AWS Systems Manager
API Reference (API Version 2014-11-06)


Retrieves information about the patches on the specified instance and their state relative to the patch baseline being used for the instance.

Request Syntax

{ "Filters": [ { "Key": "string", "Values": [ "string" ] } ], "InstanceId": "string", "MaxResults": number, "NextToken": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.


Each entry in the array is a structure containing:

Key (string, between 1 and 128 characters)

Values (array of strings, each string between 1 and 256 characters)

Type: Array of PatchOrchestratorFilter objects

Array Members: Minimum number of 0 items. Maximum number of 5 items.

Required: No


The ID of the instance whose patch state information should be retrieved.

Type: String

Pattern: (^i-(\w{8}|\w{17})$)|(^mi-\w{17}$)

Required: Yes


The maximum number of patches to return (per page).

Type: Integer

Valid Range: Minimum value of 10. Maximum value of 100.

Required: No


The token for the next set of items to return. (You received this token from a previous call.)

Type: String

Required: No

Response Syntax

{ "NextToken": "string", "Patches": [ { "Classification": "string", "InstalledTime": number, "KBId": "string", "Severity": "string", "State": "string", "Title": "string" } ] }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.


The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

Type: String


Each entry in the array is a structure containing:

Title (string)

KBId (string)

Classification (string)

Severity (string)


InstalledTime (DateTime)

InstalledBy (string)

Type: Array of PatchComplianceData objects


For information about the errors that are common to all actions, see Common Errors.


An error occurred on the server side.

HTTP Status Code: 400


The filter name is not valid. Verify the you entered the correct name and try again.

HTTP Status Code: 400


The following problems can cause this exception:

You do not have permission to access the instance.

The SSM Agent is not running. On managed instances and Linux instances, verify that the SSM Agent is running. On EC2 Windows instances, verify that the EC2Config service is running.

The SSM Agent or EC2Config service is not registered to the SSM endpoint. Try reinstalling the SSM Agent or EC2Config service.

The instance is not in valid state. Valid states are: Running, Pending, Stopped, Stopping. Invalid states are: Shutting-down and Terminated.

HTTP Status Code: 400


The specified token is not valid.

HTTP Status Code: 400


Sample Request

POST / HTTP/1.1 Host: Accept-Encoding: identity Content-Length: 37 X-Amz-Target: AmazonSSM.DescribeInstancePatches X-Amz-Date: 20180308T205131Z User-Agent: aws-cli/1.11.180 Python/2.7.9 Windows/8 botocore/1.7.38 Content-Type: application/x-amz-json-1.1 Authorization: AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20180308/us-east-2/ssm/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-target, Signature=39c3b3042cd2aEXAMPLE { "InstanceId": "i-0777569f58EXAMPLE" }

Sample Response

{ "Patches": [ { "Classification": "Security", "InstalledTime": 0, "KBId": "file.x86_64", "Severity": "Important", "State": "Installed", "Title": "file.x86_64:0:5.30-11.34.amzn1" }, { "Classification": "Security", "InstalledTime": 0, "KBId": "file-libs.x86_64", "Severity": "Important", "State": "Installed", "Title": "file-libs.x86_64:0:5.30-11.34.amzn1" }, { "Classification": "Security", "InstalledTime": 0, "KBId": "freetype.x86_64", "Severity": "Important", "State": "Installed", "Title": "freetype.x86_64:0:2.3.11-15.14.amzn1" } // There may be more content here ] }

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: