AWS CloudFormation
User Guide (Version )

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

AWS::SSM::PatchBaseline Rule

The Rule property type specifies an approval rule for a Systems Manager patch baseline.

The PatchRules property of the RuleGroup property type contains a list of Rule property types.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "ApproveAfterDays" : Integer, "ComplianceLevel" : String, "EnableNonSecurity" : Boolean, "PatchFilterGroup" : PatchFilterGroup }

Properties

ApproveAfterDays

The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of 7 means that patches are approved seven days after they are released.

You must specify a value for ApproveAfterDays.

Required: Conditional

Type: Integer

Minimum: 0

Maximum: 100

Update requires: No interruption

ComplianceLevel

A compliance severity level for all approved patches in a patch baseline. Valid compliance severity levels include the following: UNSPECIFIED, CRITICAL, HIGH, MEDIUM, LOW, and INFORMATIONAL.

Required: No

Type: String

Allowed Values: CRITICAL | HIGH | INFORMATIONAL | LOW | MEDIUM | UNSPECIFIED

Update requires: No interruption

EnableNonSecurity

For instances identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is 'false'. Applies to Linux instances only.

Required: No

Type: Boolean

Update requires: No interruption

PatchFilterGroup

The patch filter group that defines the criteria for the rule.

Required: No

Type: PatchFilterGroup

Update requires: No interruption

See Also

  • PatchRule in the AWS Systems Manager API Reference.

On this page: