AWS CloudFormation
User Guide (API Version 2010-05-15)

AWS Systems Manager PatchBaseline Rule

The Rule property type specifies an approval rule for a Systems Manager patch baseline.

The PatchRules property of the Systems Manager PatchBaseline RuleGroup property type contains a list of Rule property types.


To declare this entity in your AWS CloudFormation template, use the following syntax:


{ "PatchFilterGroup" : PatchFilterGroup, "ApproveAfterDays" : Integer, "ComplianceLevel" : String }



The patch filter group that defines the criteria for the rule.

Required: No

Type: Systems Manager PatchBaseline PatchFilterGroup

Update requires: No interruption


The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of 7 means that patches are approved seven days after they are released.

Required: No

Type: Integer

Update requires: No interruption


A compliance severity level for all approved patches in a patch baseline. Valid compliance severity levels include the following: Unspecified, Critical, High, Medium, Low, and Informational.

Required: No

Type: String

Update requires: No interruption

On this page: