GetPatchBaseline - AWS Systems Manager

GetPatchBaseline

Retrieves information about a patch baseline.

Request Syntax

{ "BaselineId": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

BaselineId

The ID of the patch baseline to retrieve.

Note

To retrieve information about an AWS managed patch baseline, specify the full Amazon Resource Name (ARN) of the baseline. For example, for the baseline AWS-AmazonLinuxDefaultPatchBaseline, specify arn:aws:ssm:us-east-2:733109147000:patchbaseline/pb-0e392de35e7c563b7 instead of pb-0e392de35e7c563b7.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 128.

Pattern: ^[a-zA-Z0-9_\-:/]{20,128}$

Required: Yes

Response Syntax

{ "ApprovalRules": { "PatchRules": [ { "ApproveAfterDays": number, "ApproveUntilDate": "string", "ComplianceLevel": "string", "EnableNonSecurity": boolean, "PatchFilterGroup": { "PatchFilters": [ { "Key": "string", "Values": [ "string" ] } ] } } ] }, "ApprovedPatches": [ "string" ], "ApprovedPatchesComplianceLevel": "string", "ApprovedPatchesEnableNonSecurity": boolean, "BaselineId": "string", "CreatedDate": number, "Description": "string", "GlobalFilters": { "PatchFilters": [ { "Key": "string", "Values": [ "string" ] } ] }, "ModifiedDate": number, "Name": "string", "OperatingSystem": "string", "PatchGroups": [ "string" ], "RejectedPatches": [ "string" ], "RejectedPatchesAction": "string", "Sources": [ { "Configuration": "string", "Name": "string", "Products": [ "string" ] } ] }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

ApprovalRules

A set of rules used to include patches in the baseline.

Type: PatchRuleGroup object

ApprovedPatches

A list of explicitly approved patches for the baseline.

Type: Array of strings

Array Members: Minimum number of 0 items. Maximum number of 50 items.

Length Constraints: Minimum length of 1. Maximum length of 100.

ApprovedPatchesComplianceLevel

Returns the specified compliance severity level for approved patches in the patch baseline.

Type: String

Valid Values: CRITICAL | HIGH | MEDIUM | LOW | INFORMATIONAL | UNSPECIFIED

ApprovedPatchesEnableNonSecurity

Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes. The default value is false. Applies to Linux managed nodes only.

Type: Boolean

BaselineId

The ID of the retrieved patch baseline.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 128.

Pattern: ^[a-zA-Z0-9_\-:/]{20,128}$

CreatedDate

The date the patch baseline was created.

Type: Timestamp

Description

A description of the patch baseline.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 1024.

GlobalFilters

A set of global filters used to exclude patches from the baseline.

Type: PatchFilterGroup object

ModifiedDate

The date the patch baseline was last modified.

Type: Timestamp

Name

The name of the patch baseline.

Type: String

Length Constraints: Minimum length of 3. Maximum length of 128.

Pattern: ^[a-zA-Z0-9_\-.]{3,128}$

OperatingSystem

Returns the operating system specified for the patch baseline.

Type: String

Valid Values: WINDOWS | AMAZON_LINUX | AMAZON_LINUX_2 | AMAZON_LINUX_2022 | UBUNTU | REDHAT_ENTERPRISE_LINUX | SUSE | CENTOS | ORACLE_LINUX | DEBIAN | MACOS | RASPBIAN | ROCKY_LINUX | ALMA_LINUX | AMAZON_LINUX_2023

PatchGroups

Patch groups included in the patch baseline.

Type: Array of strings

Length Constraints: Minimum length of 1. Maximum length of 256.

Pattern: ^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$

RejectedPatches

A list of explicitly rejected patches for the baseline.

Type: Array of strings

Array Members: Minimum number of 0 items. Maximum number of 50 items.

Length Constraints: Minimum length of 1. Maximum length of 100.

RejectedPatchesAction

The action specified to take on patches included in the RejectedPatches list. A patch can be allowed only if it is a dependency of another package, or blocked entirely along with packages that include it as a dependency.

Type: String

Valid Values: ALLOW_AS_DEPENDENCY | BLOCK

Sources

Information about the patches to use to update the managed nodes, including target operating systems and source repositories. Applies to Linux managed nodes only.

Type: Array of PatchSource objects

Array Members: Minimum number of 0 items. Maximum number of 20 items.

Errors

For information about the errors that are common to all actions, see Common Errors.

DoesNotExistException

Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.

For information about resource quotas in AWS Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.

HTTP Status Code: 400

InternalServerError

An error occurred on the server side.

HTTP Status Code: 500

InvalidResourceId

The resource ID isn't valid. Verify that you entered the correct ID and try again.

HTTP Status Code: 400

Examples

Example

This example illustrates one usage of GetPatchBaseline.

Sample Request

POST / HTTP/1.1 Host: ssm.us-east-2.amazonaws.com Accept-Encoding: identity Content-Length: 38 X-Amz-Target: AmazonSSM.GetPatchBaseline X-Amz-Date: 20240309T020232Z User-Agent: aws-cli/1.11.180 Python/2.7.9 Windows/8 botocore/1.7.38 Content-Type: application/x-amz-json-1.1 Authorization: AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20240309/us-east-2/ssm/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-target, Signature=39c3b3042cd2aEXAMPLE { "BaselineId": "pb-0c10e65780EXAMPLE" }

Sample Response

{ "ApprovalRules": { "PatchRules": [ { "ApproveAfterDays": 1, "ComplianceLevel": "UNSPECIFIED", "EnableNonSecurity": false, "PatchFilterGroup": { "PatchFilters": [ { "Key": "PRODUCT", "Values": [ "WindowsServer2012R2" ] }, { "Key": "CLASSIFICATION", "Values": [ "SecurityUpdates" ] }, { "Key": "MSRC_SEVERITY", "Values": [ "Important", "Critical", "Moderate" ] } ] } } ] }, "ApprovedPatches": [], "ApprovedPatchesComplianceLevel": "HIGH", "ApprovedPatchesEnableNonSecurity": false, "BaselineId": "pb-0c10e65780EXAMPLE", "Description": "My Moderate, Important, and Critical security updates for Windows Server 2012 R2", "GlobalFilters": { "PatchFilters": [] }, "CreatedDate": 1520561435.87, "ModifiedDate": 1520561435.869, "Name": "my-Windows-Server-2012R2", "OperatingSystem": "WINDOWS", "PatchGroups": [ "mypatchgroup" ], "RejectedPatches": [ "KB3452678" ], "RejecteddPatchesAction": "ALLOW_AS_DEPENDENCY", "Sources": [] }

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: