Use DescribePatchGroupState with a CLI - AWS Systems Manager

Use DescribePatchGroupState with a CLI

The following code examples show how to use DescribePatchGroupState.

CLI
AWS CLI

To get the state of a patch group

The following describe-patch-group-state example retrieves the high-level patch compliance summary for a patch group.

aws ssm describe-patch-group-state \
    --patch-group "Production"

Output:

{
    "Instances": 21,
    "InstancesWithCriticalNonCompliantPatches": 1,
    "InstancesWithFailedPatches": 2,
    "InstancesWithInstalledOtherPatches": 3,
    "InstancesWithInstalledPatches": 21,
    "InstancesWithInstalledPendingRebootPatches": 2,
    "InstancesWithInstalledRejectedPatches": 1,
    "InstancesWithMissingPatches": 3,
    "InstancesWithNotApplicablePatches": 4,
    "InstancesWithOtherNonCompliantPatches": 1,
    "InstancesWithSecurityNonCompliantPatches": 1,
    "InstancesWithUnreportedNotApplicablePatches": 2
}

For more information, see About patch groups <https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-patch-patchgroups.html>__ and Understanding patch compliance state values in the AWS Systems Manager User Guide.

PowerShell
Tools for PowerShell

Example 1: This example gets the high-level patch compliance summary for a patch group.

Get-SSMPatchGroupState -PatchGroup "Production"

Output:

Instances                          : 4
InstancesWithFailedPatches         : 1
InstancesWithInstalledOtherPatches : 4
InstancesWithInstalledPatches      : 3
InstancesWithMissingPatches        : 0
InstancesWithNotApplicablePatches  : 0

For a complete list of AWS SDK developer guides and code examples, see Using this service with an AWS SDK. This topic also includes information about getting started and details about previous SDK versions.