Sign In to the Console
AWS CloudFormation
User Guide (API Version 2010-05-15)

AWS Documentation » AWS CloudFormation » User Guide » Template Reference » AWS Resource and Property Types Reference » AWS Systems Manager Resource Types Reference » AWS::SSM::PatchBaseline » AWS Systems Manager PatchBaseline Rule

AWS Systems Manager PatchBaseline Rule

The Rule property type specifies an approval rule for a Systems Manager patch baseline.

The PatchRules property of the RuleGroup property type contains a list of Rule property types.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "PatchFilterGroup" : PatchFilterGroup,
  "ApproveAfterDays" : Integer,
  "ComplianceLevel" : String,
  "EnableNonSecurity" : Boolean 
}

Properties

PatchFilterGroup

The patch filter group that defines the criteria for the rule.

Required: No

Type: PatchFilterGroup

Update requires: No interruption

ApproveAfterDays

The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of 7 means that patches are approved seven days after they are released.

Required: No

Type: Integer

Update requires: No interruption

ComplianceLevel

A compliance severity level for all approved patches in a patch baseline. Valid compliance severity levels include the following: UNSPECIFIED, CRITICAL, HIGH, MEDIUM, LOW, and INFORMATIONAL.

Required: No

Type: String

Update requires: No interruption

EnableNonSecurity

For instances identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is false. Applies to Linux instances only.

Required: No

Type: Boolean

Update requires: No interruption

See Also

  • PatchRule in the AWS Systems Manager API Reference.

On this page: