Package software.amazon.awscdk.services.ssm

Class CfnPatchBaseline

java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.CfnElement
software.amazon.awscdk.CfnRefElement
software.amazon.awscdk.CfnResource
software.amazon.awscdk.services.ssm.CfnPatchBaseline
All Implemented Interfaces:
IInspectable, IEnvironmentAware, IPatchBaselineRef, ITaggable, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable
@Generated(value="jsii-pacmak/1.120.0 (build 192dc88)", date="2025-12-05T22:26:46.085Z") @Stability(Stable) public class CfnPatchBaseline extends CfnResource implements IInspectable, IPatchBaselineRef, ITaggable
The AWS::SSM::PatchBaseline resource defines the basic information for an AWS Systems Manager patch baseline.

A patch baseline defines which patches are approved for installation on your instances.

For more information, see CreatePatchBaseline in the AWS Systems Manager API Reference .

Example: 

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.ssm.*;
 CfnPatchBaseline cfnPatchBaseline = CfnPatchBaseline.Builder.create(this, "MyCfnPatchBaseline")
         .name("name")
         // the properties below are optional
         .approvalRules(RuleGroupProperty.builder()
                 .patchRules(List.of(RuleProperty.builder()
                         .approveAfterDays(123)
                         .approveUntilDate("approveUntilDate")
                         .complianceLevel("complianceLevel")
                         .enableNonSecurity(false)
                         .patchFilterGroup(PatchFilterGroupProperty.builder()
                                 .patchFilters(List.of(PatchFilterProperty.builder()
                                         .key("key")
                                         .values(List.of("values"))
                                         .build()))
                                 .build())
                         .build()))
                 .build())
         .approvedPatches(List.of("approvedPatches"))
         .approvedPatchesComplianceLevel("approvedPatchesComplianceLevel")
         .approvedPatchesEnableNonSecurity(false)
         .availableSecurityUpdatesComplianceStatus("availableSecurityUpdatesComplianceStatus")
         .defaultBaseline(false)
         .description("description")
         .globalFilters(PatchFilterGroupProperty.builder()
                 .patchFilters(List.of(PatchFilterProperty.builder()
                         .key("key")
                         .values(List.of("values"))
                         .build()))
                 .build())
         .operatingSystem("operatingSystem")
         .patchGroups(List.of("patchGroups"))
         .rejectedPatches(List.of("rejectedPatches"))
         .rejectedPatchesAction("rejectedPatchesAction")
         .sources(List.of(PatchSourceProperty.builder()
                 .configuration("configuration")
                 .name("name")
                 .products(List.of("products"))
                 .build()))
         .tags(List.of(CfnTag.builder()
                 .key("key")
                 .value("value")
                 .build()))
         .build();

See Also:

  • Field Details

    • CFN_RESOURCE_TYPE_NAME

      @Stability(Stable) public static final String CFN_RESOURCE_TYPE_NAME
      The CloudFormation resource type name for this resource class.

  • Constructor Details

    • CfnPatchBaseline

      protected CfnPatchBaseline(software.amazon.jsii.JsiiObjectRef objRef)

    • CfnPatchBaseline

      protected CfnPatchBaseline(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • CfnPatchBaseline

      @Stability(Stable) public CfnPatchBaseline(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull CfnPatchBaselineProps props)
      Create a new AWS::SSM::PatchBaseline.

      Parameters:
      scope - Scope in which this resource is defined. This parameter is required.
      id - Construct identifier for this resource (unique in its scope). This parameter is required.
      props - Resource properties. This parameter is required.

  • Method Details

    • isCfnPatchBaseline

      @Stability(Stable) @NotNull public static Boolean isCfnPatchBaseline(@NotNull Object x)
      Checks whether the given object is a CfnPatchBaseline.

      Parameters:
      x - This parameter is required.

    • inspect

      @Stability(Stable) public void inspect(@NotNull TreeInspector inspector)
      Examines the CloudFormation resource and discloses attributes.

      Specified by:
      inspect in interface IInspectable
      Parameters:
      inspector - tree inspector to collect and process attributes. This parameter is required.

    • renderProperties

      @Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String,Object> props)
      Overrides:
      renderProperties in class CfnResource
      Parameters:
      props - This parameter is required.

    • getAttrId

      @Stability(Stable) @NotNull public String getAttrId()
      The ID of the patch baseline.

    • getCfnProperties

      @Stability(Stable) @NotNull protected Map<String,Object> getCfnProperties()
      Overrides:
      getCfnProperties in class CfnResource

    • getPatchBaselineRef

      @Stability(Stable) @NotNull public PatchBaselineReference getPatchBaselineRef()
      A reference to a PatchBaseline resource.
      Specified by:
      getPatchBaselineRef in interface IPatchBaselineRef

    • getTags

      @Stability(Stable) @NotNull public TagManager getTags()
      Tag Manager which manages the tags for this resource.
      Specified by:
      getTags in interface ITaggable

    • getName

      @Stability(Stable) @NotNull public String getName()
      The name of the patch baseline.

    • setName

      @Stability(Stable) public void setName(@NotNull String value)
      The name of the patch baseline.

    • getApprovalRules

      @Stability(Stable) @Nullable public Object getApprovalRules()
      A set of rules used to include patches in the baseline.

      Returns union: either IResolvable or CfnPatchBaseline.RuleGroupProperty

    • setApprovalRules

      @Stability(Stable) public void setApprovalRules(@Nullable IResolvable value)
      A set of rules used to include patches in the baseline.

    • setApprovalRules

      @Stability(Stable) public void setApprovalRules(@Nullable CfnPatchBaseline.RuleGroupProperty value)
      A set of rules used to include patches in the baseline.

    • getApprovedPatches

      @Stability(Stable) @Nullable public List<String> getApprovedPatches()
      A list of explicitly approved patches for the baseline.

    • setApprovedPatches

      @Stability(Stable) public void setApprovedPatches(@Nullable List<String> value)
      A list of explicitly approved patches for the baseline.

    • getApprovedPatchesComplianceLevel

      @Stability(Stable) @Nullable public String getApprovedPatchesComplianceLevel()
      Defines the compliance level for approved patches.

    • setApprovedPatchesComplianceLevel

      @Stability(Stable) public void setApprovedPatchesComplianceLevel(@Nullable String value)
      Defines the compliance level for approved patches.

    • getApprovedPatchesEnableNonSecurity

      @Stability(Stable) @Nullable public Object getApprovedPatchesEnableNonSecurity()
      Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes.

      Returns union: either Boolean or IResolvable

    • setApprovedPatchesEnableNonSecurity

      @Stability(Stable) public void setApprovedPatchesEnableNonSecurity(@Nullable Boolean value)
      Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes.

    • setApprovedPatchesEnableNonSecurity

      @Stability(Stable) public void setApprovedPatchesEnableNonSecurity(@Nullable IResolvable value)
      Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes.

    • getAvailableSecurityUpdatesComplianceStatus

      @Stability(Stable) @Nullable public String getAvailableSecurityUpdatesComplianceStatus()
      Indicates the status you want to assign to security patches that are available but not approved because they don't meet the installation criteria specified in the patch baseline.

    • setAvailableSecurityUpdatesComplianceStatus

      @Stability(Stable) public void setAvailableSecurityUpdatesComplianceStatus(@Nullable String value)
      Indicates the status you want to assign to security patches that are available but not approved because they don't meet the installation criteria specified in the patch baseline.

    • getDefaultBaseline

      @Stability(Stable) @Nullable public Object getDefaultBaseline()
      Indicates whether this is the default baseline.

      Returns union: either Boolean or IResolvable

    • setDefaultBaseline

      @Stability(Stable) public void setDefaultBaseline(@Nullable Boolean value)
      Indicates whether this is the default baseline.

    • setDefaultBaseline

      @Stability(Stable) public void setDefaultBaseline(@Nullable IResolvable value)
      Indicates whether this is the default baseline.

    • getDescription

      @Stability(Stable) @Nullable public String getDescription()
      A description of the patch baseline.

    • setDescription

      @Stability(Stable) public void setDescription(@Nullable String value)
      A description of the patch baseline.

    • getGlobalFilters

      @Stability(Stable) @Nullable public Object getGlobalFilters()
      A set of global filters used to include patches in the baseline.

      Returns union: either IResolvable or CfnPatchBaseline.PatchFilterGroupProperty

    • setGlobalFilters

      @Stability(Stable) public void setGlobalFilters(@Nullable IResolvable value)
      A set of global filters used to include patches in the baseline.

    • setGlobalFilters

      @Stability(Stable) public void setGlobalFilters(@Nullable CfnPatchBaseline.PatchFilterGroupProperty value)
      A set of global filters used to include patches in the baseline.

    • getOperatingSystem

      @Stability(Stable) @Nullable public String getOperatingSystem()
      Defines the operating system the patch baseline applies to.

    • setOperatingSystem

      @Stability(Stable) public void setOperatingSystem(@Nullable String value)
      Defines the operating system the patch baseline applies to.

    • getPatchGroups

      @Stability(Stable) @Nullable public List<String> getPatchGroups()
      The name of the patch group to be registered with the patch baseline.

    • setPatchGroups

      @Stability(Stable) public void setPatchGroups(@Nullable List<String> value)
      The name of the patch group to be registered with the patch baseline.

    • getRejectedPatches

      @Stability(Stable) @Nullable public List<String> getRejectedPatches()
      A list of explicitly rejected patches for the baseline.

    • setRejectedPatches

      @Stability(Stable) public void setRejectedPatches(@Nullable List<String> value)
      A list of explicitly rejected patches for the baseline.

    • getRejectedPatchesAction

      @Stability(Stable) @Nullable public String getRejectedPatchesAction()
      The action for Patch Manager to take on patches included in the RejectedPackages list.

    • setRejectedPatchesAction

      @Stability(Stable) public void setRejectedPatchesAction(@Nullable String value)
      The action for Patch Manager to take on patches included in the RejectedPackages list.

    • getSources

      @Stability(Stable) @Nullable public Object getSources()
      Information about the patches to use to update the managed nodes, including target operating systems and source repositories.

      Returns union: either IResolvable or Listinvalid input: '<'either IResolvable or CfnPatchBaseline.PatchSourceProperty>

    • setSources

      @Stability(Stable) public void setSources(@Nullable IResolvable value)
      Information about the patches to use to update the managed nodes, including target operating systems and source repositories.

    • setSources

      @Stability(Stable) public void setSources(@Nullable List<Object> value)
      Information about the patches to use to update the managed nodes, including target operating systems and source repositories.

    • getTagsRaw

      @Stability(Stable) @Nullable public List<CfnTag> getTagsRaw()
      Optional metadata that you assign to a resource.

    • setTagsRaw

      @Stability(Stable) public void setTagsRaw(@Nullable List<CfnTag> value)
      Optional metadata that you assign to a resource.