• AWS Systems Manager CloudWatch Dasbor tidak akan lagi tersedia setelah 30 April 2026. Pelanggan dapat terus menggunakan CloudWatch konsol Amazon untuk melihat, membuat, dan mengelola CloudWatch dasbor Amazon mereka, seperti yang mereka lakukan hari ini. Untuk informasi selengkapnya, lihat [dokumentasi CloudWatch Dasbor Amazon](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Dashboards.html).
Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.
# Bekerja dengan Patch Manager sumber daya menggunakan AWS CLI
Bagian ini mencakup contoh perintah AWS Command Line Interface (AWS CLI) yang dapat Anda gunakan untuk melakukan tugas konfigurasiPatch Manager, alat di AWS Systems Manager.
Untuk ilustrasi penggunaan AWS CLI untuk menambal lingkungan server dengan menggunakan baseline patch kustom, lihat. [Tutorial: Menambal lingkungan server menggunakan AWS CLI](patch-manager-patch-servers-using-the-aws-cli.md)
Untuk informasi selengkapnya tentang penggunaan AWS CLI for AWS Systems Manager task, lihat [AWS Systems Manager bagian Referensi AWS CLI Perintah](https://docs.aws.amazon.com/cli/latest/reference/ssm/index.html).
**Topics**
+ [AWS CLI perintah untuk baseline patch](#patch-baseline-cli-commands)
+ [AWS CLI perintah untuk grup tambalan](#patch-group-cli-commands)
+ [AWS CLI perintah untuk melihat ringkasan dan detail tambalan](#patch-details-cli-commands)
+ [AWS CLI perintah untuk memindai dan menambal node yang dikelola](#patch-operations-cli-commands)
## AWS CLI perintah untuk baseline patch
**Topics**
+ [Membuat dasar patch](#patch-manager-cli-commands-create-patch-baseline)
+ [Buat dasar patch dengan repositori kustom untuk versi OS yang berbeda](#patch-manager-cli-commands-create-patch-baseline-mult-sources)
+ [Perbarui dasar patch](#patch-manager-cli-commands-update-patch-baseline)
+ [Ubah nama dasar patch](#patch-manager-cli-commands-rename-patch-baseline)
+ [Hapus dasar patch](#patch-manager-cli-commands-delete-patch-baseline)
+ [Cantumkan semua dasar patch](#patch-manager-cli-commands-describe-patch-baselines)
+ [Buat daftar semua AWS baseline patch yang disediakan](#patch-manager-cli-commands-describe-patch-baselines-aws)
+ [Cantumkan dasar patch saya](#patch-manager-cli-commands-describe-patch-baselines-custom)
+ [Tampilkan dasar patch](#patch-manager-cli-commands-get-patch-baseline)
+ [Dapatkan dasar patch default](#patch-manager-cli-commands-get-default-patch-baseline)
+ [Atur dasar patch kustom sebagai default](#patch-manager-cli-commands-register-default-patch-baseline)
+ [Setel ulang baseline AWS patch sebagai default](#patch-manager-cli-commands-register-aws-patch-baseline)
+ [Tandai dasar patch](#patch-manager-cli-commands-add-tags-to-resource)
+ [Cantumkan tag untuk dasar patch](#patch-manager-cli-commands-list-tags-for-resource)
+ [Hapus tag dari dasar patch](#patch-manager-cli-commands-remove-tags-from-resource)
### Membuat dasar patch
Perintah berikut membuat baseline patch yang menyetujui semua pembaruan keamanan penting dan penting untuk Windows Server 2012 R2 5 hari setelah dirilis. Patch juga telah ditentukan untuk daftar patch yang Disetujui dan Ditolak. Selain itu, dasar patch telah ditandai untuk menunjukkan bahwa itu untuk lingkungan produksi.
------
#### [ Linux & macOS ]
```
aws ssm create-patch-baseline \
--name "Windows-Server-2012R2" \
--tags "Key=Environment,Value=Production" \
--description "Windows Server 2012 R2, Important and Critical security updates" \
--approved-patches "KB2032276,MS10-048" \
--rejected-patches "KB2124261" \
--rejected-patches-action "ALLOW_AS_DEPENDENCY" \
--approval-rules "PatchRules=[{PatchFilterGroup={PatchFilters=[{Key=MSRC_SEVERITY,Values=[Important,Critical]},{Key=CLASSIFICATION,Values=SecurityUpdates},{Key=PRODUCT,Values=WindowsServer2012R2}]},ApproveAfterDays=5}]"
```
------
#### [ Windows Server ]
```
aws ssm create-patch-baseline ^
--name "Windows-Server-2012R2" ^
--tags "Key=Environment,Value=Production" ^
--description "Windows Server 2012 R2, Important and Critical security updates" ^
--approved-patches "KB2032276,MS10-048" ^
--rejected-patches "KB2124261" ^
--rejected-patches-action "ALLOW_AS_DEPENDENCY" ^
--approval-rules "PatchRules=[{PatchFilterGroup={PatchFilters=[{Key=MSRC_SEVERITY,Values=[Important,Critical]},{Key=CLASSIFICATION,Values=SecurityUpdates},{Key=PRODUCT,Values=WindowsServer2012R2}]},ApproveAfterDays=5}]"
```
------
Sistem mengembalikan informasi seperti berikut ini.
```
{
"BaselineId":"pb-0c10e65780EXAMPLE"
}
```
### Buat dasar patch dengan repositori kustom untuk versi OS yang berbeda
Berlaku untuk node yang dikelola Linux saja. Perintah berikut ini menunjukkan cara menentukan repositori patch yang akan digunakan untuk versi sistem operasi Amazon Linux tertentu. Sampel ini menggunakan repositori sumber yang diizinkan secara default di Amazon Linux 2017.09, tetapi dapat disesuaikan dengan repositori sumber berbeda yang telah Anda konfigurasi untuk node terkelola.
**catatan**
Untuk memperlihatkan perintah yang lebih kompleks ini secara lebih baik, kami menggunakan opsi `--cli-input-json` dengan opsi tambahan yang disimpan di file JSON eksternal.
1. Buat file JSON dengan nama seperti `my-patch-repository.json` dan tambahkan konten berikut ke file tersebut.
```
{
"Description": "My patch repository for Amazon Linux 2",
"Name": "Amazon-Linux-2",
"OperatingSystem": "AMAZON_LINUX_2",
"ApprovalRules": {
"PatchRules": [
{
"ApproveAfterDays": 7,
"EnableNonSecurity": true,
"PatchFilterGroup": {
"PatchFilters": [
{
"Key": "SEVERITY",
"Values": [
"Important",
"Critical"
]
},
{
"Key": "CLASSIFICATION",
"Values": [
"Security",
"Bugfix"
]
},
{
"Key": "PRODUCT",
"Values": [
"AmazonLinux2"
]
}
]
}
}
]
},
"Sources": [
{
"Name": "My-AL2",
"Products": [
"AmazonLinux2"
],
"Configuration": "[amzn-main] \nname=amzn-main-Base\nmirrorlist=http://repo./$awsregion./$awsdomain//$releasever/main/mirror.list //nmirrorlist_expire=300//nmetadata_expire=300 \npriority=10 \nfailovermethod=priority \nfastestmirror_enabled=0 \ngpgcheck=1 \ngpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-amazon-ga \nenabled=1 \nretries=3 \ntimeout=5\nreport_instanceid=yes"
}
]
}
```
1. Di direktori tempat Anda menyimpan file, jalankan perintah berikut.
```
aws ssm create-patch-baseline --cli-input-json file://my-patch-repository.json
```
Sistem mengembalikan informasi seperti berikut ini.
```
{
"BaselineId": "pb-0c10e65780EXAMPLE"
}
```
### Perbarui dasar patch
Perintah berikut ini menambahkan dua patch sebagai yang ditolak dan satu patch yang disetujui ke dasar patch yang ada.
Untuk informasi tentang format yang diterima untuk daftar patch yang disetujui dan patch yang ditolak, lihat [Format nama paket untuk daftar patch yang disetujui dan ditolak](patch-manager-approved-rejected-package-name-formats.md).
------
#### [ Linux & macOS ]
```
aws ssm update-patch-baseline \
--baseline-id pb-0c10e65780EXAMPLE \
--rejected-patches "KB2032276" "MS10-048" \
--approved-patches "KB2124261"
```
------
#### [ Windows Server ]
```
aws ssm update-patch-baseline ^
--baseline-id pb-0c10e65780EXAMPLE ^
--rejected-patches "KB2032276" "MS10-048" ^
--approved-patches "KB2124261"
```
------
Sistem mengembalikan informasi seperti berikut ini.
```
{
"BaselineId":"pb-0c10e65780EXAMPLE",
"Name":"Windows-Server-2012R2",
"RejectedPatches":[
"KB2032276",
"MS10-048"
],
"GlobalFilters":{
"PatchFilters":[
]
},
"ApprovalRules":{
"PatchRules":[
{
"PatchFilterGroup":{
"PatchFilters":[
{
"Values":[
"Important",
"Critical"
],
"Key":"MSRC_SEVERITY"
},
{
"Values":[
"SecurityUpdates"
],
"Key":"CLASSIFICATION"
},
{
"Values":[
"WindowsServer2012R2"
],
"Key":"PRODUCT"
}
]
},
"ApproveAfterDays":5
}
]
},
"ModifiedDate":1481001494.035,
"CreatedDate":1480997823.81,
"ApprovedPatches":[
"KB2124261"
],
"Description":"Windows Server 2012 R2, Important and Critical security updates"
}
```
### Ubah nama dasar patch
------
#### [ Linux & macOS ]
```
aws ssm update-patch-baseline \
--baseline-id pb-0c10e65780EXAMPLE \
--name "Windows-Server-2012-R2-Important-and-Critical-Security-Updates"
```
------
#### [ Windows Server ]
```
aws ssm update-patch-baseline ^
--baseline-id pb-0c10e65780EXAMPLE ^
--name "Windows-Server-2012-R2-Important-and-Critical-Security-Updates"
```
------
Sistem mengembalikan informasi seperti berikut ini.
```
{
"BaselineId":"pb-0c10e65780EXAMPLE",
"Name":"Windows-Server-2012-R2-Important-and-Critical-Security-Updates",
"RejectedPatches":[
"KB2032276",
"MS10-048"
],
"GlobalFilters":{
"PatchFilters":[
]
},
"ApprovalRules":{
"PatchRules":[
{
"PatchFilterGroup":{
"PatchFilters":[
{
"Values":[
"Important",
"Critical"
],
"Key":"MSRC_SEVERITY"
},
{
"Values":[
"SecurityUpdates"
],
"Key":"CLASSIFICATION"
},
{
"Values":[
"WindowsServer2012R2"
],
"Key":"PRODUCT"
}
]
},
"ApproveAfterDays":5
}
]
},
"ModifiedDate":1481001795.287,
"CreatedDate":1480997823.81,
"ApprovedPatches":[
"KB2124261"
],
"Description":"Windows Server 2012 R2, Important and Critical security updates"
}
```
### Hapus dasar patch
```
aws ssm delete-patch-baseline --baseline-id "pb-0c10e65780EXAMPLE"
```
Sistem mengembalikan informasi seperti berikut ini.
```
{
"BaselineId":"pb-0c10e65780EXAMPLE"
}
```
### Cantumkan semua dasar patch
```
aws ssm describe-patch-baselines
```
Sistem mengembalikan informasi seperti berikut ini.
```
{
"BaselineIdentities":[
{
"BaselineName":"AWS-DefaultPatchBaseline",
"DefaultBaseline":true,
"BaselineDescription":"Default Patch Baseline Provided by AWS.",
"BaselineId":"arn:aws:ssm:us-east-2:111122223333:patchbaseline/pb-0c10e65780EXAMPLE"
},
{
"BaselineName":"Windows-Server-2012R2",
"DefaultBaseline":false,
"BaselineDescription":"Windows Server 2012 R2, Important and Critical security updates",
"BaselineId":"pb-0c10e65780EXAMPLE"
}
]
}
```
Berikut ini adalah perintah lain yang mencantumkan semua dasar patch dalam sebuah Wilayah AWS.
------
#### [ Linux & macOS ]
```
aws ssm describe-patch-baselines \
--region us-east-2 \
--filters "Key=OWNER,Values=[All]"
```
------
#### [ Windows Server ]
```
aws ssm describe-patch-baselines ^
--region us-east-2 ^
--filters "Key=OWNER,Values=[All]"
```
------
Sistem mengembalikan informasi seperti berikut ini.
```
{
"BaselineIdentities":[
{
"BaselineName":"AWS-DefaultPatchBaseline",
"DefaultBaseline":true,
"BaselineDescription":"Default Patch Baseline Provided by AWS.",
"BaselineId":"arn:aws:ssm:us-east-2:111122223333:patchbaseline/pb-0c10e65780EXAMPLE"
},
{
"BaselineName":"Windows-Server-2012R2",
"DefaultBaseline":false,
"BaselineDescription":"Windows Server 2012 R2, Important and Critical security updates",
"BaselineId":"pb-0c10e65780EXAMPLE"
}
]
}
```
### Buat daftar semua AWS baseline patch yang disediakan
------
#### [ Linux & macOS ]
```
aws ssm describe-patch-baselines \
--region us-east-2 \
--filters "Key=OWNER,Values=[AWS]"
```
------
#### [ Windows Server ]
```
aws ssm describe-patch-baselines ^
--region us-east-2 ^
--filters "Key=OWNER,Values=[AWS]"
```
------
Sistem mengembalikan informasi seperti berikut ini.
```
{
"BaselineIdentities":[
{
"BaselineName":"AWS-DefaultPatchBaseline",
"DefaultBaseline":true,
"BaselineDescription":"Default Patch Baseline Provided by AWS.",
"BaselineId":"arn:aws:ssm:us-east-2:111122223333:patchbaseline/pb-0c10e65780EXAMPLE"
}
]
}
```
### Cantumkan dasar patch saya
------
#### [ Linux & macOS ]
```
aws ssm describe-patch-baselines \
--region us-east-2 \
--filters "Key=OWNER,Values=[Self]"
```
------
#### [ Windows Server ]
```
aws ssm describe-patch-baselines ^
--region us-east-2 ^
--filters "Key=OWNER,Values=[Self]"
```
------
Sistem mengembalikan informasi seperti berikut ini.
```
{
"BaselineIdentities":[
{
"BaselineName":"Windows-Server-2012R2",
"DefaultBaseline":false,
"BaselineDescription":"Windows Server 2012 R2, Important and Critical security updates",
"BaselineId":"pb-0c10e65780EXAMPLE"
}
]
}
```
### Tampilkan dasar patch
```
aws ssm get-patch-baseline --baseline-id pb-0c10e65780EXAMPLE
```
**catatan**
Untuk dasar patch kustom, Anda dapat menentukan ID dasar patch atau Amazon Resource Name (ARN) lengkap. Untuk baseline patch AWS-provided, Anda harus menentukan ARN lengkap. Misalnya, `arn:aws:ssm:us-east-2:075727635805:patchbaseline/pb-0c10e65780EXAMPLE`.
Sistem mengembalikan informasi seperti berikut ini.
```
{
"BaselineId":"pb-0c10e65780EXAMPLE",
"Name":"Windows-Server-2012R2",
"PatchGroups":[
"Web Servers"
],
"RejectedPatches":[
],
"GlobalFilters":{
"PatchFilters":[
]
},
"ApprovalRules":{
"PatchRules":[
{
"PatchFilterGroup":{
"PatchFilters":[
{
"Values":[
"Important",
"Critical"
],
"Key":"MSRC_SEVERITY"
},
{
"Values":[
"SecurityUpdates"
],
"Key":"CLASSIFICATION"
},
{
"Values":[
"WindowsServer2012R2"
],
"Key":"PRODUCT"
}
]
},
"ApproveAfterDays":5
}
]
},
"ModifiedDate":1480997823.81,
"CreatedDate":1480997823.81,
"ApprovedPatches":[
],
"Description":"Windows Server 2012 R2, Important and Critical security updates"
}
```
### Dapatkan dasar patch default
```
aws ssm get-default-patch-baseline --region us-east-2
```
Sistem mengembalikan informasi seperti berikut ini.
```
{
"BaselineId":"arn:aws:ssm:us-east-2:111122223333:patchbaseline/pb-0c10e65780EXAMPLE"
}
```
### Atur dasar patch kustom sebagai default
------
#### [ Linux & macOS ]
```
aws ssm register-default-patch-baseline \
--region us-east-2 \
--baseline-id "pb-0c10e65780EXAMPLE"
```
------
#### [ Windows Server ]
```
aws ssm register-default-patch-baseline ^
--region us-east-2 ^
--baseline-id "pb-0c10e65780EXAMPLE"
```
------
Sistem mengembalikan informasi seperti berikut ini.
```
{
"BaselineId":"pb-0c10e65780EXAMPLE"
}
```
### Setel ulang baseline AWS patch sebagai default
------
#### [ Linux & macOS ]
```
aws ssm register-default-patch-baseline \
--region us-east-2 \
--baseline-id "arn:aws:ssm:us-east-2:123456789012:patchbaseline/pb-0c10e65780EXAMPLE"
```
------
#### [ Windows Server ]
```
aws ssm register-default-patch-baseline ^
--region us-east-2 ^
--baseline-id "arn:aws:ssm:us-east-2:123456789012:patchbaseline/pb-0c10e65780EXAMPLE"
```
------
Sistem mengembalikan informasi seperti berikut ini.
```
{
"BaselineId":"pb-0c10e65780EXAMPLE"
}
```
### Tandai dasar patch
------
#### [ Linux & macOS ]
```
aws ssm add-tags-to-resource \
--resource-type "PatchBaseline" \
--resource-id "pb-0c10e65780EXAMPLE" \
--tags "Key=Project,Value=Testing"
```
------
#### [ Windows Server ]
```
aws ssm add-tags-to-resource ^
--resource-type "PatchBaseline" ^
--resource-id "pb-0c10e65780EXAMPLE" ^
--tags "Key=Project,Value=Testing"
```
------
### Cantumkan tag untuk dasar patch
------
#### [ Linux & macOS ]
```
aws ssm list-tags-for-resource \
--resource-type "PatchBaseline" \
--resource-id "pb-0c10e65780EXAMPLE"
```
------
#### [ Windows Server ]
```
aws ssm list-tags-for-resource ^
--resource-type "PatchBaseline" ^
--resource-id "pb-0c10e65780EXAMPLE"
```
------
### Hapus tag dari dasar patch
------
#### [ Linux & macOS ]
```
aws ssm remove-tags-from-resource \
--resource-type "PatchBaseline" \
--resource-id "pb-0c10e65780EXAMPLE" \
--tag-keys "Project"
```
------
#### [ Windows Server ]
```
aws ssm remove-tags-from-resource ^
--resource-type "PatchBaseline" ^
--resource-id "pb-0c10e65780EXAMPLE" ^
--tag-keys "Project"
```
------
## AWS CLI perintah untuk grup tambalan
**Topics**
+ [Buat grup patch](#patch-manager-cli-commands-create-patch-group)
+ [Daftarkan grup patch "server web" dengan dasar patch](#patch-manager-cli-commands-register-patch-baseline-for-patch-group-web-servers)
+ [Daftarkan grup tambalan “Backend” dengan baseline patch AWS yang disediakan](#patch-manager-cli-commands-register-patch-baseline-for-patch-group-backend)
+ [Tampilkan pendaftaran grup patch](#patch-manager-cli-commands-describe-patch-groups)
+ [Batalkan pendaftaran grup patch dari dasar patch](#patch-manager-cli-commands-deregister-patch-baseline-for-patch-group)
### Buat grup patch
**catatan**
Grup patch tidak digunakan dalam operasi patching yang didasarkan pada *kebijakan patch*. Untuk informasi tentang bekerja dengan kebijakan tambalan, lihat[Konfigurasi kebijakan tambalan di Quick Setup](patch-manager-policies.md).
Untuk membantu Anda mengatur upaya penambalan, kami sarankan Anda menambahkan node terkelola ke grup tambalan dengan menggunakan tag. Grup patch memerlukan penggunaan kunci tag `Patch Group` atau`PatchGroup`. Jika Anda telah [mengizinkan tag dalam metadata instans EC2](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#allow-access-to-tags-in-IMDS), Anda harus menggunakan `PatchGroup` (tanpa spasi). Anda dapat menentukan nilai tag apa pun, tetapi kunci tag harus `Patch Group` atau`PatchGroup`. Untuk informasi selengkapnya tentang grup patch, lihat [Grup tambalan](patch-manager-patch-groups.md).
Setelah mengelompokkan node terkelola menggunakan tag, Anda menambahkan nilai grup patch ke baseline patch. Dengan mendaftarkan grup patch dengan dasar patch, Anda memastikan bahwa patch yang benar diinstal selama operasi patching.
#### Tugas 1: Tambahkan instans EC2 ke grup patch menggunakan tag
**catatan**
Saat menggunakan konsol Amazon Elastic Compute Cloud (Amazon EC2) AWS CLI dan, dimungkinkan untuk `Key = Patch Group` menerapkan `Key = PatchGroup` atau memberi tag ke instance yang belum dikonfigurasi untuk digunakan dengan Systems Manager. Jika instans EC2 yang Anda harapkan untuk dilihat Patch Manager tidak terdaftar setelah menerapkan `Key = PatchGroup` tag `Patch Group` atau, lihat [Memecahkan masalah ketersediaan node terkelola](fleet-manager-troubleshooting-managed-nodes.md) untuk tips pemecahan masalah.
Jalankan perintah berikut ini untuk menambahkan tag `PatchGroup` ke sebuah instans EC2.
```
aws ec2 create-tags --resources "i-1234567890abcdef0" --tags "Key=PatchGroup,Value=GroupValue"
```
#### Tugas 2: Tambahkan node terkelola ke grup tambalan menggunakan tag
Jalankan perintah berikut untuk menambahkan `PatchGroup` tag ke node terkelola.
------
#### [ Linux & macOS ]
```
aws ssm add-tags-to-resource \
--resource-type "ManagedInstance" \
--resource-id "mi-0123456789abcdefg" \
--tags "Key=PatchGroup,Value=GroupValue"
```
------
#### [ Windows Server ]
```
aws ssm add-tags-to-resource ^
--resource-type "ManagedInstance" ^
--resource-id "mi-0123456789abcdefg" ^
--tags "Key=PatchGroup,Value=GroupValue"
```
------
#### Tugas 3: Tambahkan grup patch ke dasar patch
Jalankan perintah berikut untuk mengaitkan nilai tag `PatchGroup` ke dasar patch yang ditentukan.
------
#### [ Linux & macOS ]
```
aws ssm register-patch-baseline-for-patch-group \
--baseline-id "pb-0c10e65780EXAMPLE" \
--patch-group "Development"
```
------
#### [ Windows Server ]
```
aws ssm register-patch-baseline-for-patch-group ^
--baseline-id "pb-0c10e65780EXAMPLE" ^
--patch-group "Development"
```
------
Sistem mengembalikan informasi seperti berikut ini.
```
{
"PatchGroup": "Development",
"BaselineId": "pb-0c10e65780EXAMPLE"
}
```
### Daftarkan grup patch "server web" dengan dasar patch
------
#### [ Linux & macOS ]
```
aws ssm register-patch-baseline-for-patch-group \
--baseline-id "pb-0c10e65780EXAMPLE" \
--patch-group "Web Servers"
```
------
#### [ Windows Server ]
```
aws ssm register-patch-baseline-for-patch-group ^
--baseline-id "pb-0c10e65780EXAMPLE" ^
--patch-group "Web Servers"
```
------
Sistem mengembalikan informasi seperti berikut ini.
```
{
"PatchGroup":"Web Servers",
"BaselineId":"pb-0c10e65780EXAMPLE"
}
```
### Daftarkan grup tambalan “Backend” dengan baseline patch AWS yang disediakan
------
#### [ Linux & macOS ]
```
aws ssm register-patch-baseline-for-patch-group \
--region us-east-2 \
--baseline-id "arn:aws:ssm:us-east-2:111122223333:patchbaseline/pb-0c10e65780EXAMPLE" \
--patch-group "Backend"
```
------
#### [ Windows Server ]
```
aws ssm register-patch-baseline-for-patch-group ^
--region us-east-2 ^
--baseline-id "arn:aws:ssm:us-east-2:111122223333:patchbaseline/pb-0c10e65780EXAMPLE" ^
--patch-group "Backend"
```
------
Sistem mengembalikan informasi seperti berikut ini.
```
{
"PatchGroup":"Backend",
"BaselineId":"arn:aws:ssm:us-east-2:111122223333:patchbaseline/pb-0c10e65780EXAMPLE"
}
```
### Tampilkan pendaftaran grup patch
```
aws ssm describe-patch-groups --region us-east-2
```
Sistem mengembalikan informasi seperti berikut ini.
```
{
"PatchGroupPatchBaselineMappings":[
{
"PatchGroup":"Backend",
"BaselineIdentity":{
"BaselineName":"AWS-DefaultPatchBaseline",
"DefaultBaseline":false,
"BaselineDescription":"Default Patch Baseline Provided by AWS.",
"BaselineId":"arn:aws:ssm:us-east-2:111122223333:patchbaseline/pb-0c10e65780EXAMPLE"
}
},
{
"PatchGroup":"Web Servers",
"BaselineIdentity":{
"BaselineName":"Windows-Server-2012R2",
"DefaultBaseline":true,
"BaselineDescription":"Windows Server 2012 R2, Important and Critical updates",
"BaselineId":"pb-0c10e65780EXAMPLE"
}
}
]
}
```
### Batalkan pendaftaran grup patch dari dasar patch
------
#### [ Linux & macOS ]
```
aws ssm deregister-patch-baseline-for-patch-group \
--region us-east-2 \
--patch-group "Production" \
--baseline-id "arn:aws:ssm:us-east-2:111122223333:patchbaseline/pb-0c10e65780EXAMPLE"
```
------
#### [ Windows Server ]
```
aws ssm deregister-patch-baseline-for-patch-group ^
--region us-east-2 ^
--patch-group "Production" ^
--baseline-id "arn:aws:ssm:us-east-2:111122223333:patchbaseline/pb-0c10e65780EXAMPLE"
```
------
Sistem mengembalikan informasi seperti berikut ini.
```
{
"PatchGroup":"Production",
"BaselineId":"arn:aws:ssm:us-east-2:111122223333:patchbaseline/pb-0c10e65780EXAMPLE"
}
```
## AWS CLI perintah untuk melihat ringkasan dan detail tambalan
**Topics**
+ [Dapatkan semua patch yang didefinisikan oleh dasar patch](#patch-manager-cli-commands-describe-effective-patches-for-patch-baseline)
+ [Dapatkan semua patch untuk AmazonLinux 2018.03 yang memiliki Klasifikasi `SECURITY` dan Tingkat Keparahan `Critical`](#patch-manager-cli-commands-describe-available-patches-linux)
+ [Dapatkan semua patch untuk Windows Server 2012 yang memiliki kepelikan MSRC `Critical`](#patch-manager-cli-commands-describe-available-patches)
+ [Dapatkan semua patch yang tersedia](#patch-manager-cli-commands-describe-available-patches)
+ [Dapatkan status ringkasan tambalan per node yang dikelola](#patch-manager-cli-commands-describe-instance-patch-states)
+ [Dapatkan detail kepatuhan tambalan untuk node terkelola](#patch-manager-cli-commands-describe-instance-patches)
+ [Melihat hasil kepatuhan patching (AWS CLI)](#viewing-patch-compliance-results-cli)
### Dapatkan semua patch yang didefinisikan oleh dasar patch
**catatan**
Perintah ini hanya didukung untuk dasar patch Windows Server.
------
#### [ Linux & macOS ]
```
aws ssm describe-effective-patches-for-patch-baseline \
--region us-east-2 \
--baseline-id "pb-0c10e65780EXAMPLE"
```
------
#### [ Windows Server ]
```
aws ssm describe-effective-patches-for-patch-baseline ^
--region us-east-2 ^
--baseline-id "pb-0c10e65780EXAMPLE"
```
------
Sistem mengembalikan informasi seperti berikut ini.
```
{
"NextToken":"--token string truncated--",
"EffectivePatches":[
{
"PatchStatus":{
"ApprovalDate":1384711200.0,
"DeploymentStatus":"APPROVED"
},
"Patch":{
"ContentUrl":"https://support.microsoft.com/en-us/kb/2876331",
"ProductFamily":"Windows",
"Product":"WindowsServer2012R2",
"Vendor":"Microsoft",
"Description":"A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your system
by installing this update from Microsoft. For a complete listing of the
issues that are included in this update, see the associated Microsoft
Knowledge Base article. After you install this update, you may have to
restart your system.",
"Classification":"SecurityUpdates",
"Title":"Security Update for Windows Server 2012 R2 Preview (KB2876331)",
"ReleaseDate":1384279200.0,
"MsrcClassification":"Critical",
"Language":"All",
"KbNumber":"KB2876331",
"MsrcNumber":"MS13-089",
"Id":"e74ccc76-85f0-4881-a738-59e9fc9a336d"
}
},
{
"PatchStatus":{
"ApprovalDate":1428858000.0,
"DeploymentStatus":"APPROVED"
},
"Patch":{
"ContentUrl":"https://support.microsoft.com/en-us/kb/2919355",
"ProductFamily":"Windows",
"Product":"WindowsServer2012R2",
"Vendor":"Microsoft",
"Description":"Windows Server 2012 R2 Update is a cumulative
set of security updates, critical updates and updates. You
must install Windows Server 2012 R2 Update to ensure that
your computer can continue to receive future Windows Updates,
including security updates. For a complete listing of the
issues that are included in this update, see the associated
Microsoft Knowledge Base article for more information. After
you install this item, you may have to restart your computer.",
"Classification":"SecurityUpdates",
"Title":"Windows Server 2012 R2 Update (KB2919355)",
"ReleaseDate":1428426000.0,
"MsrcClassification":"Critical",
"Language":"All",
"KbNumber":"KB2919355",
"MsrcNumber":"MS14-018",
"Id":"8452bac0-bf53-4fbd-915d-499de08c338b"
}
}
---output truncated---
```
### Dapatkan semua patch untuk AmazonLinux 2018.03 yang memiliki Klasifikasi `SECURITY` dan Tingkat Keparahan `Critical`
------
#### [ Linux & macOS ]
```
aws ssm describe-available-patches \
--region us-east-2 \
--filters Key=PRODUCT,Values=AmazonLinux2018.03 Key=SEVERITY,Values=Critical
```
------
#### [ Windows Server ]
```
aws ssm describe-available-patches ^
--region us-east-2 ^
--filters Key=PRODUCT,Values=AmazonLinux2018.03 Key=SEVERITY,Values=Critical
```
------
Sistem mengembalikan informasi seperti berikut ini.
```
{
"Patches": [
{
"AdvisoryIds": ["ALAS-2011-1"],
"BugzillaIds": [ "1234567" ],
"Classification": "SECURITY",
"CVEIds": [ "CVE-2011-3192"],
"Name": "zziplib",
"Epoch": "0",
"Version": "2.71",
"Release": "1.3.amzn1",
"Arch": "i686",
"Product": "AmazonLinux2018.03",
"ReleaseDate": 1590519815,
"Severity": "CRITICAL"
}
]
}
---output truncated---
```
### Dapatkan semua patch untuk Windows Server 2012 yang memiliki kepelikan MSRC `Critical`
------
#### [ Linux & macOS ]
```
aws ssm describe-available-patches \
--region us-east-2 \
--filters Key=PRODUCT,Values=WindowsServer2012 Key=MSRC_SEVERITY,Values=Critical
```
------
#### [ Windows Server ]
```
aws ssm describe-available-patches ^
--region us-east-2 ^
--filters Key=PRODUCT,Values=WindowsServer2012 Key=MSRC_SEVERITY,Values=Critical
```
------
Sistem mengembalikan informasi seperti berikut ini.
```
{
"Patches":[
{
"ContentUrl":"https://support.microsoft.com/en-us/kb/2727528",
"ProductFamily":"Windows",
"Product":"WindowsServer2012",
"Vendor":"Microsoft",
"Description":"A security issue has been identified that could
allow an unauthenticated remote attacker to compromise your
system and gain control over it. You can help protect your
system by installing this update from Microsoft. After you
install this update, you may have to restart your system.",
"Classification":"SecurityUpdates",
"Title":"Security Update for Windows Server 2012 (KB2727528)",
"ReleaseDate":1352829600.0,
"MsrcClassification":"Critical",
"Language":"All",
"KbNumber":"KB2727528",
"MsrcNumber":"MS12-072",
"Id":"1eb507be-2040-4eeb-803d-abc55700b715"
},
{
"ContentUrl":"https://support.microsoft.com/en-us/kb/2729462",
"ProductFamily":"Windows",
"Product":"WindowsServer2012",
"Vendor":"Microsoft",
"Description":"A security issue has been identified that could
allow an unauthenticated remote attacker to compromise your
system and gain control over it. You can help protect your
system by installing this update from Microsoft. After you
install this update, you may have to restart your system.",
"Classification":"SecurityUpdates",
"Title":"Security Update for Microsoft .NET Framework 3.5 on
Windows 8 and Windows Server 2012 for x64-based Systems (KB2729462)",
"ReleaseDate":1352829600.0,
"MsrcClassification":"Critical",
"Language":"All",
"KbNumber":"KB2729462",
"MsrcNumber":"MS12-074",
"Id":"af873760-c97c-4088-ab7e-5219e120eab4"
}
---output truncated---
```
### Dapatkan semua patch yang tersedia
```
aws ssm describe-available-patches --region us-east-2
```
Sistem mengembalikan informasi seperti berikut ini.
```
{
"NextToken":"--token string truncated--",
"Patches":[
{
"Classification": "SecurityUpdates",
"ContentUrl": "https://support.microsoft.com/en-us/kb/4074588",
"Description": "A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your system by
installing this update from Microsoft. For a complete listing of the issues
that are included in this update, see the associated Microsoft Knowledge Base
article. After you install this update, you may have to restart your system.",
"Id": "11adea10-0701-430e-954f-9471595ae246",
"KbNumber": "KB4074588",
"Language": "All",
"MsrcNumber": "",
"MsrcSeverity": "Critical",
"Product": "WindowsServer2016",
"ProductFamily": "Windows",
"ReleaseDate": 1518548400,
"Title": "2018-02 Cumulative Update for Windows Server 2016 (1709) for x64-based
Systems (KB4074588)",
"Vendor": "Microsoft"
},
{
"Classification": "SecurityUpdates",
"ContentUrl": "https://support.microsoft.com/en-us/kb/4074590",
"Description": "A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your system by
installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.",
"Id": "f5f58231-ac5d-4640-ab1b-9dc8d857c265",
"KbNumber": "KB4074590",
"Language": "All",
"MsrcNumber": "",
"MsrcSeverity": "Critical",
"Product": "WindowsServer2016",
"ProductFamily": "Windows",
"ReleaseDate": 1518544805,
"Title": "2018-02 Cumulative Update for Windows Server 2016 for x64-based
Systems (KB4074590)",
"Vendor": "Microsoft"
}
---output truncated---
```
### Dapatkan status ringkasan tambalan per node yang dikelola
Ringkasan simpul per-kelola memberi Anda jumlah tambalan dalam status berikut per node: "NotApplicable“, “Hilang”, “Gagal”, "InstalledOther" dan “Dipasang”.
------
#### [ Linux & macOS ]
```
aws ssm describe-instance-patch-states \
--instance-ids i-08ee91c0b17045407 i-09a618aec652973a9
```
------
#### [ Windows Server ]
```
aws ssm describe-instance-patch-states ^
--instance-ids i-08ee91c0b17045407 i-09a618aec652973a9
```
------
Sistem mengembalikan informasi seperti berikut ini.
```
{
"InstancePatchStates":[
{
"InstanceId": "i-08ee91c0b17045407",
"PatchGroup": "",
"BaselineId": "pb-0c10e65780EXAMPLE",
"SnapshotId": "6d03d6c5-f79d-41d0-8d0e-00a9aEXAMPLE",
"InstalledCount": 50,
"InstalledOtherCount": 353,
"InstalledPendingRebootCount": 0,
"InstalledRejectedCount": 0,
"MissingCount": 0,
"FailedCount": 0,
"UnreportedNotApplicableCount": -1,
"NotApplicableCount": 671,
"OperationStartTime": "2020-01-24T12:37:56-08:00",
"OperationEndTime": "2020-01-24T12:37:59-08:00",
"Operation": "Scan",
"RebootOption": "NoReboot"
},
{
"InstanceId": "i-09a618aec652973a9",
"PatchGroup": "",
"BaselineId": "pb-0c10e65780EXAMPLE",
"SnapshotId": "c7e0441b-1eae-411b-8aa7-973e6EXAMPLE",
"InstalledCount": 36,
"InstalledOtherCount": 396,
"InstalledPendingRebootCount": 0,
"InstalledRejectedCount": 0,
"MissingCount": 3,
"FailedCount": 0,
"UnreportedNotApplicableCount": -1,
"NotApplicableCount": 420,
"OperationStartTime": "2020-01-24T12:37:34-08:00",
"OperationEndTime": "2020-01-24T12:37:37-08:00",
"Operation": "Scan",
"RebootOption": "NoReboot"
}
---output truncated---
```
### Dapatkan detail kepatuhan tambalan untuk node terkelola
```
aws ssm describe-instance-patches --instance-id i-08ee91c0b17045407
```
Sistem mengembalikan informasi seperti berikut ini.
```
{
"NextToken":"--token string truncated--",
"Patches":[
{
"Title": "bind-libs.x86_64:32:9.8.2-0.68.rc1.60.amzn1",
"KBId": "bind-libs.x86_64",
"Classification": "Security",
"Severity": "Important",
"State": "Installed",
"InstalledTime": "2019-08-26T11:05:24-07:00"
},
{
"Title": "bind-utils.x86_64:32:9.8.2-0.68.rc1.60.amzn1",
"KBId": "bind-utils.x86_64",
"Classification": "Security",
"Severity": "Important",
"State": "Installed",
"InstalledTime": "2019-08-26T11:05:32-07:00"
},
{
"Title": "dhclient.x86_64:12:4.1.1-53.P1.28.amzn1",
"KBId": "dhclient.x86_64",
"Classification": "Security",
"Severity": "Important",
"State": "Installed",
"InstalledTime": "2019-08-26T11:05:31-07:00"
},
---output truncated---
```
### Melihat hasil kepatuhan patching (AWS CLI)
**Untuk melihat hasil kepatuhan tambalan untuk satu node terkelola**
Jalankan perintah berikut di AWS Command Line Interface (AWS CLI) untuk melihat hasil kepatuhan patch untuk satu node terkelola.
```
aws ssm describe-instance-patch-states --instance-id instance-id
```
Ganti *instance-id* dengan ID node terkelola yang ingin Anda lihat hasilnya, dalam format `i-02573cafcfEXAMPLE` atau`mi-0282f7c436EXAMPLE`.
Sistem mengembalikan informasi seperti berikut ini.
```
{
"InstancePatchStates": [
{
"InstanceId": "i-02573cafcfEXAMPLE",
"PatchGroup": "mypatchgroup",
"BaselineId": "pb-0c10e65780EXAMPLE",
"SnapshotId": "a3f5ff34-9bc4-4d2c-a665-4d1c1EXAMPLE",
"CriticalNonCompliantCount": 2,
"SecurityNonCompliantCount": 2,
"OtherNonCompliantCount": 1,
"InstalledCount": 123,
"InstalledOtherCount": 334,
"InstalledPendingRebootCount": 0,
"InstalledRejectedCount": 0,
"MissingCount": 1,
"FailedCount": 2,
"UnreportedNotApplicableCount": 11,
"NotApplicableCount": 2063,
"OperationStartTime": "2021-05-03T11:00:56-07:00",
"OperationEndTime": "2021-05-03T11:01:09-07:00",
"Operation": "Scan",
"LastNoRebootInstallOperationTime": "2020-06-14T12:17:41-07:00",
"RebootOption": "RebootIfNeeded"
}
]
}
```
**Untuk melihat ringkasan jumlah tambalan untuk semua instans EC2 di Wilayah**
`describe-instance-patch-states` mendukung mengambil hasil untuk satu instans terkelola saja dalam satu waktu. Namun, menggunakan script kustom dengan perintah `describe-instance-patch-states`, Anda dapat membuat laporan yang lebih terperinci.
Sebagai contoh, jika [alat filter jq](https://stedolan.github.io/jq/download/) diinstal pada mesin lokal Anda, Anda dapat menjalankan perintah berikut ini untuk mengidentifikasi instans EC2 apa yang ada di Wilayah AWS tertentu yang berstatus `InstalledPendingReboot`.
```
aws ssm describe-instance-patch-states \
--instance-ids $(aws ec2 describe-instances --region region | jq '.Reservations[].Instances[] | .InstanceId' | tr '\n|"' ' ') \
--output text --query 'InstancePatchStates[*].{Instance:InstanceId, InstalledPendingRebootCount:InstalledPendingRebootCount}'
```
*region*mewakili pengenal untuk Wilayah AWS didukung oleh AWS Systems Manager, seperti `us-east-2` untuk Wilayah AS Timur (Ohio). Untuk daftar *region* nilai yang didukung, lihat kolom **Region** di [titik akhir layanan Systems Manager](https://docs.aws.amazon.com/general/latest/gr/ssm.html#ssm_region) di *Referensi Umum Amazon Web Services*.
Contoh:
```
aws ssm describe-instance-patch-states \
--instance-ids $(aws ec2 describe-instances --region us-east-2 | jq '.Reservations[].Instances[] | .InstanceId' | tr '\n|"' ' ') \
--output text --query 'InstancePatchStates[*].{Instance:InstanceId, InstalledPendingRebootCount:InstalledPendingRebootCount}'
```
Sistem mengembalikan informasi seperti berikut ini.
```
1 i-02573cafcfEXAMPLE
0 i-0471e04240EXAMPLE
3 i-07782c72faEXAMPLE
6 i-083b678d37EXAMPLE
0 i-03a530a2d4EXAMPLE
1 i-01f68df0d0EXAMPLE
0 i-0a39c0f214EXAMPLE
7 i-0903a5101eEXAMPLE
7 i-03823c2fedEXAMPLE
```
Selain `InstalledPendingRebootCount`, daftar jenis jumlah yang dapat Anda cari termasuk yang berikut:
+ `CriticalNonCompliantCount`
+ `SecurityNonCompliantCount`
+ `OtherNonCompliantCount`
+ `UnreportedNotApplicableCount `
+ `InstalledPendingRebootCount`
+ `FailedCount`
+ `NotApplicableCount`
+ `InstalledRejectedCount`
+ `InstalledOtherCount`
+ `MissingCount`
+ `InstalledCount`
## AWS CLI perintah untuk memindai dan menambal node yang dikelola
Setelah menjalankan perintah berikut ini untuk memindai kepatuhan patch atau menginstal patch, Anda dapat menggunakan perintah di bagian [AWS CLI perintah untuk melihat ringkasan dan detail tambalan](#patch-details-cli-commands) untuk melihat informasi tentang status dan kepatuhan patch.
**Topics**
+ [Pindai node terkelola untuk kepatuhan patch (AWS CLI)](#patch-operations-scan)
+ [Instal tambalan pada node terkelola ()AWS CLI](#patch-operations-install-cli)
### Pindai node terkelola untuk kepatuhan patch (AWS CLI)
**Untuk memindai node terkelola tertentu untuk kepatuhan patch**
Jalankan perintah berikut.
------
#### [ Linux & macOS ]
```
aws ssm send-command \
--document-name 'AWS-RunPatchBaseline' \
--targets Key=InstanceIds,Values='i-02573cafcfEXAMPLE,i-0471e04240EXAMPLE' \
--parameters 'Operation=Scan' \
--timeout-seconds 600
```
------
#### [ Windows Server ]
```
aws ssm send-command ^
--document-name "AWS-RunPatchBaseline" ^
--targets Key=InstanceIds,Values="i-02573cafcfEXAMPLE,i-0471e04240EXAMPLE" ^
--parameters "Operation=Scan" ^
--timeout-seconds 600
```
------
Sistem mengembalikan informasi seperti berikut ini.
```
{
"Command": {
"CommandId": "a04ed06c-8545-40f4-87c2-a0babEXAMPLE",
"DocumentName": "AWS-RunPatchBaseline",
"DocumentVersion": "$DEFAULT",
"Comment": "",
"ExpiresAfter": 1621974475.267,
"Parameters": {
"Operation": [
"Scan"
]
},
"InstanceIds": [],
"Targets": [
{
"Key": "InstanceIds",
"Values": [
"i-02573cafcfEXAMPLE,
i-0471e04240EXAMPLE"
]
}
],
"RequestedDateTime": 1621952275.267,
"Status": "Pending",
"StatusDetails": "Pending",
"TimeoutSeconds": 600,
---output truncated---
}
}
```
**Untuk memindai node terkelola untuk kepatuhan patch dengan tag grup patch**
Jalankan perintah berikut.
------
#### [ Linux & macOS ]
```
aws ssm send-command \
--document-name 'AWS-RunPatchBaseline' \
--targets Key='tag:PatchGroup',Values='Web servers' \
--parameters 'Operation=Scan' \
--timeout-seconds 600
```
------
#### [ Windows Server ]
```
aws ssm send-command ^
--document-name "AWS-RunPatchBaseline" ^
--targets Key="tag:PatchGroup",Values="Web servers" ^
--parameters "Operation=Scan" ^
--timeout-seconds 600
```
------
Sistem mengembalikan informasi seperti berikut ini.
```
{
"Command": {
"CommandId": "87a448ee-8adc-44e0-b4d1-6b429EXAMPLE",
"DocumentName": "AWS-RunPatchBaseline",
"DocumentVersion": "$DEFAULT",
"Comment": "",
"ExpiresAfter": 1621974983.128,
"Parameters": {
"Operation": [
"Scan"
]
},
"InstanceIds": [],
"Targets": [
{
"Key": "tag:PatchGroup",
"Values": [
"Web servers"
]
}
],
"RequestedDateTime": 1621952783.128,
"Status": "Pending",
"StatusDetails": "Pending",
"TimeoutSeconds": 600,
---output truncated---
}
}
```
### Instal tambalan pada node terkelola ()AWS CLI
**Untuk menginstal patch pada node terkelola tertentu**
Jalankan perintah berikut.
**catatan**
Node terkelola target reboot sesuai kebutuhan untuk menyelesaikan instalasi patch. Untuk informasi selengkapnya, lihat [Dokumen SSM Command untuk menambal: `AWS-RunPatchBaseline`](patch-manager-aws-runpatchbaseline.md).
------
#### [ Linux & macOS ]
```
aws ssm send-command \
--document-name 'AWS-RunPatchBaseline' \
--targets Key=InstanceIds,Values='i-02573cafcfEXAMPLE,i-0471e04240EXAMPLE' \
--parameters 'Operation=Install' \
--timeout-seconds 600
```
------
#### [ Windows Server ]
```
aws ssm send-command ^
--document-name "AWS-RunPatchBaseline" ^
--targets Key=InstanceIds,Values="i-02573cafcfEXAMPLE,i-0471e04240EXAMPLE" ^
--parameters "Operation=Install" ^
--timeout-seconds 600
```
------
Sistem mengembalikan informasi seperti berikut ini.
```
{
"Command": {
"CommandId": "5f403234-38c4-439f-a570-93623EXAMPLE",
"DocumentName": "AWS-RunPatchBaseline",
"DocumentVersion": "$DEFAULT",
"Comment": "",
"ExpiresAfter": 1621975301.791,
"Parameters": {
"Operation": [
"Install"
]
},
"InstanceIds": [],
"Targets": [
{
"Key": "InstanceIds",
"Values": [
"i-02573cafcfEXAMPLE,
i-0471e04240EXAMPLE"
]
}
],
"RequestedDateTime": 1621953101.791,
"Status": "Pending",
"StatusDetails": "Pending",
"TimeoutSeconds": 600,
---output truncated---
}
}
```
**Untuk menginstal patch pada node terkelola dalam grup patch tertentu**
Jalankan perintah berikut.
------
#### [ Linux & macOS ]
```
aws ssm send-command \
--document-name 'AWS-RunPatchBaseline' \
--targets Key='tag:PatchGroup',Values='Web servers' \
-parameters 'Operation=Install' \
--timeout-seconds 600
```
------
#### [ Windows Server ]
```
aws ssm send-command ^
--document-name "AWS-RunPatchBaseline" ^
--targets Key="tag:PatchGroup",Values="Web servers" ^
--parameters "Operation=Install" ^
--timeout-seconds 600
```
------
Sistem mengembalikan informasi seperti berikut ini.
```
{
"Command": {
"CommandId": "fa44b086-7d36-4ad5-ac8d-627ecEXAMPLE",
"DocumentName": "AWS-RunPatchBaseline",
"DocumentVersion": "$DEFAULT",
"Comment": "",
"ExpiresAfter": 1621975407.865,
"Parameters": {
"Operation": [
"Install"
]
},
"InstanceIds": [],
"Targets": [
{
"Key": "tag:PatchGroup",
"Values": [
"Web servers"
]
}
],
"RequestedDateTime": 1621953207.865,
"Status": "Pending",
"StatusDetails": "Pending",
"TimeoutSeconds": 600,
---output truncated---
}
}
```