AWS CloudFormation
User Guide (API Version 2010-05-15)

Amazon EC2 Systems Manager PatchBaseline Rule

The Rule property type specifies an approval rule for an Amazon EC2 Systems Manager patch baseline.

The PatchRules property of the SSM PatchBaseline RuleGroup property type contains a list of Rule property types.


To declare this entity in your AWS CloudFormation template, use the following syntax:


{ "PatchFilterGroup" : PatchFilterGroup, "ApproveAfterDays" : Integer, "ComplianceLevel" : String }



The patch filter group that defines the criteria for the rule.

Required: No

Type: SSM PatchBaseline PatchFilterGroup

Update requires: No interruption


The number of days after the release date of each patch that matches the rule to mark the patch as approved in the patch baseline. For example, a value of 7 means that patches are approved seven days after they are released.

Required: No

Type: Integer

Update requires: No interruption


A compliance severity level for all approved patches in a patch baseline. Valid compliance severity levels include the following: Unspecified, Critical, High, Medium, Low, and Informational.

Required: No

Type: String

Update requires: No interruption

On this page: