@Generated(value="jsii-pacmak/1.73.0 (build 6faeda3)", date="2023-01-31T18:36:52.087Z") public class CfnPatchBaseline extends CfnResource implements IInspectable
The AWS::SSM::PatchBaseline
resource defines the basic information for an AWS Systems Manager patch baseline. A patch baseline defines which patches are approved for installation on your instances.
For more information, see CreatePatchBaseline in the AWS Systems Manager API Reference .
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import software.amazon.awscdk.services.ssm.*; CfnPatchBaseline cfnPatchBaseline = CfnPatchBaseline.Builder.create(this, "MyCfnPatchBaseline") .name("name") // the properties below are optional .approvalRules(RuleGroupProperty.builder() .patchRules(List.of(RuleProperty.builder() .approveAfterDays(123) .approveUntilDate("approveUntilDate") .complianceLevel("complianceLevel") .enableNonSecurity(false) .patchFilterGroup(PatchFilterGroupProperty.builder() .patchFilters(List.of(PatchFilterProperty.builder() .key("key") .values(List.of("values")) .build())) .build()) .build())) .build()) .approvedPatches(List.of("approvedPatches")) .approvedPatchesComplianceLevel("approvedPatchesComplianceLevel") .approvedPatchesEnableNonSecurity(false) .description("description") .globalFilters(PatchFilterGroupProperty.builder() .patchFilters(List.of(PatchFilterProperty.builder() .key("key") .values(List.of("values")) .build())) .build()) .operatingSystem("operatingSystem") .patchGroups(List.of("patchGroups")) .rejectedPatches(List.of("rejectedPatches")) .rejectedPatchesAction("rejectedPatchesAction") .sources(List.of(PatchSourceProperty.builder() .configuration("configuration") .name("name") .products(List.of("products")) .build())) .tags(List.of(CfnTag.builder() .key("key") .value("value") .build())) .build();
Modifier and Type | Class and Description |
---|---|
static class |
CfnPatchBaseline.Builder
A fluent builder for
CfnPatchBaseline . |
static interface |
CfnPatchBaseline.PatchFilterGroupProperty
The `PatchFilterGroup` property type specifies a set of patch filters for an AWS Systems Manager patch baseline, typically used for approval rules for a Systems Manager patch baseline.
|
static interface |
CfnPatchBaseline.PatchFilterProperty
The `PatchFilter` property type defines a patch filter for an AWS Systems Manager patch baseline.
|
static interface |
CfnPatchBaseline.PatchSourceProperty
`PatchSource` is the property type for the `Sources` resource of the [AWS::SSM::PatchBaseline](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-patchbaseline.html) resource.
|
static interface |
CfnPatchBaseline.RuleGroupProperty
The `RuleGroup` property type specifies a set of rules that define the approval rules for an AWS Systems Manager patch baseline.
|
static interface |
CfnPatchBaseline.RuleProperty
The `Rule` property type specifies an approval rule for a Systems Manager patch baseline.
|
IInspectable.Jsii$Default, IInspectable.Jsii$Proxy
IConstruct.Jsii$Default
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
|
Modifier | Constructor and Description |
---|---|
|
CfnPatchBaseline(Construct scope,
java.lang.String id,
CfnPatchBaselineProps props)
Create a new `AWS::SSM::PatchBaseline`.
|
protected |
CfnPatchBaseline(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) |
protected |
CfnPatchBaseline(software.amazon.jsii.JsiiObjectRef objRef) |
Modifier and Type | Method and Description |
---|---|
java.lang.Object |
getApprovalRules()
A set of rules used to include patches in the baseline.
|
java.util.List<java.lang.String> |
getApprovedPatches()
A list of explicitly approved patches for the baseline.
|
java.lang.String |
getApprovedPatchesComplianceLevel()
Defines the compliance level for approved patches.
|
java.lang.Object |
getApprovedPatchesEnableNonSecurity()
Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes.
|
protected java.util.Map<java.lang.String,java.lang.Object> |
getCfnProperties() |
java.lang.String |
getDescription()
A description of the patch baseline.
|
java.lang.Object |
getGlobalFilters()
A set of global filters used to include patches in the baseline.
|
java.lang.String |
getName()
The name of the patch baseline.
|
java.lang.String |
getOperatingSystem()
Defines the operating system the patch baseline applies to.
|
java.util.List<java.lang.String> |
getPatchGroups()
The name of the patch group to be registered with the patch baseline.
|
java.util.List<java.lang.String> |
getRejectedPatches()
A list of explicitly rejected patches for the baseline.
|
java.lang.String |
getRejectedPatchesAction()
The action for Patch Manager to take on patches included in the `RejectedPackages` list.
|
java.lang.Object |
getSources()
Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
|
TagManager |
getTags()
Optional metadata that you assign to a resource.
|
void |
inspect(TreeInspector inspector)
Examines the CloudFormation resource and discloses attributes.
|
protected java.util.Map<java.lang.String,java.lang.Object> |
renderProperties(java.util.Map<java.lang.String,java.lang.Object> props) |
void |
setApprovalRules(CfnPatchBaseline.RuleGroupProperty value)
A set of rules used to include patches in the baseline.
|
void |
setApprovalRules(IResolvable value)
A set of rules used to include patches in the baseline.
|
void |
setApprovedPatches(java.util.List<java.lang.String> value)
A list of explicitly approved patches for the baseline.
|
void |
setApprovedPatchesComplianceLevel(java.lang.String value)
Defines the compliance level for approved patches.
|
void |
setApprovedPatchesEnableNonSecurity(java.lang.Boolean value)
Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes.
|
void |
setApprovedPatchesEnableNonSecurity(IResolvable value)
Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes.
|
void |
setDescription(java.lang.String value)
A description of the patch baseline.
|
void |
setGlobalFilters(CfnPatchBaseline.PatchFilterGroupProperty value)
A set of global filters used to include patches in the baseline.
|
void |
setGlobalFilters(IResolvable value)
A set of global filters used to include patches in the baseline.
|
void |
setName(java.lang.String value)
The name of the patch baseline.
|
void |
setOperatingSystem(java.lang.String value)
Defines the operating system the patch baseline applies to.
|
void |
setPatchGroups(java.util.List<java.lang.String> value)
The name of the patch group to be registered with the patch baseline.
|
void |
setRejectedPatches(java.util.List<java.lang.String> value)
A list of explicitly rejected patches for the baseline.
|
void |
setRejectedPatchesAction(java.lang.String value)
The action for Patch Manager to take on patches included in the `RejectedPackages` list.
|
void |
setSources(IResolvable value)
Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
|
void |
setSources(java.util.List<java.lang.Object> value)
Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
|
addDeletionOverride, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, isCfnResource, shouldSynthesize, toString, validateProperties
getRef
getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId
getNode, isConstruct, onPrepare, onSynthesize, onValidate, prepare, synthesize, validate
public static final java.lang.String CFN_RESOURCE_TYPE_NAME
protected CfnPatchBaseline(software.amazon.jsii.JsiiObjectRef objRef)
protected CfnPatchBaseline(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
public CfnPatchBaseline(Construct scope, java.lang.String id, CfnPatchBaselineProps props)
scope
- - scope in which this resource is defined. This parameter is required.id
- - scoped id of the resource. This parameter is required.props
- - resource properties. This parameter is required.public void inspect(TreeInspector inspector)
inspect
in interface IInspectable
inspector
- - tree inspector to collect and process attributes. This parameter is required.protected java.util.Map<java.lang.String,java.lang.Object> renderProperties(java.util.Map<java.lang.String,java.lang.Object> props)
renderProperties
in class CfnResource
props
- This parameter is required.protected java.util.Map<java.lang.String,java.lang.Object> getCfnProperties()
getCfnProperties
in class CfnResource
public TagManager getTags()
Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a patch baseline to identify the severity level of patches it specifies and the operating system family it applies to.
public java.lang.String getName()
public void setName(java.lang.String value)
public java.lang.Object getApprovalRules()
public void setApprovalRules(IResolvable value)
public void setApprovalRules(CfnPatchBaseline.RuleGroupProperty value)
public java.util.List<java.lang.String> getApprovedPatches()
For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the AWS Systems Manager User Guide .
public void setApprovedPatches(java.util.List<java.lang.String> value)
For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the AWS Systems Manager User Guide .
public java.lang.String getApprovedPatchesComplianceLevel()
When an approved patch is reported as missing, this value describes the severity of the compliance violation. The default value is UNSPECIFIED
.
public void setApprovedPatchesComplianceLevel(java.lang.String value)
When an approved patch is reported as missing, this value describes the severity of the compliance violation. The default value is UNSPECIFIED
.
public java.lang.Object getApprovedPatchesEnableNonSecurity()
The default value is false
. Applies to Linux managed nodes only.
public void setApprovedPatchesEnableNonSecurity(java.lang.Boolean value)
The default value is false
. Applies to Linux managed nodes only.
public void setApprovedPatchesEnableNonSecurity(IResolvable value)
The default value is false
. Applies to Linux managed nodes only.
public java.lang.String getDescription()
public void setDescription(java.lang.String value)
public java.lang.Object getGlobalFilters()
public void setGlobalFilters(IResolvable value)
public void setGlobalFilters(CfnPatchBaseline.PatchFilterGroupProperty value)
public java.lang.String getOperatingSystem()
The default value is WINDOWS
.
public void setOperatingSystem(java.lang.String value)
The default value is WINDOWS
.
public java.util.List<java.lang.String> getPatchGroups()
public void setPatchGroups(java.util.List<java.lang.String> value)
public java.util.List<java.lang.String> getRejectedPatches()
For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the AWS Systems Manager User Guide .
public void setRejectedPatches(java.util.List<java.lang.String> value)
For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the AWS Systems Manager User Guide .
public java.lang.String getRejectedPatchesAction()
ALLOW_AS_DEPENDENCY
: A package in the Rejected
patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported as InstalledOther
. This is the default action if no option is specified.BLOCK
: Packages in the RejectedPatches
list, and packages that include them as dependencies, aren't installed under any circumstances. If a package was installed before it was added to the Rejected patches list, it is considered non-compliant with the patch baseline, and its status is reported as InstalledRejected
.public void setRejectedPatchesAction(java.lang.String value)
ALLOW_AS_DEPENDENCY
: A package in the Rejected
patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported as InstalledOther
. This is the default action if no option is specified.BLOCK
: Packages in the RejectedPatches
list, and packages that include them as dependencies, aren't installed under any circumstances. If a package was installed before it was added to the Rejected patches list, it is considered non-compliant with the patch baseline, and its status is reported as InstalledRejected
.public java.lang.Object getSources()
Applies to Linux managed nodes only.
public void setSources(IResolvable value)
Applies to Linux managed nodes only.
public void setSources(java.util.List<java.lang.Object> value)
Applies to Linux managed nodes only.