Class: AWSCDK::SSM::CfnPatchBaseline::RuleProperty

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
ssm/cfn_patch_baseline.rb

Overview

The Rule property type specifies an approval rule for a Systems Manager patch baseline.

The PatchRules property of the RuleGroup property type contains a list of Rule property types.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(approve_after_days: nil, approve_until_date: nil, compliance_level: nil, enable_non_security: nil, patch_filter_group: nil) ⇒ RuleProperty

Returns a new instance of RuleProperty.

Parameters:

  • approve_after_days (Numeric, nil) (defaults to: nil)

    The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline.

  • approve_until_date (String, nil) (defaults to: nil)

    The cutoff date for auto approval of released patches.

  • compliance_level (String, nil) (defaults to: nil)

    A compliance severity level for all approved patches in a patch baseline.

  • enable_non_security (Boolean, AWSCDK::IResolvable, nil) (defaults to: nil)

    For managed nodes identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository.

  • patch_filter_group (AWSCDK::IResolvable, AWSCDK::SSM::CfnPatchBaseline::PatchFilterGroupProperty, nil) (defaults to: nil)

    The patch filter group that defines the criteria for the rule.



900
901
902
903
904
905
906
907
908
909
910
911
# File 'ssm/cfn_patch_baseline.rb', line 900

def initialize(approve_after_days: nil, approve_until_date: nil, compliance_level: nil, enable_non_security: nil, patch_filter_group: nil)
  @approve_after_days = approve_after_days
  Jsii::Type.check_type(@approve_after_days, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJudW1iZXIifQ==")), "approveAfterDays") unless @approve_after_days.nil?
  @approve_until_date = approve_until_date
  Jsii::Type.check_type(@approve_until_date, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "approveUntilDate") unless @approve_until_date.nil?
  @compliance_level = compliance_level
  Jsii::Type.check_type(@compliance_level, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "complianceLevel") unless @compliance_level.nil?
  @enable_non_security = enable_non_security
  Jsii::Type.check_type(@enable_non_security, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "enableNonSecurity") unless @enable_non_security.nil?
  @patch_filter_group = patch_filter_group.is_a?(Hash) ? ::AWSCDK::SSM::CfnPatchBaseline::PatchFilterGroupProperty.new(**patch_filter_group.transform_keys(&:to_sym)) : patch_filter_group
  Jsii::Type.check_type(@patch_filter_group, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19zc20uQ2ZuUGF0Y2hCYXNlbGluZS5QYXRjaEZpbHRlckdyb3VwUHJvcGVydHkifV19fQ==")), "patchFilterGroup") unless @patch_filter_group.nil?
end

Instance Attribute Details

#approve_after_daysNumeric? (readonly)

The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline.

For example, a value of 7 means that patches are approved seven days after they are released.

Patch Manager evaluates patch release dates using Coordinated Universal Time (UTC). If the day represented by 7 is 2025-11-16 , patches released between 2025-11-16T00:00:00Z and 2025-11-16T23:59:59Z will be included in the approval.

This parameter is marked as Required: No , but your request must include a value for either ApproveAfterDays or ApproveUntilDate .

Not supported for Debian Server or Ubuntu Server.

Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .



927
928
929
# File 'ssm/cfn_patch_baseline.rb', line 927

def approve_after_days
  @approve_after_days
end

#approve_until_dateString? (readonly)

The cutoff date for auto approval of released patches.

Any patches released on or before this date are installed automatically.

Enter dates in the format YYYY-MM-DD . For example, 2025-11-16 .

Patch Manager evaluates patch release dates using Coordinated Universal Time (UTC). If you enter the date 2025-11-16 , patches released between 2025-11-16T00:00:00Z and 2025-11-16T23:59:59Z will be included in the approval.

This parameter is marked as Required: No , but your request must include a value for either ApproveUntilDate or ApproveAfterDays .

Not supported for Debian Server or Ubuntu Server.

Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the AWS Systems Manager User Guide .



944
945
946
# File 'ssm/cfn_patch_baseline.rb', line 944

def approve_until_date
  @approve_until_date
end

#compliance_levelString? (readonly)

A compliance severity level for all approved patches in a patch baseline.

Valid compliance severity levels include the following: UNSPECIFIED , CRITICAL , HIGH , MEDIUM , LOW , and INFORMATIONAL .



951
952
953
# File 'ssm/cfn_patch_baseline.rb', line 951

def compliance_level
  @compliance_level
end

#enable_non_securityBoolean, ... (readonly)

Note:

Default: - false

For managed nodes identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository.

The default value is false . Applies to Linux managed nodes only.



959
960
961
# File 'ssm/cfn_patch_baseline.rb', line 959

def enable_non_security
  @enable_non_security
end

#patch_filter_groupAWSCDK::IResolvable, ... (readonly)

The patch filter group that defines the criteria for the rule.



964
965
966
# File 'ssm/cfn_patch_baseline.rb', line 964

def patch_filter_group
  @patch_filter_group
end

Class Method Details

.jsii_propertiesObject



966
967
968
969
970
971
972
973
974
# File 'ssm/cfn_patch_baseline.rb', line 966

def self.jsii_properties
  {
    :approve_after_days => "approveAfterDays",
    :approve_until_date => "approveUntilDate",
    :compliance_level => "complianceLevel",
    :enable_non_security => "enableNonSecurity",
    :patch_filter_group => "patchFilterGroup",
  }
end

Instance Method Details

#to_jsiiObject



976
977
978
979
980
981
982
983
984
985
986
# File 'ssm/cfn_patch_baseline.rb', line 976

def to_jsii
  result = {}
  result.merge!({
    "approveAfterDays" => @approve_after_days,
    "approveUntilDate" => @approve_until_date,
    "complianceLevel" => @compliance_level,
    "enableNonSecurity" => @enable_non_security,
    "patchFilterGroup" => @patch_filter_group,
  })
  result.compact
end