PatchRule
Defines an approval rule for a patch baseline.
Contents
- PatchFilterGroup
-
The patch filter group that defines the criteria for the rule.
Type: PatchFilterGroup object
Required: Yes
- ApproveAfterDays
-
The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of
7
means that patches are approved seven days after they are released.This parameter is marked as
Required: No
, but your request must include a value for eitherApproveAfterDays
orApproveUntilDate
.Not supported for Debian Server or Ubuntu Server.
Important
Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide.
Type: Integer
Valid Range: Minimum value of 0. Maximum value of 360.
Required: No
- ApproveUntilDate
-
The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.
Enter dates in the format
YYYY-MM-DD
. For example,2024-12-31
.This parameter is marked as
Required: No
, but your request must include a value for eitherApproveUntilDate
orApproveAfterDays
.Not supported for Debian Server or Ubuntu Server.
Important
Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 10.
Required: No
- ComplianceLevel
-
A compliance severity level for all approved patches in a patch baseline.
Type: String
Valid Values:
CRITICAL | HIGH | MEDIUM | LOW | INFORMATIONAL | UNSPECIFIED
Required: No
- EnableNonSecurity
-
For managed nodes identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is
false
. Applies to Linux managed nodes only.Type: Boolean
Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: