Package software.amazon.awscdk.services.ssm

Class CfnPatchBaseline

java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.core.Construct
software.amazon.awscdk.core.CfnElement
software.amazon.awscdk.core.CfnRefElement
software.amazon.awscdk.core.CfnResource
software.amazon.awscdk.services.ssm.CfnPatchBaseline
All Implemented Interfaces:
IConstruct, IDependable, IInspectable, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct
@Generated(value="jsii-pacmak/1.84.0 (build 5404dcf)", date="2023-06-19T16:30:37.788Z") @Stability(Stable) public class CfnPatchBaseline extends CfnResource implements IInspectable
A CloudFormation AWS::SSM::PatchBaseline.

The AWS::SSM::PatchBaseline resource defines the basic information for an AWS Systems Manager patch baseline. A patch baseline defines which patches are approved for installation on your instances.

For more information, see CreatePatchBaseline in the AWS Systems Manager API Reference .

Example: 

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.ssm.*;
 CfnPatchBaseline cfnPatchBaseline = CfnPatchBaseline.Builder.create(this, "MyCfnPatchBaseline")
         .name("name")
         // the properties below are optional
         .approvalRules(RuleGroupProperty.builder()
                 .patchRules(List.of(RuleProperty.builder()
                         .approveAfterDays(123)
                         .approveUntilDate("approveUntilDate")
                         .complianceLevel("complianceLevel")
                         .enableNonSecurity(false)
                         .patchFilterGroup(PatchFilterGroupProperty.builder()
                                 .patchFilters(List.of(PatchFilterProperty.builder()
                                         .key("key")
                                         .values(List.of("values"))
                                         .build()))
                                 .build())
                         .build()))
                 .build())
         .approvedPatches(List.of("approvedPatches"))
         .approvedPatchesComplianceLevel("approvedPatchesComplianceLevel")
         .approvedPatchesEnableNonSecurity(false)
         .description("description")
         .globalFilters(PatchFilterGroupProperty.builder()
                 .patchFilters(List.of(PatchFilterProperty.builder()
                         .key("key")
                         .values(List.of("values"))
                         .build()))
                 .build())
         .operatingSystem("operatingSystem")
         .patchGroups(List.of("patchGroups"))
         .rejectedPatches(List.of("rejectedPatches"))
         .rejectedPatchesAction("rejectedPatchesAction")
         .sources(List.of(PatchSourceProperty.builder()
                 .configuration("configuration")
                 .name("name")
                 .products(List.of("products"))
                 .build()))
         .tags(List.of(CfnTag.builder()
                 .key("key")
                 .value("value")
                 .build()))
         .build();

  • Field Details

    • CFN_RESOURCE_TYPE_NAME

      @Stability(Stable) public static final String CFN_RESOURCE_TYPE_NAME
      The CloudFormation resource type name for this resource class.

  • Constructor Details

    • CfnPatchBaseline

      protected CfnPatchBaseline(software.amazon.jsii.JsiiObjectRef objRef)

    • CfnPatchBaseline

      protected CfnPatchBaseline(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • CfnPatchBaseline

      @Stability(Stable) public CfnPatchBaseline(@NotNull Construct scope, @NotNull String id, @NotNull CfnPatchBaselineProps props)
      Create a new AWS::SSM::PatchBaseline.

      Parameters:
      scope -
      • scope in which this resource is defined.
      This parameter is required.
      id -
      • scoped id of the resource.
      This parameter is required.
      props -
      • resource properties.
      This parameter is required.

  • Method Details

    • inspect

      @Stability(Stable) public void inspect(@NotNull TreeInspector inspector)
      Examines the CloudFormation resource and discloses attributes.

      Specified by:
      inspect in interface IInspectable
      Parameters:
      inspector -
      • tree inspector to collect and process attributes.
      This parameter is required.

    • renderProperties

      @Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String,Object> props)
      Overrides:
      renderProperties in class CfnResource
      Parameters:
      props - This parameter is required.

    • getCfnProperties

      @Stability(Stable) @NotNull protected Map<String,Object> getCfnProperties()
      Overrides:
      getCfnProperties in class CfnResource

    • getTags

      @Stability(Stable) @NotNull public TagManager getTags()
      Optional metadata that you assign to a resource.

      Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a patch baseline to identify the severity level of patches it specifies and the operating system family it applies to.

    • getName

      @Stability(Stable) @NotNull public String getName()
      The name of the patch baseline.

    • setName

      @Stability(Stable) public void setName(@NotNull String value)
      The name of the patch baseline.

    • getApprovalRules

      @Stability(Stable) @Nullable public Object getApprovalRules()
      A set of rules used to include patches in the baseline.

    • setApprovalRules

      @Stability(Stable) public void setApprovalRules(@Nullable IResolvable value)
      A set of rules used to include patches in the baseline.

    • setApprovalRules

      @Stability(Stable) public void setApprovalRules(@Nullable CfnPatchBaseline.RuleGroupProperty value)
      A set of rules used to include patches in the baseline.

    • getApprovedPatches

      @Stability(Stable) @Nullable public List<String> getApprovedPatches()
      A list of explicitly approved patches for the baseline.

      For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the AWS Systems Manager User Guide .

    • setApprovedPatches

      @Stability(Stable) public void setApprovedPatches(@Nullable List<String> value)
      A list of explicitly approved patches for the baseline.

      For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the AWS Systems Manager User Guide .

    • getApprovedPatchesComplianceLevel

      @Stability(Stable) @Nullable public String getApprovedPatchesComplianceLevel()
      Defines the compliance level for approved patches.

      When an approved patch is reported as missing, this value describes the severity of the compliance violation. The default value is UNSPECIFIED .

    • setApprovedPatchesComplianceLevel

      @Stability(Stable) public void setApprovedPatchesComplianceLevel(@Nullable String value)
      Defines the compliance level for approved patches.

      When an approved patch is reported as missing, this value describes the severity of the compliance violation. The default value is UNSPECIFIED .

    • getApprovedPatchesEnableNonSecurity

      @Stability(Stable) @Nullable public Object getApprovedPatchesEnableNonSecurity()
      Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes.

      The default value is false . Applies to Linux managed nodes only.

    • setApprovedPatchesEnableNonSecurity

      @Stability(Stable) public void setApprovedPatchesEnableNonSecurity(@Nullable Boolean value)
      Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes.

      The default value is false . Applies to Linux managed nodes only.

    • setApprovedPatchesEnableNonSecurity

      @Stability(Stable) public void setApprovedPatchesEnableNonSecurity(@Nullable IResolvable value)
      Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes.

      The default value is false . Applies to Linux managed nodes only.

    • getDescription

      @Stability(Stable) @Nullable public String getDescription()
      A description of the patch baseline.

    • setDescription

      @Stability(Stable) public void setDescription(@Nullable String value)
      A description of the patch baseline.

    • getGlobalFilters

      @Stability(Stable) @Nullable public Object getGlobalFilters()
      A set of global filters used to include patches in the baseline.

    • setGlobalFilters

      @Stability(Stable) public void setGlobalFilters(@Nullable IResolvable value)
      A set of global filters used to include patches in the baseline.

    • setGlobalFilters

      @Stability(Stable) public void setGlobalFilters(@Nullable CfnPatchBaseline.PatchFilterGroupProperty value)
      A set of global filters used to include patches in the baseline.

    • getOperatingSystem

      @Stability(Stable) @Nullable public String getOperatingSystem()
      Defines the operating system the patch baseline applies to.

      The default value is WINDOWS .

    • setOperatingSystem

      @Stability(Stable) public void setOperatingSystem(@Nullable String value)
      Defines the operating system the patch baseline applies to.

      The default value is WINDOWS .

    • getPatchGroups

      @Stability(Stable) @Nullable public List<String> getPatchGroups()
      The name of the patch group to be registered with the patch baseline.

    • setPatchGroups

      @Stability(Stable) public void setPatchGroups(@Nullable List<String> value)
      The name of the patch group to be registered with the patch baseline.

    • getRejectedPatches

      @Stability(Stable) @Nullable public List<String> getRejectedPatches()
      A list of explicitly rejected patches for the baseline.

      For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the AWS Systems Manager User Guide .

    • setRejectedPatches

      @Stability(Stable) public void setRejectedPatches(@Nullable List<String> value)
      A list of explicitly rejected patches for the baseline.

      For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the AWS Systems Manager User Guide .

    • getRejectedPatchesAction

      @Stability(Stable) @Nullable public String getRejectedPatchesAction()
      The action for Patch Manager to take on patches included in the RejectedPackages list.

      • ALLOW_AS_DEPENDENCY : A package in the Rejected patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported as InstalledOther . This is the default action if no option is specified.
      • BLOCK : Packages in the RejectedPatches list, and packages that include them as dependencies, aren't installed under any circumstances. If a package was installed before it was added to the Rejected patches list, it is considered non-compliant with the patch baseline, and its status is reported as InstalledRejected .

    • setRejectedPatchesAction

      @Stability(Stable) public void setRejectedPatchesAction(@Nullable String value)
      The action for Patch Manager to take on patches included in the RejectedPackages list.

      • ALLOW_AS_DEPENDENCY : A package in the Rejected patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported as InstalledOther . This is the default action if no option is specified.
      • BLOCK : Packages in the RejectedPatches list, and packages that include them as dependencies, aren't installed under any circumstances. If a package was installed before it was added to the Rejected patches list, it is considered non-compliant with the patch baseline, and its status is reported as InstalledRejected .

    • getSources

      @Stability(Stable) @Nullable public Object getSources()
      Information about the patches to use to update the managed nodes, including target operating systems and source repositories.

      Applies to Linux managed nodes only.

    • setSources

      @Stability(Stable) public void setSources(@Nullable IResolvable value)
      Information about the patches to use to update the managed nodes, including target operating systems and source repositories.

      Applies to Linux managed nodes only.

    • setSources

      @Stability(Stable) public void setSources(@Nullable List<Object> value)
      Information about the patches to use to update the managed nodes, including target operating systems and source repositories.

      Applies to Linux managed nodes only.