GetDeployablePatchSnapshotForInstanceCommand

Suggest an Edit

Retrieves the current snapshot for the patch baseline the managed node uses. This API is primarily used by the AWS-RunPatchBaseline Systems Manager document (SSM document).

If you run the command locally, such as with the Command Line Interface (CLI), the system attempts to use your local Amazon Web Services credentials and the operation fails. To avoid this, you can run the command in the Amazon Web Services Systems Manager console. Use Run Command, a tool in Amazon Web Services Systems Manager, with an SSM document that enables you to target a managed node with a script or command. For example, run the command using the AWS-RunShellScript document or the AWS-RunPowerShellScript document.

Example Syntax

Use a bare-bones client and the command you need to make an API call.

import { SSMClient, GetDeployablePatchSnapshotForInstanceCommand } from "@aws-sdk/client-ssm"; // ES Modules import
// const { SSMClient, GetDeployablePatchSnapshotForInstanceCommand } = require("@aws-sdk/client-ssm"); // CommonJS import
const client = new SSMClient(config);
const input = { // GetDeployablePatchSnapshotForInstanceRequest
  InstanceId: "STRING_VALUE", // required
  SnapshotId: "STRING_VALUE", // required
  BaselineOverride: { // BaselineOverride
    OperatingSystem: "WINDOWS" || "AMAZON_LINUX" || "AMAZON_LINUX_2" || "AMAZON_LINUX_2022" || "UBUNTU" || "REDHAT_ENTERPRISE_LINUX" || "SUSE" || "CENTOS" || "ORACLE_LINUX" || "DEBIAN" || "MACOS" || "RASPBIAN" || "ROCKY_LINUX" || "ALMA_LINUX" || "AMAZON_LINUX_2023",
    GlobalFilters: { // PatchFilterGroup
      PatchFilters: [ // PatchFilterList // required
        { // PatchFilter
          Key: "ARCH" || "ADVISORY_ID" || "BUGZILLA_ID" || "PATCH_SET" || "PRODUCT" || "PRODUCT_FAMILY" || "CLASSIFICATION" || "CVE_ID" || "EPOCH" || "MSRC_SEVERITY" || "NAME" || "PATCH_ID" || "SECTION" || "PRIORITY" || "REPOSITORY" || "RELEASE" || "SEVERITY" || "SECURITY" || "VERSION", // required
          Values: [ // PatchFilterValueList // required
            "STRING_VALUE",
          ],
        },
      ],
    },
    ApprovalRules: { // PatchRuleGroup
      PatchRules: [ // PatchRuleList // required
        { // PatchRule
          PatchFilterGroup: {
            PatchFilters: [ // required
              {
                Key: "ARCH" || "ADVISORY_ID" || "BUGZILLA_ID" || "PATCH_SET" || "PRODUCT" || "PRODUCT_FAMILY" || "CLASSIFICATION" || "CVE_ID" || "EPOCH" || "MSRC_SEVERITY" || "NAME" || "PATCH_ID" || "SECTION" || "PRIORITY" || "REPOSITORY" || "RELEASE" || "SEVERITY" || "SECURITY" || "VERSION", // required
                Values: [ // required
                  "STRING_VALUE",
                ],
              },
            ],
          },
          ComplianceLevel: "CRITICAL" || "HIGH" || "MEDIUM" || "LOW" || "INFORMATIONAL" || "UNSPECIFIED",
          ApproveAfterDays: Number("int"),
          ApproveUntilDate: "STRING_VALUE",
          EnableNonSecurity: true || false,
        },
      ],
    },
    ApprovedPatches: [ // PatchIdList
      "STRING_VALUE",
    ],
    ApprovedPatchesComplianceLevel: "CRITICAL" || "HIGH" || "MEDIUM" || "LOW" || "INFORMATIONAL" || "UNSPECIFIED",
    RejectedPatches: [
      "STRING_VALUE",
    ],
    RejectedPatchesAction: "ALLOW_AS_DEPENDENCY" || "BLOCK",
    ApprovedPatchesEnableNonSecurity: true || false,
    Sources: [ // PatchSourceList
      { // PatchSource
        Name: "STRING_VALUE", // required
        Products: [ // PatchSourceProductList // required
          "STRING_VALUE",
        ],
        Configuration: "STRING_VALUE", // required
      },
    ],
    AvailableSecurityUpdatesComplianceStatus: "COMPLIANT" || "NON_COMPLIANT",
  },
};
const command = new GetDeployablePatchSnapshotForInstanceCommand(input);
const response = await client.send(command);
// { // GetDeployablePatchSnapshotForInstanceResult
//   InstanceId: "STRING_VALUE",
//   SnapshotId: "STRING_VALUE",
//   SnapshotDownloadUrl: "STRING_VALUE",
//   Product: "STRING_VALUE",
// };

GetDeployablePatchSnapshotForInstanceCommand Input

See GetDeployablePatchSnapshotForInstanceCommandInput for more details

Parameter
Type
Description
InstanceId
Required
string | undefined

The ID of the managed node for which the appropriate patch snapshot should be retrieved.

SnapshotId
Required
string | undefined

The snapshot ID provided by the user when running AWS-RunPatchBaseline.

BaselineOverride
BaselineOverride | undefined

Defines the basic information about a patch baseline override.

GetDeployablePatchSnapshotForInstanceCommand Output

See GetDeployablePatchSnapshotForInstanceCommandOutput for details

Parameter
Type
Description
$metadata
Required
ResponseMetadata
Metadata pertaining to this request.
InstanceId
string | undefined

The managed node ID.

Product
string | undefined

Returns the specific operating system (for example Windows Server 2012 or Amazon Linux 2015.09) on the managed node for the specified patch snapshot.

SnapshotDownloadUrl
string | undefined

A pre-signed Amazon Simple Storage Service (Amazon S3) URL that can be used to download the patch snapshot.

SnapshotId
string | undefined

The user-defined snapshot ID.

Throws

Name
Fault
Details
InternalServerError
server

An error occurred on the server side.

UnsupportedFeatureRequiredException
client

Patching for applications released by Microsoft is only available on EC2 instances and advanced instances. To patch applications released by Microsoft on on-premises servers and VMs, you must enable advanced instances. For more information, see Turning on the advanced-instances tier  in the Amazon Web Services Systems Manager User Guide.

UnsupportedOperatingSystem
client

The operating systems you specified isn't supported, or the operation isn't supported for the operating system.

SSMServiceException
Base exception class for all service exceptions from SSM service.