Interface ICfnPatchBaselineProps
Properties for defining a CfnPatchBaseline.
Namespace: Amazon.CDK.AWS.SSM
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public interface ICfnPatchBaselinePropsSyntax (vb)
Public Interface ICfnPatchBaselinePropsRemarks
See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-patchbaseline.html
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.SSM;
var cfnPatchBaselineProps = new CfnPatchBaselineProps {
Name = "name",
// the properties below are optional
ApprovalRules = new RuleGroupProperty {
PatchRules = new [] { new RuleProperty {
ApproveAfterDays = 123,
ApproveUntilDate = "approveUntilDate",
ComplianceLevel = "complianceLevel",
EnableNonSecurity = false,
PatchFilterGroup = new PatchFilterGroupProperty {
PatchFilters = new [] { new PatchFilterProperty {
Key = "key",
Values = new [] { "values" }
} }
}
} }
},
ApprovedPatches = new [] { "approvedPatches" },
ApprovedPatchesComplianceLevel = "approvedPatchesComplianceLevel",
ApprovedPatchesEnableNonSecurity = false,
AvailableSecurityUpdatesComplianceStatus = "availableSecurityUpdatesComplianceStatus",
DefaultBaseline = false,
Description = "description",
GlobalFilters = new PatchFilterGroupProperty {
PatchFilters = new [] { new PatchFilterProperty {
Key = "key",
Values = new [] { "values" }
} }
},
OperatingSystem = "operatingSystem",
PatchGroups = new [] { "patchGroups" },
RejectedPatches = new [] { "rejectedPatches" },
RejectedPatchesAction = "rejectedPatchesAction",
Sources = new [] { new PatchSourceProperty {
Configuration = "configuration",
Name = "name",
Products = new [] { "products" }
} },
Tags = new [] { new CfnTag {
Key = "key",
Value = "value"
} }
};Synopsis
Properties
| ApprovalRules | A set of rules used to include patches in the baseline. |
| ApprovedPatches | A list of explicitly approved patches for the baseline. |
| ApprovedPatchesComplianceLevel | Defines the compliance level for approved patches. |
| ApprovedPatchesEnableNonSecurity | Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes. |
| AvailableSecurityUpdatesComplianceStatus | Indicates the status you want to assign to security patches that are available but not approved because they don't meet the installation criteria specified in the patch baseline. |
| DefaultBaseline | Indicates whether this is the default baseline. |
| Description | A description of the patch baseline. |
| GlobalFilters | A set of global filters used to include patches in the baseline. |
| Name | The name of the patch baseline. |
| OperatingSystem | Defines the operating system the patch baseline applies to. |
| PatchGroups | The name of the patch group to be registered with the patch baseline. |
| RejectedPatches | A list of explicitly rejected patches for the baseline. |
| RejectedPatchesAction | The action for Patch Manager to take on patches included in the |
| Sources | Information about the patches to use to update the managed nodes, including target operating systems and source repositories. |
| Tags | Optional metadata that you assign to a resource. |
Properties
ApprovalRules
A set of rules used to include patches in the baseline.
object? ApprovalRules { get; }Property Value
Remarks
ApprovedPatches
A list of explicitly approved patches for the baseline.
string[]? ApprovedPatches { get; }Property Value
string[]
Remarks
For information about accepted formats for lists of approved patches and rejected patches, see Package name formats for approved and rejected patch lists in the AWS Systems Manager User Guide .
ApprovedPatchesComplianceLevel
Defines the compliance level for approved patches.
string? ApprovedPatchesComplianceLevel { get; }Property Value
Remarks
When an approved patch is reported as missing, this value describes the severity of the compliance violation. The default value is UNSPECIFIED .
Default: - "UNSPECIFIED"
ApprovedPatchesEnableNonSecurity
Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes.
object? ApprovedPatchesEnableNonSecurity { get; }Property Value
Remarks
The default value is false . Applies to Linux managed nodes only.
Default: - false
Type union: either bool or IResolvable
AvailableSecurityUpdatesComplianceStatus
Indicates the status you want to assign to security patches that are available but not approved because they don't meet the installation criteria specified in the patch baseline.
string? AvailableSecurityUpdatesComplianceStatus { get; }Property Value
Remarks
Example scenario: Security patches that you might want installed can be skipped if you have specified a long period to wait after a patch is released before installation. If an update to the patch is released during your specified waiting period, the waiting period for installing the patch starts over. If the waiting period is too long, multiple versions of the patch could be released but never installed.
Supported for Windows Server managed nodes only.
DefaultBaseline
Indicates whether this is the default baseline.
object? DefaultBaseline { get; }Property Value
Remarks
AWS Systems Manager supports creating multiple default patch baselines. For example, you can create a default patch baseline for each operating system.
Default: - false
Type union: either bool or IResolvable
Description
A description of the patch baseline.
string? Description { get; }Property Value
Remarks
GlobalFilters
A set of global filters used to include patches in the baseline.
object? GlobalFilters { get; }Property Value
Remarks
The <code>GlobalFilters</code> parameter can be configured only by using the AWS CLI or an AWS SDK. It can't be configured from the Patch Manager console, and its value isn't displayed in the console.
Type union: either IResolvable or CfnPatchBaseline.IPatchFilterGroupProperty
Name
The name of the patch baseline.
string Name { get; }Property Value
Remarks
OperatingSystem
Defines the operating system the patch baseline applies to.
string? OperatingSystem { get; }Property Value
Remarks
The default value is WINDOWS .
Default: - "WINDOWS"
PatchGroups
The name of the patch group to be registered with the patch baseline.
string[]? PatchGroups { get; }Property Value
string[]
Remarks
RejectedPatches
A list of explicitly rejected patches for the baseline.
string[]? RejectedPatches { get; }Property Value
string[]
Remarks
For information about accepted formats for lists of approved patches and rejected patches, see Package name formats for approved and rejected patch lists in the AWS Systems Manager User Guide .
RejectedPatchesAction
The action for Patch Manager to take on patches included in the RejectedPackages list.
string? RejectedPatchesAction { get; }Property Value
Remarks
Windows Server : Windows Server doesn't support the concept of package dependencies. If a package in the rejected patches list and already installed on the node, its status is reported as INSTALLED_OTHER . Any package not already installed on the node is skipped. This is the default action if no option is specified.
State value assignment for patch compliance:
Default: - "ALLOW_AS_DEPENDENCY"
Sources
Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
object? Sources { get; }Property Value
Remarks
Applies to Linux managed nodes only.
Type union: either IResolvable or (either IResolvable or CfnPatchBaseline.IPatchSourceProperty)[]
Tags
Optional metadata that you assign to a resource.
ICfnTag[]? Tags { get; }Property Value
ICfnTag[]
Remarks
Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a patch baseline to identify the severity level of patches it specifies and the operating system family it applies to.