SSM / Client / describe_available_patches
describe_available_patches#
- SSM.Client.describe_available_patches(**kwargs)#
Lists all patches eligible to be included in a patch baseline.
Note
Currently,
DescribeAvailablePatches
supports only the Amazon Linux 1, Amazon Linux 2, and Windows Server operating systems.See also: AWS API Documentation
Request Syntax
response = client.describe_available_patches( Filters=[ { 'Key': 'string', 'Values': [ 'string', ] }, ], MaxResults=123, NextToken='string' )
- Parameters:
Filters (list) –
Each element in the array is a structure containing a key-value pair.
Windows Server
Supported keys for Windows Server managed node patches include the following:
PATCH_SET
Sample values:OS
|APPLICATION
PRODUCT
Sample values:WindowsServer2012
|Office 2010
|MicrosoftDefenderAntivirus
PRODUCT_FAMILY
Sample values:Windows
|Office
MSRC_SEVERITY
Sample values:ServicePacks
|Important
|Moderate
CLASSIFICATION
Sample values:ServicePacks
|SecurityUpdates
|DefinitionUpdates
PATCH_ID
Sample values:KB123456
|KB4516046
Linux
Warning
When specifying filters for Linux patches, you must specify a key-pair for
PRODUCT
. For example, using the Command Line Interface (CLI), the following command fails:aws ssm describe-available-patches --filters Key=CVE_ID,Values=CVE-2018-3615
However, the following command succeeds:
aws ssm describe-available-patches --filters Key=PRODUCT,Values=AmazonLinux2018.03 Key=CVE_ID,Values=CVE-2018-3615
Supported keys for Linux managed node patches include the following:
PRODUCT
Sample values:AmazonLinux2018.03
|AmazonLinux2.0
NAME
Sample values:kernel-headers
|samba-python
|php
SEVERITY
Sample values:Critical
|Important
|Medium
|Low
EPOCH
Sample values:0
|1
VERSION
Sample values:78.6.1
|4.10.16
RELEASE
Sample values:9.56.amzn1
|1.amzn2
ARCH
Sample values:i686
|x86_64
REPOSITORY
Sample values:Core
|Updates
ADVISORY_ID
Sample values:ALAS-2018-1058
|ALAS2-2021-1594
CVE_ID
Sample values:CVE-2018-3615
|CVE-2020-1472
BUGZILLA_ID
Sample values:1463241
(dict) –
Defines a filter used in Patch Manager APIs. Supported filter keys depend on the API operation that includes the filter. Patch Manager API operations that use
PatchOrchestratorFilter
include the following:DescribeAvailablePatches
DescribeInstancePatches
DescribePatchBaselines
DescribePatchGroups
Key (string) –
The key for the filter.
Values (list) –
The value for the filter.
(string) –
MaxResults (integer) – The maximum number of patches to return (per page).
NextToken (string) – The token for the next set of items to return. (You received this token from a previous call.)
- Return type:
dict
- Returns:
Response Syntax
{ 'Patches': [ { 'Id': 'string', 'ReleaseDate': datetime(2015, 1, 1), 'Title': 'string', 'Description': 'string', 'ContentUrl': 'string', 'Vendor': 'string', 'ProductFamily': 'string', 'Product': 'string', 'Classification': 'string', 'MsrcSeverity': 'string', 'KbNumber': 'string', 'MsrcNumber': 'string', 'Language': 'string', 'AdvisoryIds': [ 'string', ], 'BugzillaIds': [ 'string', ], 'CVEIds': [ 'string', ], 'Name': 'string', 'Epoch': 123, 'Version': 'string', 'Release': 'string', 'Arch': 'string', 'Severity': 'string', 'Repository': 'string' }, ], 'NextToken': 'string' }
Response Structure
(dict) –
Patches (list) –
An array of patches. Each entry in the array is a patch structure.
(dict) –
Represents metadata about a patch.
Id (string) –
The ID of the patch. Applies to Windows patches only.
Note
This ID isn’t the same as the Microsoft Knowledge Base ID.
ReleaseDate (datetime) –
The date the patch was released.
Title (string) –
The title of the patch.
Description (string) –
The description of the patch.
ContentUrl (string) –
The URL where more information can be obtained about the patch.
Vendor (string) –
The name of the vendor providing the patch.
ProductFamily (string) –
The product family the patch is applicable for. For example,
Windows
orAmazon Linux 2
.Product (string) –
The specific product the patch is applicable for. For example,
WindowsServer2016
orAmazonLinux2018.03
.Classification (string) –
The classification of the patch. For example,
SecurityUpdates
,Updates
, orCriticalUpdates
.MsrcSeverity (string) –
The severity of the patch, such as
Critical
,Important
, orModerate
. Applies to Windows patches only.KbNumber (string) –
The Microsoft Knowledge Base ID of the patch. Applies to Windows patches only.
MsrcNumber (string) –
The ID of the Microsoft Security Response Center (MSRC) bulletin the patch is related to. For example,
MS14-045
. Applies to Windows patches only.Language (string) –
The language of the patch if it’s language-specific.
AdvisoryIds (list) –
The Advisory ID of the patch. For example,
RHSA-2020:3779
. Applies to Linux-based managed nodes only.(string) –
BugzillaIds (list) –
The Bugzilla ID of the patch. For example,
1600646
. Applies to Linux-based managed nodes only.(string) –
CVEIds (list) –
The Common Vulnerabilities and Exposures (CVE) ID of the patch. For example,
CVE-2011-3192
. Applies to Linux-based managed nodes only.(string) –
Name (string) –
The name of the patch. Applies to Linux-based managed nodes only.
Epoch (integer) –
The epoch of the patch. For example in
pkg-example-EE-20180914-2.2.amzn1.noarch
, the epoch value is20180914-2
. Applies to Linux-based managed nodes only.Version (string) –
The version number of the patch. For example, in
example-pkg-1.710.10-2.7.abcd.x86_64
, the version number is indicated by-1
. Applies to Linux-based managed nodes only.Release (string) –
The particular release of a patch. For example, in
pkg-example-EE-20180914-2.2.amzn1.noarch
, the release is2.amaz1
. Applies to Linux-based managed nodes only.Arch (string) –
The architecture of the patch. For example, in
example-pkg-0.710.10-2.7.abcd.x86_64
, the architecture is indicated byx86_64
. Applies to Linux-based managed nodes only.Severity (string) –
The severity level of the patch. For example,
CRITICAL
orMODERATE
.Repository (string) –
The source patch repository for the operating system and version, such as
trusty-security
for Ubuntu Server 14.04 LTE andfocal-security
for Ubuntu Server 20.04 LTE. Applies to Linux-based managed nodes only.
NextToken (string) –
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions