENCY is the specified option for RejectedPatchesAction, the value of InstalledRejectedCount will always be 0 (zero).
MissingCount (integer) --
The number of patches from the patch baseline that are applicable for the instance but aren't currently installed.
FailedCount (integer) --
The number of patches from the patch baseline that were attempted to be installed during the last patching operation, but failed to install.
UnreportedNotApplicableCount (integer) --
The number of patches beyond the supported limit of NotApplicableCount that are not reported by name to Systems Manager Inventory.
NotApplicableCount (integer) --
The number of patches from the patch baseline that aren't applicable for the instance and therefore aren't installed on the instance. This number may be truncated if the list of patch names is very large. The number of patches beyond this limit are reported in UnreportedNotApplicableCount .
OperationStartTime (datetime) --
The time the most recent patching operation was started on the instance.
OperationEndTime (datetime) --
The time the most recent patching operation completed on the instance.
Operation (string) --
The type of patching operation that was performed: SCAN (assess patch compliance state) or INSTALL (install missing patches).
LastNoRebootInstallOperationTime (datetime) --
The time of the last attempt to patch the instance with NoReboot specified as the reboot option.
RebootOption (string) --
Indicates the reboot option specified in the patch baseline.
Note
Reboot options apply to Install operations only. Reboots are not attempted for Patch Manager Scan operations.
RebootIfNeeded : Patch Manager tries to reboot the instance if it installed any patches, or if any patches are detected with a status of InstalledPendingReboot .
NoReboot : Patch Manager attempts to install missing packages without trying to reboot the system. Patches installed with this option are assigned a status of InstalledPendingReboot . These patches might not be in effect until a reboot is performed.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
{'Patches': {'State': {'INSTALLED_PENDING_REBOOT'}}}
Retrieves information about the patches on the specified instance and their state relative to the patch baseline being used for the instance.
See also: AWS API Documentation
Request Syntax
client.describe_instance_patches(
InstanceId='string',
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
NextToken='string',
MaxResults=123
)
string
[REQUIRED]
The ID of the instance whose patch state information should be retrieved.
list
An array of structures. Each entry in the array is a structure containing a Key, Value combination. Valid values for Key are Classification | KBId | Severity | State .
(dict) --
Defines a filter used in Patch Manager APIs.
Key (string) --
The key for the filter.
Values (list) --
The value for the filter.
(string) --
string
The token for the next set of items to return. (You received this token from a previous call.)
integer
The maximum number of patches to return (per page).
dict
Response Syntax
{
'Patches': [
{
'Title': 'string',
'KBId': 'string',
'Classification': 'string',
'Severity': 'string',
'State': 'INSTALLED'|'INSTALLED_OTHER'|'INSTALLED_PENDING_REBOOT'|'INSTALLED_REJECTED'|'MISSING'|'NOT_APPLICABLE'|'FAILED',
'InstalledTime': datetime(2015, 1, 1)
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Patches (list) --
Each entry in the array is a structure containing:
Title (string)
KBId (string)
Classification (string)
Severity (string)
State (string, such as "INSTALLED" or "FAILED")
InstalledTime (DateTime)
InstalledBy (string)
(dict) --
Information about the state of a patch on a particular instance as it relates to the patch baseline used to patch the instance.
Title (string) --
The title of the patch.
KBId (string) --
The operating system-specific ID of the patch.
Classification (string) --
The classification of the patch (for example, SecurityUpdates, Updates, CriticalUpdates).
Severity (string) --
The severity of the patch (for example, Critical, Important, Moderate).
State (string) --
The state of the patch on the instance, such as INSTALLED or FAILED.
For descriptions of each patch state, see About Patch Compliance in the AWS Systems Manager User Guide .
InstalledTime (datetime) --
The date/time the patch was installed on the instance. Note that not all operating systems provide this level of information.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
{'InstancesWithInstalledPendingRebootPatches': 'integer'}
Returns high-level aggregated patch compliance state for a patch group.
See also: AWS API Documentation
Request Syntax
client.describe_patch_group_state(
PatchGroup='string'
)
string
[REQUIRED]
The name of the patch group whose patch snapshot should be retrieved.
dict
Response Syntax
{
'Instances': 123,
'InstancesWithInstalledPatches': 123,
'InstancesWithInstalledOtherPatches': 123,
'InstancesWithInstalledPendingRebootPatches': 123,
'InstancesWithInstalledRejectedPatches': 123,
'InstancesWithMissingPatches': 123,
'InstancesWithFailedPatches': 123,
'InstancesWithNotApplicablePatches': 123,
'InstancesWithUnreportedNotApplicablePatches': 123
}
Response Structure
(dict) --
Instances (integer) --
The number of instances in the patch group.
InstancesWithInstalledPatches (integer) --
The number of instances with installed patches.
InstancesWithInstalledOtherPatches (integer) --
The number of instances with patches installed that aren't defined in the patch baseline.
InstancesWithInstalledPendingRebootPatches (integer) --
The number of instances with patches installed that have not been rebooted after the patch installation. The status of these instances is NON_COMPLIANT.
InstancesWithInstalledRejectedPatches (integer) --
The number of instances with patches installed that are specified in a RejectedPatches list. Patches with a status of INSTALLED_REJECTED were typically installed before they were added to a RejectedPatches list.
Note
If ALLOW_AS_DEPENDENCY is the specified option for RejectedPatchesAction, the value of InstancesWithInstalledRejectedPatches will always be 0 (zero).
InstancesWithMissingPatches (integer) --
The number of instances with missing patches from the patch baseline.
InstancesWithFailedPatches (integer) --
The number of instances with patches from the patch baseline that failed to install.
InstancesWithNotApplicablePatches (integer) --
The number of instances with patches that aren't applicable.
InstancesWithUnreportedNotApplicablePatches (integer) --
The number of instances with NotApplicable patches beyond the supported limit, which are not reported by name to Systems Manager Inventory.