Class: AWSCDK::SSM::CfnPatchBaselineProps
- Inherits:
-
Jsii::Struct
- Object
- Jsii::Struct
- AWSCDK::SSM::CfnPatchBaselineProps
- Defined in:
- ssm/cfn_patch_baseline_props.rb
Overview
Properties for defining a CfnPatchBaseline.
Instance Attribute Summary collapse
-
#approval_rules ⇒ AWSCDK::IResolvable, ...
readonly
A set of rules used to include patches in the baseline.
-
#approved_patches ⇒ Array<String>?
readonly
A list of explicitly approved patches for the baseline.
-
#approved_patches_compliance_level ⇒ String?
readonly
Defines the compliance level for approved patches.
-
#approved_patches_enable_non_security ⇒ Boolean, ...
readonly
Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes.
-
#available_security_updates_compliance_status ⇒ String?
readonly
Indicates the status you want to assign to security patches that are available but not approved because they don't meet the installation criteria specified in the patch baseline.
-
#default_baseline ⇒ Boolean, ...
readonly
Indicates whether this is the default baseline.
-
#description ⇒ String?
readonly
A description of the patch baseline.
-
#global_filters ⇒ AWSCDK::IResolvable, ...
readonly
A set of global filters used to include patches in the baseline.
-
#name ⇒ String
readonly
The name of the patch baseline.
-
#operating_system ⇒ String?
readonly
Defines the operating system the patch baseline applies to.
-
#patch_groups ⇒ Array<String>?
readonly
The name of the patch group to be registered with the patch baseline.
-
#rejected_patches ⇒ Array<String>?
readonly
A list of explicitly rejected patches for the baseline.
-
#rejected_patches_action ⇒ String?
readonly
The action for Patch Manager to take on patches included in the
RejectedPackageslist. -
#sources ⇒ AWSCDK::IResolvable, ...
readonly
Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
-
#tags ⇒ Array<AWSCDK::CfnTag>?
readonly
Optional metadata that you assign to a resource.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(name:, approval_rules: nil, approved_patches: nil, approved_patches_compliance_level: nil, approved_patches_enable_non_security: nil, available_security_updates_compliance_status: nil, default_baseline: nil, description: nil, global_filters: nil, operating_system: nil, patch_groups: nil, rejected_patches: nil, rejected_patches_action: nil, sources: nil, tags: nil) ⇒ CfnPatchBaselineProps
constructor
A new instance of CfnPatchBaselineProps.
- #to_jsii ⇒ Object
Constructor Details
#initialize(name:, approval_rules: nil, approved_patches: nil, approved_patches_compliance_level: nil, approved_patches_enable_non_security: nil, available_security_updates_compliance_status: nil, default_baseline: nil, description: nil, global_filters: nil, operating_system: nil, patch_groups: nil, rejected_patches: nil, rejected_patches_action: nil, sources: nil, tags: nil) ⇒ CfnPatchBaselineProps
Returns a new instance of CfnPatchBaselineProps.
24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 |
# File 'ssm/cfn_patch_baseline_props.rb', line 24 def initialize(name:, approval_rules: nil, approved_patches: nil, approved_patches_compliance_level: nil, approved_patches_enable_non_security: nil, available_security_updates_compliance_status: nil, default_baseline: nil, description: nil, global_filters: nil, operating_system: nil, patch_groups: nil, rejected_patches: nil, rejected_patches_action: nil, sources: nil, tags: nil) @name = name Jsii::Type.check_type(@name, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "name") @approval_rules = approval_rules.is_a?(Hash) ? ::AWSCDK::SSM::CfnPatchBaseline::RuleGroupProperty.new(**approval_rules.transform_keys(&:to_sym)) : approval_rules Jsii::Type.check_type(@approval_rules, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19zc20uQ2ZuUGF0Y2hCYXNlbGluZS5SdWxlR3JvdXBQcm9wZXJ0eSJ9XX19")), "approvalRules") unless @approval_rules.nil? @approved_patches = approved_patches Jsii::Type.check_type(@approved_patches, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "approvedPatches") unless @approved_patches.nil? @approved_patches_compliance_level = approved_patches_compliance_level Jsii::Type.check_type(@approved_patches_compliance_level, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "approvedPatchesComplianceLevel") unless @approved_patches_compliance_level.nil? @approved_patches_enable_non_security = approved_patches_enable_non_security Jsii::Type.check_type(@approved_patches_enable_non_security, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "approvedPatchesEnableNonSecurity") unless @approved_patches_enable_non_security.nil? @available_security_updates_compliance_status = available_security_updates_compliance_status Jsii::Type.check_type(@available_security_updates_compliance_status, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "availableSecurityUpdatesComplianceStatus") unless @available_security_updates_compliance_status.nil? @default_baseline = default_baseline Jsii::Type.check_type(@default_baseline, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "defaultBaseline") unless @default_baseline.nil? @description = description Jsii::Type.check_type(@description, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "description") unless @description.nil? @global_filters = global_filters.is_a?(Hash) ? ::AWSCDK::SSM::CfnPatchBaseline::PatchFilterGroupProperty.new(**global_filters.transform_keys(&:to_sym)) : global_filters Jsii::Type.check_type(@global_filters, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19zc20uQ2ZuUGF0Y2hCYXNlbGluZS5QYXRjaEZpbHRlckdyb3VwUHJvcGVydHkifV19fQ==")), "globalFilters") unless @global_filters.nil? @operating_system = Jsii::Type.check_type(@operating_system, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "operatingSystem") unless @operating_system.nil? @patch_groups = patch_groups Jsii::Type.check_type(@patch_groups, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "patchGroups") unless @patch_groups.nil? @rejected_patches = rejected_patches Jsii::Type.check_type(@rejected_patches, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "rejectedPatches") unless @rejected_patches.nil? @rejected_patches_action = rejected_patches_action Jsii::Type.check_type(@rejected_patches_action, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "rejectedPatchesAction") unless @rejected_patches_action.nil? @sources = sources Jsii::Type.check_type(@sources, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImNvbGxlY3Rpb24iOnsiZWxlbWVudHR5cGUiOnsidW5pb24iOnsidHlwZXMiOlt7ImZxbiI6ImF3cy1jZGstbGliLklSZXNvbHZhYmxlIn0seyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfc3NtLkNmblBhdGNoQmFzZWxpbmUuUGF0Y2hTb3VyY2VQcm9wZXJ0eSJ9XX19LCJraW5kIjoiYXJyYXkifX1dfX0=")), "sources") unless @sources.nil? @tags = .is_a?(Array) ? .map { |jsii_v0| jsii_v0.is_a?(Hash) ? ::AWSCDK::CfnTag.new(**jsii_v0.transform_keys(&:to_sym)) : jsii_v0 } : Jsii::Type.check_type(@tags, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7ImZxbiI6ImF3cy1jZGstbGliLkNmblRhZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "tags") unless @tags.nil? end |
Instance Attribute Details
#approval_rules ⇒ AWSCDK::IResolvable, ... (readonly)
A set of rules used to include patches in the baseline.
66 67 68 |
# File 'ssm/cfn_patch_baseline_props.rb', line 66 def approval_rules @approval_rules end |
#approved_patches ⇒ Array<String>? (readonly)
A list of explicitly approved patches for the baseline.
For information about accepted formats for lists of approved patches and rejected patches, see Package name formats for approved and rejected patch lists in the AWS Systems Manager User Guide .
73 74 75 |
# File 'ssm/cfn_patch_baseline_props.rb', line 73 def approved_patches @approved_patches end |
#approved_patches_compliance_level ⇒ String? (readonly)
Default: - "UNSPECIFIED"
Defines the compliance level for approved patches.
When an approved patch is reported as missing, this value describes the severity of the compliance violation. The default value is UNSPECIFIED .
81 82 83 |
# File 'ssm/cfn_patch_baseline_props.rb', line 81 def approved_patches_compliance_level @approved_patches_compliance_level end |
#approved_patches_enable_non_security ⇒ Boolean, ... (readonly)
Default: - false
Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes.
The default value is false . Applies to Linux managed nodes only.
89 90 91 |
# File 'ssm/cfn_patch_baseline_props.rb', line 89 def approved_patches_enable_non_security @approved_patches_enable_non_security end |
#available_security_updates_compliance_status ⇒ String? (readonly)
Indicates the status you want to assign to security patches that are available but not approved because they don't meet the installation criteria specified in the patch baseline.
Example scenario: Security patches that you might want installed can be skipped if you have specified a long period to wait after a patch is released before installation. If an update to the patch is released during your specified waiting period, the waiting period for installing the patch starts over. If the waiting period is too long, multiple versions of the patch could be released but never installed.
Supported for Windows Server managed nodes only.
98 99 100 |
# File 'ssm/cfn_patch_baseline_props.rb', line 98 def available_security_updates_compliance_status @available_security_updates_compliance_status end |
#default_baseline ⇒ Boolean, ... (readonly)
Default: - false
Indicates whether this is the default baseline.
AWS Systems Manager supports creating multiple default patch baselines. For example, you can create a default patch baseline for each operating system.
106 107 108 |
# File 'ssm/cfn_patch_baseline_props.rb', line 106 def default_baseline @default_baseline end |
#description ⇒ String? (readonly)
A description of the patch baseline.
111 112 113 |
# File 'ssm/cfn_patch_baseline_props.rb', line 111 def description @description end |
#global_filters ⇒ AWSCDK::IResolvable, ... (readonly)
A set of global filters used to include patches in the baseline.
The
GlobalFiltersparameter can be configured only by using the AWS CLI or an AWS SDK. It can't be configured from the Patch Manager console, and its value isn't displayed in the console.
118 119 120 |
# File 'ssm/cfn_patch_baseline_props.rb', line 118 def global_filters @global_filters end |
#name ⇒ String (readonly)
The name of the patch baseline.
61 62 63 |
# File 'ssm/cfn_patch_baseline_props.rb', line 61 def name @name end |
#operating_system ⇒ String? (readonly)
Default: - "WINDOWS"
Defines the operating system the patch baseline applies to.
The default value is WINDOWS .
126 127 128 |
# File 'ssm/cfn_patch_baseline_props.rb', line 126 def @operating_system end |
#patch_groups ⇒ Array<String>? (readonly)
The name of the patch group to be registered with the patch baseline.
131 132 133 |
# File 'ssm/cfn_patch_baseline_props.rb', line 131 def patch_groups @patch_groups end |
#rejected_patches ⇒ Array<String>? (readonly)
A list of explicitly rejected patches for the baseline.
For information about accepted formats for lists of approved patches and rejected patches, see Package name formats for approved and rejected patch lists in the AWS Systems Manager User Guide .
138 139 140 |
# File 'ssm/cfn_patch_baseline_props.rb', line 138 def rejected_patches @rejected_patches end |
#rejected_patches_action ⇒ String? (readonly)
Default: - "ALLOW_AS_DEPENDENCY"
The action for Patch Manager to take on patches included in the RejectedPackages list.
- ALLOW_AS_DEPENDENCY - Linux and macOS : A package in the rejected patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported as
INSTALLED_OTHER. This is the default action if no option is specified.
Windows Server : Windows Server doesn't support the concept of package dependencies. If a package in the rejected patches list and already installed on the node, its status is reported as INSTALLED_OTHER . Any package not already installed on the node is skipped. This is the default action if no option is specified.
- BLOCK - All OSs : Packages in the rejected patches list, and packages that include them as dependencies, aren't installed by Patch Manager under any circumstances.
State value assignment for patch compliance:
- If a package was installed before it was added to the rejected patches list, or is installed outside of Patch Manager afterward, it's considered noncompliant with the patch baseline and its status is reported as
INSTALLED_REJECTED. - If an update attempts to install a dependency package that is now rejected by the baseline, when previous versions of the package were not rejected, the package being updated is reported as
MISSINGforSCANoperations and asFAILEDforINSTALLoperations.
155 156 157 |
# File 'ssm/cfn_patch_baseline_props.rb', line 155 def rejected_patches_action @rejected_patches_action end |
#sources ⇒ AWSCDK::IResolvable, ... (readonly)
Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
Applies to Linux managed nodes only.
162 163 164 |
# File 'ssm/cfn_patch_baseline_props.rb', line 162 def sources @sources end |
#tags ⇒ Array<AWSCDK::CfnTag>? (readonly)
Optional metadata that you assign to a resource.
Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a patch baseline to identify the severity level of patches it specifies and the operating system family it applies to.
169 170 171 |
# File 'ssm/cfn_patch_baseline_props.rb', line 169 def @tags end |
Class Method Details
.jsii_properties ⇒ Object
171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 |
# File 'ssm/cfn_patch_baseline_props.rb', line 171 def self.jsii_properties { :name => "name", :approval_rules => "approvalRules", :approved_patches => "approvedPatches", :approved_patches_compliance_level => "approvedPatchesComplianceLevel", :approved_patches_enable_non_security => "approvedPatchesEnableNonSecurity", :available_security_updates_compliance_status => "availableSecurityUpdatesComplianceStatus", :default_baseline => "defaultBaseline", :description => "description", :global_filters => "globalFilters", :operating_system => "operatingSystem", :patch_groups => "patchGroups", :rejected_patches => "rejectedPatches", :rejected_patches_action => "rejectedPatchesAction", :sources => "sources", :tags => "tags", } end |
Instance Method Details
#to_jsii ⇒ Object
191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 |
# File 'ssm/cfn_patch_baseline_props.rb', line 191 def to_jsii result = {} result.merge!({ "name" => @name, "approvalRules" => @approval_rules, "approvedPatches" => @approved_patches, "approvedPatchesComplianceLevel" => @approved_patches_compliance_level, "approvedPatchesEnableNonSecurity" => @approved_patches_enable_non_security, "availableSecurityUpdatesComplianceStatus" => @available_security_updates_compliance_status, "defaultBaseline" => @default_baseline, "description" => @description, "globalFilters" => @global_filters, "operatingSystem" => @operating_system, "patchGroups" => @patch_groups, "rejectedPatches" => @rejected_patches, "rejectedPatchesAction" => @rejected_patches_action, "sources" => @sources, "tags" => @tags, }) result.compact end |