AWS CloudFormation
User Guide (API Version 2010-05-15)

AWS Systems Manager PatchBaseline Rule

The Rule property type specifies an approval rule for a Systems Manager patch baseline.

The PatchRules property of the RuleGroup property type contains a list of Rule property types.


To declare this entity in your AWS CloudFormation template, use the following syntax:


{ "PatchFilterGroup" : PatchFilterGroup, "ApproveAfterDays" : Integer, "ComplianceLevel" : String, "EnableNonSecurity" : Boolean }



The patch filter group that defines the criteria for the rule.

Required: No

Type: PatchFilterGroup

Update requires: No interruption


The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of 7 means that patches are approved seven days after they are released.

Required: No

Type: Integer

Update requires: No interruption


A compliance severity level for all approved patches in a patch baseline. Valid compliance severity levels include the following: UNSPECIFIED, CRITICAL, HIGH, MEDIUM, LOW, and INFORMATIONAL.

Required: No

Type: String

Update requires: No interruption


For instances identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is false. Applies to Linux instances only.

Required: No

Type: Boolean

Update requires: No interruption

See Also

  • PatchRule in the AWS Systems Manager API Reference.

On this page: