DescribeInstancePatches - AWS Systems Manager


Retrieves information about the patches on the specified instance and their state relative to the patch baseline being used for the instance.

Request Syntax

{ "Filters": [ { "Key": "string", "Values": [ "string" ] } ], "InstanceId": "string", "MaxResults": number, "NextToken": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.


An array of structures. Each entry in the array is a structure containing a Key, Value combination. Valid values for Key are Classification | KBId | Severity | State.

Type: Array of PatchOrchestratorFilter objects

Array Members: Minimum number of 0 items. Maximum number of 5 items.

Required: No


The ID of the instance whose patch state information should be retrieved.

Type: String

Pattern: (^i-(\w{8}|\w{17})$)|(^mi-\w{17}$)

Required: Yes


The maximum number of patches to return (per page).

Type: Integer

Valid Range: Minimum value of 10. Maximum value of 100.

Required: No


The token for the next set of items to return. (You received this token from a previous call.)

Type: String

Required: No

Response Syntax

{ "NextToken": "string", "Patches": [ { "Classification": "string", "CVEIds": "string", "InstalledTime": number, "KBId": "string", "Severity": "string", "State": "string", "Title": "string" } ] }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.


The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

Type: String


Each entry in the array is a structure containing:

Title (string)

KBId (string)

Classification (string)

Severity (string)

State (string, such as "INSTALLED" or "FAILED")

InstalledTime (DateTime)

InstalledBy (string)

Type: Array of PatchComplianceData objects


For information about the errors that are common to all actions, see Common Errors.


An error occurred on the server side.

HTTP Status Code: 500


The filter name is not valid. Verify the you entered the correct name and try again.

HTTP Status Code: 400


The following problems can cause this exception:

You do not have permission to access the instance.

SSM Agent is not running. Verify that SSM Agent is running.

SSM Agent is not registered with the SSM endpoint. Try reinstalling SSM Agent.

The instance is not in valid state. Valid states are: Running, Pending, Stopped, Stopping. Invalid states are: Shutting-down and Terminated.

HTTP Status Code: 400


The specified token is not valid.

HTTP Status Code: 400



This example illustrates one usage of DescribeInstancePatches.

Sample Request

POST / HTTP/1.1 Host: Accept-Encoding: identity Content-Length: 37 X-Amz-Target: AmazonSSM.DescribeInstancePatches X-Amz-Date: 20180308T205131Z User-Agent: aws-cli/1.11.180 Python/2.7.9 Windows/8 botocore/1.7.38 Content-Type: application/x-amz-json-1.1 Authorization: AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20180308/us-east-2/ssm/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-target, Signature=39c3b3042cd2aEXAMPLE { "InstanceId": "i-02573cafcfEXAMPLE" }

Sample Response

{ "Patches": [ { "Classification": "Security", "InstalledTime": 0, "KBId": "file.x86_64", "Severity": "Important", "State": "Installed", "Title": "file.x86_64:0:5.30-11.34.amzn1" }, { "Classification": "Security", "InstalledTime": 0, "KBId": "file-libs.x86_64", "Severity": "Important", "State": "Installed", "Title": "file-libs.x86_64:0:5.30-11.34.amzn1" }, { "Classification": "Security", "InstalledTime": 0, "KBId": "freetype.x86_64", "Severity": "Important", "State": "Installed", "Title": "freetype.x86_64:0:2.3.11-15.14.amzn1" } // There may be more content here ] }

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: