Use DescribePatchGroupState with a CLI - AWS SDK Code Examples

There are more AWS SDK examples available in the AWS Doc SDK Examples GitHub repo.

Use DescribePatchGroupState with a CLI

The following code examples show how to use DescribePatchGroupState.

CLI
AWS CLI

To get the state of a patch group

The following describe-patch-group-state example retrieves the high-level patch compliance summary for a patch group.

aws ssm describe-patch-group-state \
    --patch-group "Production"

Output:

{
    "Instances": 21,
    "InstancesWithCriticalNonCompliantPatches": 1,
    "InstancesWithFailedPatches": 2,
    "InstancesWithInstalledOtherPatches": 3,
    "InstancesWithInstalledPatches": 21,
    "InstancesWithInstalledPendingRebootPatches": 2,
    "InstancesWithInstalledRejectedPatches": 1,
    "InstancesWithMissingPatches": 3,
    "InstancesWithNotApplicablePatches": 4,
    "InstancesWithOtherNonCompliantPatches": 1,
    "InstancesWithSecurityNonCompliantPatches": 1,
    "InstancesWithUnreportedNotApplicablePatches": 2
}

For more information, see About patch groups <https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-patch-patchgroups.html>__ and Understanding patch compliance state values in the AWS Systems Manager User Guide.

PowerShell
Tools for PowerShell

Example 1: This example gets the high-level patch compliance summary for a patch group.

Get-SSMPatchGroupState -PatchGroup "Production"

Output:

Instances                          : 4
InstancesWithFailedPatches         : 1
InstancesWithInstalledOtherPatches : 4
InstancesWithInstalledPatches      : 3
InstancesWithMissingPatches        : 0
InstancesWithNotApplicablePatches  : 0