Class: AWSCDK::SSM::CfnPatchBaseline::RuleProperty
- Inherits:
-
Jsii::Struct
- Object
- Jsii::Struct
- AWSCDK::SSM::CfnPatchBaseline::RuleProperty
- Defined in:
- ssm/cfn_patch_baseline.rb
Overview
The Rule property type specifies an approval rule for a Systems Manager patch baseline.
The PatchRules property of the RuleGroup property type contains a list of Rule property types.
Instance Attribute Summary collapse
-
#approve_after_days ⇒ Numeric?
readonly
The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline.
-
#approve_until_date ⇒ String?
readonly
The cutoff date for auto approval of released patches.
-
#compliance_level ⇒ String?
readonly
A compliance severity level for all approved patches in a patch baseline.
-
#enable_non_security ⇒ Boolean, ...
readonly
For managed nodes identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository.
-
#patch_filter_group ⇒ AWSCDK::IResolvable, ...
readonly
The patch filter group that defines the criteria for the rule.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(approve_after_days: nil, approve_until_date: nil, compliance_level: nil, enable_non_security: nil, patch_filter_group: nil) ⇒ RuleProperty
constructor
A new instance of RuleProperty.
- #to_jsii ⇒ Object
Constructor Details
#initialize(approve_after_days: nil, approve_until_date: nil, compliance_level: nil, enable_non_security: nil, patch_filter_group: nil) ⇒ RuleProperty
Returns a new instance of RuleProperty.
900 901 902 903 904 905 906 907 908 909 910 911 |
# File 'ssm/cfn_patch_baseline.rb', line 900 def initialize(approve_after_days: nil, approve_until_date: nil, compliance_level: nil, enable_non_security: nil, patch_filter_group: nil) @approve_after_days = approve_after_days Jsii::Type.check_type(@approve_after_days, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJudW1iZXIifQ==")), "approveAfterDays") unless @approve_after_days.nil? @approve_until_date = approve_until_date Jsii::Type.check_type(@approve_until_date, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "approveUntilDate") unless @approve_until_date.nil? @compliance_level = compliance_level Jsii::Type.check_type(@compliance_level, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "complianceLevel") unless @compliance_level.nil? @enable_non_security = enable_non_security Jsii::Type.check_type(@enable_non_security, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "enableNonSecurity") unless @enable_non_security.nil? @patch_filter_group = patch_filter_group.is_a?(Hash) ? ::AWSCDK::SSM::CfnPatchBaseline::PatchFilterGroupProperty.new(**patch_filter_group.transform_keys(&:to_sym)) : patch_filter_group Jsii::Type.check_type(@patch_filter_group, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19zc20uQ2ZuUGF0Y2hCYXNlbGluZS5QYXRjaEZpbHRlckdyb3VwUHJvcGVydHkifV19fQ==")), "patchFilterGroup") unless @patch_filter_group.nil? end |
Instance Attribute Details
#approve_after_days ⇒ Numeric? (readonly)
The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline.
For example, a value of 7 means that patches are approved seven days after they are released.
Patch Manager evaluates patch release dates using Coordinated Universal Time (UTC). If the day represented by 7 is 2025-11-16 , patches released between 2025-11-16T00:00:00Z and 2025-11-16T23:59:59Z will be included in the approval.
This parameter is marked as Required: No , but your request must include a value for either ApproveAfterDays or ApproveUntilDate .
Not supported for Debian Server or Ubuntu Server.
Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .
927 928 929 |
# File 'ssm/cfn_patch_baseline.rb', line 927 def approve_after_days @approve_after_days end |
#approve_until_date ⇒ String? (readonly)
The cutoff date for auto approval of released patches.
Any patches released on or before this date are installed automatically.
Enter dates in the format YYYY-MM-DD . For example, 2025-11-16 .
Patch Manager evaluates patch release dates using Coordinated Universal Time (UTC). If you enter the date 2025-11-16 , patches released between 2025-11-16T00:00:00Z and 2025-11-16T23:59:59Z will be included in the approval.
This parameter is marked as Required: No , but your request must include a value for either ApproveUntilDate or ApproveAfterDays .
Not supported for Debian Server or Ubuntu Server.
Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .
944 945 946 |
# File 'ssm/cfn_patch_baseline.rb', line 944 def approve_until_date @approve_until_date end |
#compliance_level ⇒ String? (readonly)
A compliance severity level for all approved patches in a patch baseline.
Valid compliance severity levels include the following: UNSPECIFIED , CRITICAL , HIGH , MEDIUM , LOW , and INFORMATIONAL .
951 952 953 |
# File 'ssm/cfn_patch_baseline.rb', line 951 def compliance_level @compliance_level end |
#enable_non_security ⇒ Boolean, ... (readonly)
Default: - false
For managed nodes identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository.
The default value is false . Applies to Linux managed nodes only.
959 960 961 |
# File 'ssm/cfn_patch_baseline.rb', line 959 def enable_non_security @enable_non_security end |
#patch_filter_group ⇒ AWSCDK::IResolvable, ... (readonly)
The patch filter group that defines the criteria for the rule.
964 965 966 |
# File 'ssm/cfn_patch_baseline.rb', line 964 def patch_filter_group @patch_filter_group end |
Class Method Details
.jsii_properties ⇒ Object
966 967 968 969 970 971 972 973 974 |
# File 'ssm/cfn_patch_baseline.rb', line 966 def self.jsii_properties { :approve_after_days => "approveAfterDays", :approve_until_date => "approveUntilDate", :compliance_level => "complianceLevel", :enable_non_security => "enableNonSecurity", :patch_filter_group => "patchFilterGroup", } end |
Instance Method Details
#to_jsii ⇒ Object
976 977 978 979 980 981 982 983 984 985 986 |
# File 'ssm/cfn_patch_baseline.rb', line 976 def to_jsii result = {} result.merge!({ "approveAfterDays" => @approve_after_days, "approveUntilDate" => @approve_until_date, "complianceLevel" => @compliance_level, "enableNonSecurity" => @enable_non_security, "patchFilterGroup" => @patch_filter_group, }) result.compact end |