Interface CfnPatchBaseline.RuleProperty
- All Superinterfaces:
software.amazon.jsii.JsiiSerializable
- All Known Implementing Classes:
CfnPatchBaseline.RuleProperty.Jsii$Proxy
- Enclosing class:
CfnPatchBaseline
Rule property type specifies an approval rule for a Systems Manager patch baseline.
The PatchRules property of the RuleGroup property type contains a list of Rule property types.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import software.amazon.awscdk.services.ssm.*;
RuleProperty ruleProperty = RuleProperty.builder()
.approveAfterDays(123)
.approveUntilDate("approveUntilDate")
.complianceLevel("complianceLevel")
.enableNonSecurity(false)
.patchFilterGroup(PatchFilterGroupProperty.builder()
.patchFilters(List.of(PatchFilterProperty.builder()
.key("key")
.values(List.of("values"))
.build()))
.build())
.build();
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeInterfaceDescriptionstatic final classA builder forCfnPatchBaseline.RulePropertystatic final classAn implementation forCfnPatchBaseline.RuleProperty -
Method Summary
Modifier and TypeMethodDescriptionbuilder()default NumberThe number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline.default StringThe cutoff date for auto approval of released patches.default StringA compliance severity level for all approved patches in a patch baseline.default ObjectFor managed nodes identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository.default ObjectThe patch filter group that defines the criteria for the rule.Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Method Details
-
getApproveAfterDays
The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline.For example, a value of
7means that patches are approved seven days after they are released.Patch Manager evaluates patch release dates using Coordinated Universal Time (UTC). If the day represented by
7is2025-11-16, patches released between2025-11-16T00:00:00Zand2025-11-16T23:59:59Zwill be included in the approval.This parameter is marked as
Required: No, but your request must include a value for eitherApproveAfterDaysorApproveUntilDate.Not supported for Debian Server or Ubuntu Server.
Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .
- See Also:
-
getApproveUntilDate
The cutoff date for auto approval of released patches.Any patches released on or before this date are installed automatically.
Enter dates in the format
YYYY-MM-DD. For example,2025-11-16.Patch Manager evaluates patch release dates using Coordinated Universal Time (UTC). If you enter the date
2025-11-16, patches released between2025-11-16T00:00:00Zand2025-11-16T23:59:59Zwill be included in the approval.This parameter is marked as
Required: No, but your request must include a value for eitherApproveUntilDateorApproveAfterDays.Not supported for Debian Server or Ubuntu Server.
Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .
- See Also:
-
getComplianceLevel
A compliance severity level for all approved patches in a patch baseline.Valid compliance severity levels include the following:
UNSPECIFIED,CRITICAL,HIGH,MEDIUM,LOW, andINFORMATIONAL.- See Also:
-
getEnableNonSecurity
For managed nodes identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository.The default value is
false. Applies to Linux managed nodes only.Returns union: either
BooleanorIResolvableDefault: - false
- See Also:
-
getPatchFilterGroup
The patch filter group that defines the criteria for the rule.Returns union: either
IResolvableorCfnPatchBaseline.PatchFilterGroupProperty- See Also:
-
builder
-