Use DescribePatchGroupState with a CLI - AWS SDK Code Examples

There are more AWS SDK examples available in the AWS Doc SDK Examples GitHub repo.

Use DescribePatchGroupState with a CLI

The following code examples show how to use DescribePatchGroupState.

CLI
AWS CLI

To get the state of a patch group

The following describe-patch-group-state example retrieves the high-level patch compliance summary for a patch group.

aws ssm describe-patch-group-state \ --patch-group "Production"

Output:

{ "Instances": 21, "InstancesWithCriticalNonCompliantPatches": 1, "InstancesWithFailedPatches": 2, "InstancesWithInstalledOtherPatches": 3, "InstancesWithInstalledPatches": 21, "InstancesWithInstalledPendingRebootPatches": 2, "InstancesWithInstalledRejectedPatches": 1, "InstancesWithMissingPatches": 3, "InstancesWithNotApplicablePatches": 4, "InstancesWithOtherNonCompliantPatches": 1, "InstancesWithSecurityNonCompliantPatches": 1, "InstancesWithUnreportedNotApplicablePatches": 2 }

For more information, see About patch groups <https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-patch-patchgroups.html>__ and Understanding patch compliance state values in the AWS Systems Manager User Guide.

PowerShell
Tools for PowerShell

Example 1: This example gets the high-level patch compliance summary for a patch group.

Get-SSMPatchGroupState -PatchGroup "Production"

Output:

Instances : 4 InstancesWithFailedPatches : 1 InstancesWithInstalledOtherPatches : 4 InstancesWithInstalledPatches : 3 InstancesWithMissingPatches : 0 InstancesWithNotApplicablePatches : 0