/AWS1/CL_SSMPATCHRULE¶
Defines an approval rule for a patch baseline.
CONSTRUCTOR¶
IMPORTING¶
Required arguments:¶
io_patchfiltergroup TYPE REF TO /AWS1/CL_SSMPATCHFILTERGROUP /AWS1/CL_SSMPATCHFILTERGROUP¶
The patch filter group that defines the criteria for the rule.
Optional arguments:¶
iv_compliancelevel TYPE /AWS1/SSMPATCHCOMPLIANCELEVEL /AWS1/SSMPATCHCOMPLIANCELEVEL¶
A compliance severity level for all approved patches in a patch baseline.
iv_approveafterdays TYPE /AWS1/SSMAPPROVEAFTERDAYS /AWS1/SSMAPPROVEAFTERDAYS¶
The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of
7means that patches are approved seven days after they are released.Patch Manager evaluates patch release dates using Coordinated Universal Time (UTC). If the day represented by
7is2025-11-16, patches released between2025-11-16T00:00:00Zand2025-11-16T23:59:59Zwill be included in the approval.This parameter is marked as
Required: No, but your request must include a value for eitherApproveAfterDaysorApproveUntilDate.Not supported for Debian Server or Ubuntu Server.
Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the Amazon Web Services Systems Manager User Guide.
iv_approveuntildate TYPE /AWS1/SSMPATCHSTRINGDATETIME /AWS1/SSMPATCHSTRINGDATETIME¶
The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.
Enter dates in the format
YYYY-MM-DD. For example,2025-11-16.Patch Manager evaluates patch release dates using Coordinated Universal Time (UTC). If you enter the date
2025-11-16, patches released between2025-11-16T00:00:00Zand2025-11-16T23:59:59Zwill be included in the approval.This parameter is marked as
Required: No, but your request must include a value for eitherApproveUntilDateorApproveAfterDays.Not supported for Debian Server or Ubuntu Server.
Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the Amazon Web Services Systems Manager User Guide.
iv_enablenonsecurity TYPE /AWS1/SSMBOOLEAN /AWS1/SSMBOOLEAN¶
For managed nodes identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is
false. Applies to Linux managed nodes only.
Queryable Attributes¶
PatchFilterGroup¶
The patch filter group that defines the criteria for the rule.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_PATCHFILTERGROUP() |
Getter for PATCHFILTERGROUP |
ComplianceLevel¶
A compliance severity level for all approved patches in a patch baseline.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_COMPLIANCELEVEL() |
Getter for COMPLIANCELEVEL, with configurable default |
ASK_COMPLIANCELEVEL() |
Getter for COMPLIANCELEVEL w/ exceptions if field has no val |
HAS_COMPLIANCELEVEL() |
Determine if COMPLIANCELEVEL has a value |
ApproveAfterDays¶
The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of
7means that patches are approved seven days after they are released.Patch Manager evaluates patch release dates using Coordinated Universal Time (UTC). If the day represented by
7is2025-11-16, patches released between2025-11-16T00:00:00Zand2025-11-16T23:59:59Zwill be included in the approval.This parameter is marked as
Required: No, but your request must include a value for eitherApproveAfterDaysorApproveUntilDate.Not supported for Debian Server or Ubuntu Server.
Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the Amazon Web Services Systems Manager User Guide.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_APPROVEAFTERDAYS() |
Getter for APPROVEAFTERDAYS, with configurable default |
ASK_APPROVEAFTERDAYS() |
Getter for APPROVEAFTERDAYS w/ exceptions if field has no va |
HAS_APPROVEAFTERDAYS() |
Determine if APPROVEAFTERDAYS has a value |
ApproveUntilDate¶
The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.
Enter dates in the format
YYYY-MM-DD. For example,2025-11-16.Patch Manager evaluates patch release dates using Coordinated Universal Time (UTC). If you enter the date
2025-11-16, patches released between2025-11-16T00:00:00Zand2025-11-16T23:59:59Zwill be included in the approval.This parameter is marked as
Required: No, but your request must include a value for eitherApproveUntilDateorApproveAfterDays.Not supported for Debian Server or Ubuntu Server.
Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the Amazon Web Services Systems Manager User Guide.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_APPROVEUNTILDATE() |
Getter for APPROVEUNTILDATE, with configurable default |
ASK_APPROVEUNTILDATE() |
Getter for APPROVEUNTILDATE w/ exceptions if field has no va |
HAS_APPROVEUNTILDATE() |
Determine if APPROVEUNTILDATE has a value |
EnableNonSecurity¶
For managed nodes identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is
false. Applies to Linux managed nodes only.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_ENABLENONSECURITY() |
Getter for ENABLENONSECURITY, with configurable default |
ASK_ENABLENONSECURITY() |
Getter for ENABLENONSECURITY w/ exceptions if field has no v |
HAS_ENABLENONSECURITY() |
Determine if ENABLENONSECURITY has a value |
Public Local Types In This Class¶
Internal table types, representing arrays and maps of this class, are defined as local types:
TT_PATCHRULELIST¶
TYPES TT_PATCHRULELIST TYPE STANDARD TABLE OF REF TO /AWS1/CL_SSMPATCHRULE WITH DEFAULT KEY
.