Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account
AwsSsmComplianceSummary - AWS Security Hub
ContentsSee Also

AwsSsmComplianceSummary

PDF

Provides the details about the compliance status for a patch.

Contents

ComplianceType

The type of resource for which the compliance was determined. For AwsSsmPatchCompliance, ComplianceType is Patch.

Type: String

Pattern: .*\S.*

Required: No

CompliantCriticalCount

For the patches that are compliant, the number that have a severity of CRITICAL.

Type: Integer

Required: No

CompliantHighCount

For the patches that are compliant, the number that have a severity of HIGH.

Type: Integer

Required: No

CompliantInformationalCount

For the patches that are compliant, the number that have a severity of INFORMATIONAL.

Type: Integer

Required: No

CompliantLowCount

For the patches that are compliant, the number that have a severity of LOW.

Type: Integer

Required: No

CompliantMediumCount

For the patches that are compliant, the number that have a severity of MEDIUM.

Type: Integer

Required: No

CompliantUnspecifiedCount

For the patches that are compliant, the number that have a severity of UNSPECIFIED.

Type: Integer

Required: No

ExecutionType

The type of execution that was used determine compliance.

Type: String

Pattern: .*\S.*

Required: No

NonCompliantCriticalCount

For the patch items that are noncompliant, the number of items that have a severity of CRITICAL.

Type: Integer

Required: No

NonCompliantHighCount

For the patches that are noncompliant, the number that have a severity of HIGH.

Type: Integer

Required: No

NonCompliantInformationalCount

For the patches that are noncompliant, the number that have a severity of INFORMATIONAL.

Type: Integer

Required: No

NonCompliantLowCount

For the patches that are noncompliant, the number that have a severity of LOW.

Type: Integer

Required: No

NonCompliantMediumCount

For the patches that are noncompliant, the number that have a severity of MEDIUM.

Type: Integer

Required: No

NonCompliantUnspecifiedCount

For the patches that are noncompliant, the number that have a severity of UNSPECIFIED.

Type: Integer

Required: No

OverallSeverity

The highest severity for the patches. Valid values are as follows:

  • CRITICAL

  • HIGH

  • MEDIUM

  • LOW

  • INFORMATIONAL

  • UNSPECIFIED

Type: String

Pattern: .*\S.*

Required: No

PatchBaselineId

The identifier of the patch baseline. The patch baseline lists the patches that are approved for installation.

Type: String

Pattern: .*\S.*

Required: No

PatchGroup

The identifier of the patch group for which compliance was determined. A patch group uses tags to group EC2 instances that should have the same patch compliance.

Type: String

Pattern: .*\S.*

Required: No

Status

The current patch compliance status. Valid values are as follows:

  • COMPLIANT

  • NON_COMPLIANT

  • UNSPECIFIED_DATA

Type: String

Pattern: .*\S.*

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

Next topic:

AwsSsmPatch

Need help?

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.