SSM / Client / describe_effective_patches_for_patch_baseline

describe_effective_patches_for_patch_baseline#

SSM.Client.describe_effective_patches_for_patch_baseline(**kwargs)#

Retrieves the current effective patches (the patch and the approval state) for the specified patch baseline. Applies to patch baselines for Windows only.

See also: AWS API Documentation

Request Syntax

response = client.describe_effective_patches_for_patch_baseline(
    BaselineId='string',
    MaxResults=123,
    NextToken='string'
)
Parameters:
  • BaselineId (string) –

    [REQUIRED]

    The ID of the patch baseline to retrieve the effective patches for.

  • MaxResults (integer) – The maximum number of patches to return (per page).

  • NextToken (string) – The token for the next set of items to return. (You received this token from a previous call.)

Return type:

dict

Returns:

Response Syntax

{
    'EffectivePatches': [
        {
            'Patch': {
                'Id': 'string',
                'ReleaseDate': datetime(2015, 1, 1),
                'Title': 'string',
                'Description': 'string',
                'ContentUrl': 'string',
                'Vendor': 'string',
                'ProductFamily': 'string',
                'Product': 'string',
                'Classification': 'string',
                'MsrcSeverity': 'string',
                'KbNumber': 'string',
                'MsrcNumber': 'string',
                'Language': 'string',
                'AdvisoryIds': [
                    'string',
                ],
                'BugzillaIds': [
                    'string',
                ],
                'CVEIds': [
                    'string',
                ],
                'Name': 'string',
                'Epoch': 123,
                'Version': 'string',
                'Release': 'string',
                'Arch': 'string',
                'Severity': 'string',
                'Repository': 'string'
            },
            'PatchStatus': {
                'DeploymentStatus': 'APPROVED'|'PENDING_APPROVAL'|'EXPLICIT_APPROVED'|'EXPLICIT_REJECTED',
                'ComplianceLevel': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED',
                'ApprovalDate': datetime(2015, 1, 1)
            }
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) –

    • EffectivePatches (list) –

      An array of patches and patch status.

      • (dict) –

        The EffectivePatch structure defines metadata about a patch along with the approval state of the patch in a particular patch baseline. The approval state includes information about whether the patch is currently approved, due to be approved by a rule, explicitly approved, or explicitly rejected and the date the patch was or will be approved.

        • Patch (dict) –

          Provides metadata for a patch, including information such as the KB ID, severity, classification and a URL for where more information can be obtained about the patch.

          • Id (string) –

            The ID of the patch. Applies to Windows patches only.

            Note

            This ID isn’t the same as the Microsoft Knowledge Base ID.

          • ReleaseDate (datetime) –

            The date the patch was released.

          • Title (string) –

            The title of the patch.

          • Description (string) –

            The description of the patch.

          • ContentUrl (string) –

            The URL where more information can be obtained about the patch.

          • Vendor (string) –

            The name of the vendor providing the patch.

          • ProductFamily (string) –

            The product family the patch is applicable for. For example, Windows or Amazon Linux 2.

          • Product (string) –

            The specific product the patch is applicable for. For example, WindowsServer2016 or AmazonLinux2018.03.

          • Classification (string) –

            The classification of the patch. For example, SecurityUpdates, Updates, or CriticalUpdates.

          • MsrcSeverity (string) –

            The severity of the patch, such as Critical, Important, or Moderate. Applies to Windows patches only.

          • KbNumber (string) –

            The Microsoft Knowledge Base ID of the patch. Applies to Windows patches only.

          • MsrcNumber (string) –

            The ID of the Microsoft Security Response Center (MSRC) bulletin the patch is related to. For example, MS14-045. Applies to Windows patches only.

          • Language (string) –

            The language of the patch if it’s language-specific.

          • AdvisoryIds (list) –

            The Advisory ID of the patch. For example, RHSA-2020:3779. Applies to Linux-based managed nodes only.

            • (string) –

          • BugzillaIds (list) –

            The Bugzilla ID of the patch. For example, 1600646. Applies to Linux-based managed nodes only.

            • (string) –

          • CVEIds (list) –

            The Common Vulnerabilities and Exposures (CVE) ID of the patch. For example, CVE-2011-3192. Applies to Linux-based managed nodes only.

            • (string) –

          • Name (string) –

            The name of the patch. Applies to Linux-based managed nodes only.

          • Epoch (integer) –

            The epoch of the patch. For example in pkg-example-EE-20180914-2.2.amzn1.noarch, the epoch value is 20180914-2. Applies to Linux-based managed nodes only.

          • Version (string) –

            The version number of the patch. For example, in example-pkg-1.710.10-2.7.abcd.x86_64, the version number is indicated by -1. Applies to Linux-based managed nodes only.

          • Release (string) –

            The particular release of a patch. For example, in pkg-example-EE-20180914-2.2.amzn1.noarch, the release is 2.amaz1. Applies to Linux-based managed nodes only.

          • Arch (string) –

            The architecture of the patch. For example, in example-pkg-0.710.10-2.7.abcd.x86_64, the architecture is indicated by x86_64. Applies to Linux-based managed nodes only.

          • Severity (string) –

            The severity level of the patch. For example, CRITICAL or MODERATE.

          • Repository (string) –

            The source patch repository for the operating system and version, such as trusty-security for Ubuntu Server 14.04 LTE and focal-security for Ubuntu Server 20.04 LTE. Applies to Linux-based managed nodes only.

        • PatchStatus (dict) –

          The status of the patch in a patch baseline. This includes information about whether the patch is currently approved, due to be approved by a rule, explicitly approved, or explicitly rejected and the date the patch was or will be approved.

          • DeploymentStatus (string) –

            The approval status of a patch.

          • ComplianceLevel (string) –

            The compliance severity level for a patch.

          • ApprovalDate (datetime) –

            The date the patch was approved (or will be approved if the status is PENDING_APPROVAL).

    • NextToken (string) –

      The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

Exceptions