Tagging patch baselines

The topics in this section describe how to work with tags on patch baselines.

Creating patch baselines with tags

You can add tags to AWS Systems Manager patch baselines at the time you create them.

For information, see the following topics:

• Working with custom patch baselines (console)

• Create a patch baseline

• Create a patch baseline with custom repositories for different OS versions

Adding tags to existing patch baselines

You can add tags to patch baselines that you own by using the Systems Manager console or the command line.

Topics

• Adding tags to an existing patch baseline (console)
• Adding tags to an existing patch baseline (AWS CLI)
• Tag a patch baseline (AWS Tools for PowerShell)

Adding tags to an existing patch baseline (console)

1. Open the AWS Systems Manager console at https://console.aws.amazon.com/systems-manager/.

2. In the navigation pane, choose Patch Manager.

   -or-

   If the AWS Systems Manager home page opens first, choose the menu icon ( ) to open the navigation pane, and then choose Patch Manager.

3. Choose the name of a custom patch baseline you have already created, scroll down to the Tags table section, and then choose Edit tags.

4. Choose Add tag.

5. For Key, enter a key for the tag, such as Environment.

6. For Value, enter a value for the tag, such as Test.

7. Choose Save changes.

Adding tags to an existing patch baseline (AWS CLI)

1. Using your preferred command line tool, run the following command to view the list of patch baselines that you can tag.

   aws ssm describe-patch-baselines --filters "Key=OWNER,Values=[Self]"

   Note the ID of a patch baseline that you want to tag.

2. Run the following command to tag a patch baseline. Replace each example resource placeholder with your own information.

   Linux & macOS

   aws ssm add-tags-to-resource \
       --resource-type "PatchBaseline" \
       --resource-id "baseline-id" \
       --tags "Key=tag-key,Value=tag-value"

   Windows

   aws ssm add-tags-to-resource ^
       --resource-type "PatchBaseline" ^
       --resource-id "baseline-id" ^
       --tags "Key=tag-key,Value=tag-value"

   If successful, the command has no output.

3. Run the following command to verify the patch baseline tags.

   Linux & macOS

   aws ssm list-tags-for-resource \
       --resource-type "PatchBaseline" \
       --resource-id "baseline-id"

   Windows

   aws ssm list-tags-for-resource ^
       --resource-type "PatchBaseline" ^
       --resource-id "patchbaseline-id"

Tag a patch baseline (AWS Tools for PowerShell)

1. Run the following command to list patch baseline that you can tag.

   Get-SSMPatchBaseline

2. Run the following commands to tag a patch baseline. Replace each example resource placeholder with your own information.

   $tag = New-Object Amazon.SimpleSystemsManagement.Model.Tag

   $tag.Key = "tag-key"

   $tag.Value = "tag-value"

   Add-SSMResourceTag `
       -ResourceType "PatchBaseline" `
       -ResourceId "baseline-id" `
       -Tag $tag `
       -Force

3. Run the following command to verify the patch baseline tags.

   Get-SSMResourceTag `
       -ResourceType "PatchBaseline" `
       -ResourceId "baseline-id"

Removing tags from patch baselines

You can use the Systems Manager console or the command line to remove tags from a patch baseline.

Topics

• Removing tags from patch baseline (console)
• Removing tags from patch baselines (command line)

Removing tags from patch baseline (console)

1. Open the AWS Systems Manager console at https://console.aws.amazon.com/systems-manager/.

2. In the navigation pane, choose Patch Manager.

   -or-

   If the AWS Systems Manager home page opens first, choose the menu icon ( ) to open the navigation pane, and then choose Patch Manager.

3. Choose the name of the patch baseline to remove tags from, scroll down to the Tags table section, and then choose Edit tags tab.

4. Choose Remove tag next to the tag pair you no longer need.

5. Choose Save changes.

Removing tags from patch baselines (command line)

1. Using your preferred command line tool, run the following command to list the patch baselines in your account.

   Linux & macOS

   aws ssm describe-patch-baselines

   Windows

   aws ssm describe-patch-baselines

   PowerShell

   Get-SSMPatchBaseline

   Note the ID of a patch baseline from which you want to remove tags.

2. Run the following command to remove tags from a patch baseline. Replace each example resource placeholder with your own information.

   Linux & macOS

   aws ssm remove-tags-from-resource \
       --resource-type "PatchBaseline" \
       --resource-id "baseline-id" \
       --tag-key "tag-key"

   Windows

   aws ssm remove-tags-from-resource ^
       --resource-type "PatchBaseline" ^
       --resource-id "baseline-id" ^
       --tag-key "tag-key"

   PowerShell

   Remove-SSMResourceTag `
       -ResourceType "PatchBaseline" `
       -ResourceId "baseline-id" `
       -TagKey "tag-key

   If successful, the command has no output.

3. Run the following command to verify the patch baseline tags.

   Linux & macOS

   aws ssm list-tags-for-resource \
       --resource-type "PatchBaseline" \
       --resource-id "baseline-id"

   Windows

   aws ssm list-tags-for-resource ^
       --resource-type "PatchBaseline" ^
       --resource-id "baseline-id"

   PowerShell

   Get-SSMResourceTag `
       -ResourceType "PatchBaseline" `
       -ResourceId "baseline-id"