software.amazon.awscdk.services.ssm

Class CfnPatchBaseline

java.lang.Object

software.constructs.Construct

software.amazon.awscdk.core.Construct

software.amazon.awscdk.core.CfnElement

software.amazon.awscdk.core.CfnRefElement

software.amazon.awscdk.core.CfnResource

software.amazon.awscdk.services.ssm.CfnPatchBaseline

All Implemented Interfaces:

IConstruct, IDependable, IInspectable

@Generated(value="jsii-pacmak/1.73.0 (build 6faeda3)",
           date="2023-01-31T18:36:52.087Z")
public class CfnPatchBaseline
extends CfnResource
implements IInspectable

A CloudFormation `AWS::SSM::PatchBaseline`.

The AWS::SSM::PatchBaseline resource defines the basic information for an AWS Systems Manager patch baseline. A patch baseline defines which patches are approved for installation on your instances.

For more information, see CreatePatchBaseline in the AWS Systems Manager API Reference .

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.ssm.*;
 CfnPatchBaseline cfnPatchBaseline = CfnPatchBaseline.Builder.create(this, "MyCfnPatchBaseline")
         .name("name")
         // the properties below are optional
         .approvalRules(RuleGroupProperty.builder()
                 .patchRules(List.of(RuleProperty.builder()
                         .approveAfterDays(123)
                         .approveUntilDate("approveUntilDate")
                         .complianceLevel("complianceLevel")
                         .enableNonSecurity(false)
                         .patchFilterGroup(PatchFilterGroupProperty.builder()
                                 .patchFilters(List.of(PatchFilterProperty.builder()
                                         .key("key")
                                         .values(List.of("values"))
                                         .build()))
                                 .build())
                         .build()))
                 .build())
         .approvedPatches(List.of("approvedPatches"))
         .approvedPatchesComplianceLevel("approvedPatchesComplianceLevel")
         .approvedPatchesEnableNonSecurity(false)
         .description("description")
         .globalFilters(PatchFilterGroupProperty.builder()
                 .patchFilters(List.of(PatchFilterProperty.builder()
                         .key("key")
                         .values(List.of("values"))
                         .build()))
                 .build())
         .operatingSystem("operatingSystem")
         .patchGroups(List.of("patchGroups"))
         .rejectedPatches(List.of("rejectedPatches"))
         .rejectedPatchesAction("rejectedPatchesAction")
         .sources(List.of(PatchSourceProperty.builder()
                 .configuration("configuration")
                 .name("name")
                 .products(List.of("products"))
                 .build()))
         .tags(List.of(CfnTag.builder()
                 .key("key")
                 .value("value")
                 .build()))
         .build();
 

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	CfnPatchBaseline.Builder A fluent builder for CfnPatchBaseline.
static interface	CfnPatchBaseline.PatchFilterGroupProperty The `PatchFilterGroup` property type specifies a set of patch filters for an AWS Systems Manager patch baseline, typically used for approval rules for a Systems Manager patch baseline.
static interface	CfnPatchBaseline.PatchFilterProperty The `PatchFilter` property type defines a patch filter for an AWS Systems Manager patch baseline.
static interface	CfnPatchBaseline.PatchSourceProperty `PatchSource` is the property type for the `Sources` resource of the [AWS::SSM::PatchBaseline](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-patchbaseline.html) resource.
static interface	CfnPatchBaseline.RuleGroupProperty The `RuleGroup` property type specifies a set of rules that define the approval rules for an AWS Systems Manager patch baseline.
static interface	CfnPatchBaseline.RuleProperty The `Rule` property type specifies an approval rule for a Systems Manager patch baseline.

Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IInspectable

IInspectable.Jsii$Default, IInspectable.Jsii$Proxy

Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IConstruct

IConstruct.Jsii$Default

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	CFN_RESOURCE_TYPE_NAME The CloudFormation resource type name for this resource class.

Constructor Summary

Constructors

Modifier	Constructor and Description
	CfnPatchBaseline(Construct scope, java.lang.String id, CfnPatchBaselineProps props) Create a new `AWS::SSM::PatchBaseline`.
protected	CfnPatchBaseline(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	CfnPatchBaseline(software.amazon.jsii.JsiiObjectRef objRef)

Method Summary

Modifier and Type	Method and Description
java.lang.Object	getApprovalRules() A set of rules used to include patches in the baseline.
java.util.List<java.lang.String>	getApprovedPatches() A list of explicitly approved patches for the baseline.
java.lang.String	getApprovedPatchesComplianceLevel() Defines the compliance level for approved patches.
java.lang.Object	getApprovedPatchesEnableNonSecurity() Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes.
protected java.util.Map<java.lang.String,java.lang.Object>	getCfnProperties()
java.lang.String	getDescription() A description of the patch baseline.
java.lang.Object	getGlobalFilters() A set of global filters used to include patches in the baseline.
java.lang.String	getName() The name of the patch baseline.
java.lang.String	getOperatingSystem() Defines the operating system the patch baseline applies to.
java.util.List<java.lang.String>	getPatchGroups() The name of the patch group to be registered with the patch baseline.
java.util.List<java.lang.String>	getRejectedPatches() A list of explicitly rejected patches for the baseline.
java.lang.String	getRejectedPatchesAction() The action for Patch Manager to take on patches included in the `RejectedPackages` list.
java.lang.Object	getSources() Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
TagManager	getTags() Optional metadata that you assign to a resource.
void	inspect(TreeInspector inspector) Examines the CloudFormation resource and discloses attributes.
protected java.util.Map<java.lang.String,java.lang.Object>	renderProperties(java.util.Map<java.lang.String,java.lang.Object> props)
void	setApprovalRules(CfnPatchBaseline.RuleGroupProperty value) A set of rules used to include patches in the baseline.
void	setApprovalRules(IResolvable value) A set of rules used to include patches in the baseline.
void	setApprovedPatches(java.util.List<java.lang.String> value) A list of explicitly approved patches for the baseline.
void	setApprovedPatchesComplianceLevel(java.lang.String value) Defines the compliance level for approved patches.
void	setApprovedPatchesEnableNonSecurity(java.lang.Boolean value) Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes.
void	setApprovedPatchesEnableNonSecurity(IResolvable value) Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes.
void	setDescription(java.lang.String value) A description of the patch baseline.
void	setGlobalFilters(CfnPatchBaseline.PatchFilterGroupProperty value) A set of global filters used to include patches in the baseline.
void	setGlobalFilters(IResolvable value) A set of global filters used to include patches in the baseline.
void	setName(java.lang.String value) The name of the patch baseline.
void	setOperatingSystem(java.lang.String value) Defines the operating system the patch baseline applies to.
void	setPatchGroups(java.util.List<java.lang.String> value) The name of the patch group to be registered with the patch baseline.
void	setRejectedPatches(java.util.List<java.lang.String> value) A list of explicitly rejected patches for the baseline.
void	setRejectedPatchesAction(java.lang.String value) The action for Patch Manager to take on patches included in the `RejectedPackages` list.
void	setSources(IResolvable value) Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
void	setSources(java.util.List<java.lang.Object> value) Information about the patches to use to update the managed nodes, including target operating systems and source repositories.

Methods inherited from class software.amazon.awscdk.core.CfnResource

addDeletionOverride, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, isCfnResource, shouldSynthesize, toString, validateProperties

Methods inherited from class software.amazon.awscdk.core.CfnRefElement

getRef

Methods inherited from class software.amazon.awscdk.core.CfnElement

getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId

Methods inherited from class software.amazon.awscdk.core.Construct

getNode, isConstruct, onPrepare, onSynthesize, onValidate, prepare, synthesize, validate

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

CFN_RESOURCE_TYPE_NAME

public static final java.lang.String CFN_RESOURCE_TYPE_NAME

The CloudFormation resource type name for this resource class.

Constructor Detail

CfnPatchBaseline

protected CfnPatchBaseline(software.amazon.jsii.JsiiObjectRef objRef)

CfnPatchBaseline

protected CfnPatchBaseline(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

CfnPatchBaseline

public CfnPatchBaseline(Construct scope,
                        java.lang.String id,
                        CfnPatchBaselineProps props)

Create a new `AWS::SSM::PatchBaseline`.

Parameters:

scope - - scope in which this resource is defined. This parameter is required.

id - - scoped id of the resource. This parameter is required.

props - - resource properties. This parameter is required.

Method Detail

inspect

public void inspect(TreeInspector inspector)

Examines the CloudFormation resource and discloses attributes.

Specified by:

inspect in interface IInspectable

Parameters:

inspector - - tree inspector to collect and process attributes. This parameter is required.

renderProperties

protected java.util.Map<java.lang.String,java.lang.Object> renderProperties(java.util.Map<java.lang.String,java.lang.Object> props)

Overrides:

renderProperties in class CfnResource

Parameters:

props - This parameter is required.

getCfnProperties

protected java.util.Map<java.lang.String,java.lang.Object> getCfnProperties()

Overrides:

getCfnProperties in class CfnResource

getTags

public TagManager getTags()

Optional metadata that you assign to a resource.

Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a patch baseline to identify the severity level of patches it specifies and the operating system family it applies to.

getName

public java.lang.String getName()

The name of the patch baseline.

setName

public void setName(java.lang.String value)

The name of the patch baseline.

getApprovalRules

public java.lang.Object getApprovalRules()

A set of rules used to include patches in the baseline.

setApprovalRules

public void setApprovalRules(IResolvable value)

A set of rules used to include patches in the baseline.

setApprovalRules

public void setApprovalRules(CfnPatchBaseline.RuleGroupProperty value)

A set of rules used to include patches in the baseline.

getApprovedPatches

public java.util.List<java.lang.String> getApprovedPatches()

A list of explicitly approved patches for the baseline.

For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the AWS Systems Manager User Guide .

setApprovedPatches

public void setApprovedPatches(java.util.List<java.lang.String> value)

A list of explicitly approved patches for the baseline.

For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the AWS Systems Manager User Guide .

getApprovedPatchesComplianceLevel

public java.lang.String getApprovedPatchesComplianceLevel()

Defines the compliance level for approved patches.

When an approved patch is reported as missing, this value describes the severity of the compliance violation. The default value is UNSPECIFIED .

setApprovedPatchesComplianceLevel

public void setApprovedPatchesComplianceLevel(java.lang.String value)

Defines the compliance level for approved patches.

When an approved patch is reported as missing, this value describes the severity of the compliance violation. The default value is UNSPECIFIED .

getApprovedPatchesEnableNonSecurity

public java.lang.Object getApprovedPatchesEnableNonSecurity()

Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes.

The default value is false . Applies to Linux managed nodes only.

setApprovedPatchesEnableNonSecurity

public void setApprovedPatchesEnableNonSecurity(java.lang.Boolean value)

Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes.

The default value is false . Applies to Linux managed nodes only.

setApprovedPatchesEnableNonSecurity

public void setApprovedPatchesEnableNonSecurity(IResolvable value)

Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes.

The default value is false . Applies to Linux managed nodes only.

getDescription

public java.lang.String getDescription()

A description of the patch baseline.

setDescription

public void setDescription(java.lang.String value)

A description of the patch baseline.

getGlobalFilters

public java.lang.Object getGlobalFilters()

A set of global filters used to include patches in the baseline.

setGlobalFilters

public void setGlobalFilters(IResolvable value)

A set of global filters used to include patches in the baseline.

setGlobalFilters

public void setGlobalFilters(CfnPatchBaseline.PatchFilterGroupProperty value)

A set of global filters used to include patches in the baseline.

getOperatingSystem

public java.lang.String getOperatingSystem()

Defines the operating system the patch baseline applies to.

The default value is WINDOWS .

setOperatingSystem

public void setOperatingSystem(java.lang.String value)

Defines the operating system the patch baseline applies to.

The default value is WINDOWS .

getPatchGroups

public java.util.List<java.lang.String> getPatchGroups()

The name of the patch group to be registered with the patch baseline.

setPatchGroups

public void setPatchGroups(java.util.List<java.lang.String> value)

The name of the patch group to be registered with the patch baseline.

getRejectedPatches

public java.util.List<java.lang.String> getRejectedPatches()

A list of explicitly rejected patches for the baseline.

For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the AWS Systems Manager User Guide .

setRejectedPatches

public void setRejectedPatches(java.util.List<java.lang.String> value)

A list of explicitly rejected patches for the baseline.

For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the AWS Systems Manager User Guide .

getRejectedPatchesAction

public java.lang.String getRejectedPatchesAction()

The action for Patch Manager to take on patches included in the `RejectedPackages` list.

• ALLOW_AS_DEPENDENCY : A package in the Rejected patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported as InstalledOther . This is the default action if no option is specified.
• BLOCK : Packages in the RejectedPatches list, and packages that include them as dependencies, aren't installed under any circumstances. If a package was installed before it was added to the Rejected patches list, it is considered non-compliant with the patch baseline, and its status is reported as InstalledRejected .

setRejectedPatchesAction

public void setRejectedPatchesAction(java.lang.String value)

The action for Patch Manager to take on patches included in the `RejectedPackages` list.

• ALLOW_AS_DEPENDENCY : A package in the Rejected patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported as InstalledOther . This is the default action if no option is specified.
• BLOCK : Packages in the RejectedPatches list, and packages that include them as dependencies, aren't installed under any circumstances. If a package was installed before it was added to the Rejected patches list, it is considered non-compliant with the patch baseline, and its status is reported as InstalledRejected .

getSources

public java.lang.Object getSources()

Information about the patches to use to update the managed nodes, including target operating systems and source repositories.

Applies to Linux managed nodes only.

setSources

public void setSources(IResolvable value)

Information about the patches to use to update the managed nodes, including target operating systems and source repositories.

Applies to Linux managed nodes only.

setSources

public void setSources(java.util.List<java.lang.Object> value)

Information about the patches to use to update the managed nodes, including target operating systems and source repositories.

Applies to Linux managed nodes only.