Skip to content

/AWS1/IF_SSM=>DESCRIBEAVAILABLEPATCHES()

About DescribeAvailablePatches

Lists all patches eligible to be included in a patch baseline.

Currently, DescribeAvailablePatches supports only the Amazon Linux 1, Amazon Linux 2, and Windows Server operating systems.

Method Signature

METHODS /AWS1/IF_SSM~DESCRIBEAVAILABLEPATCHES
  IMPORTING
    !IT_FILTERS TYPE /AWS1/CL_SSMPATCHORCHESTRATO00=>TT_PATCHORCHESTRATORFILTERLIST OPTIONAL
    !IV_MAXRESULTS TYPE /AWS1/SSMPATCHBASELINEMAXRSLTS OPTIONAL
    !IV_NEXTTOKEN TYPE /AWS1/SSMNEXTTOKEN OPTIONAL
  RETURNING
    VALUE(OO_OUTPUT) TYPE REF TO /aws1/cl_ssmdscavailablepatc01
  RAISING
    /AWS1/CX_SSMINTERNALSERVERERR
    /AWS1/CX_SSMCLIENTEXC
    /AWS1/CX_SSMSERVEREXC
    /AWS1/CX_RT_TECHNICAL_GENERIC
    /AWS1/CX_RT_SERVICE_GENERIC.

IMPORTING

Optional arguments:

it_filters TYPE /AWS1/CL_SSMPATCHORCHESTRATO00=>TT_PATCHORCHESTRATORFILTERLIST TT_PATCHORCHESTRATORFILTERLIST

Each element in the array is a structure containing a key-value pair.

Windows Server

Supported keys for Windows Server managed node patches include the following:

  • PATCH_SET

    Sample values: OS | APPLICATION

  • PRODUCT

    Sample values: WindowsServer2012 | Office 2010 | MicrosoftDefenderAntivirus

  • PRODUCT_FAMILY

    Sample values: Windows | Office

  • MSRC_SEVERITY

    Sample values: ServicePacks | Important | Moderate

  • CLASSIFICATION

    Sample values: ServicePacks | SecurityUpdates | DefinitionUpdates

  • PATCH_ID

    Sample values: KB123456 | KB4516046

Linux

When specifying filters for Linux patches, you must specify a key-pair for PRODUCT. For example, using the Command Line Interface (CLI), the following command fails:

aws ssm describe-available-patches --filters Key=CVE_ID,Values=CVE-2018-3615

However, the following command succeeds:

aws ssm describe-available-patches --filters Key=PRODUCT,Values=AmazonLinux2018.03 Key=CVE_ID,Values=CVE-2018-3615

Supported keys for Linux managed node patches include the following:

  • PRODUCT

    Sample values: AmazonLinux2018.03 | AmazonLinux2.0

  • NAME

    Sample values: kernel-headers | samba-python | php

  • SEVERITY

    Sample values: Critical | Important | Medium | Low

  • EPOCH

    Sample values: 0 | 1

  • VERSION

    Sample values: 78.6.1 | 4.10.16

  • RELEASE

    Sample values: 9.56.amzn1 | 1.amzn2

  • ARCH

    Sample values: i686 | x86_64

  • REPOSITORY

    Sample values: Core | Updates

  • ADVISORY_ID

    Sample values: ALAS-2018-1058 | ALAS2-2021-1594

  • CVE_ID

    Sample values: CVE-2018-3615 | CVE-2020-1472

  • BUGZILLA_ID

    Sample values: 1463241

iv_maxresults TYPE /AWS1/SSMPATCHBASELINEMAXRSLTS /AWS1/SSMPATCHBASELINEMAXRSLTS

The maximum number of patches to return (per page).

iv_nexttoken TYPE /AWS1/SSMNEXTTOKEN /AWS1/SSMNEXTTOKEN

The token for the next set of items to return. (You received this token from a previous call.)

RETURNING

oo_output TYPE REF TO /aws1/cl_ssmdscavailablepatc01 /AWS1/CL_SSMDSCAVAILABLEPATC01

Domain /AWS1/RT_ACCOUNT_ID
Primitive Type NUMC

Examples

Syntax Example

This is an example of the syntax for calling the method. It includes every possible argument and initializes every possible value. The data provided is not necessarily semantically accurate (for example the value "string" may be provided for something that is intended to be an instance ID, or in some cases two arguments may be mutually exclusive). The syntax shows the ABAP syntax for creating the various data structures.

DATA(lo_result) = lo_client->describeavailablepatches(
  it_filters = VALUE /aws1/cl_ssmpatchorchestrato00=>tt_patchorchestratorfilterlist(
    (
      new /aws1/cl_ssmpatchorchestrato00(
        it_values = VALUE /aws1/cl_ssmpatchorchestrato01=>tt_patchorchestratorfiltvalues(
          ( new /aws1/cl_ssmpatchorchestrato01( |string| ) )
        )
        iv_key = |string|
      )
    )
  )
  iv_maxresults = 123
  iv_nexttoken = |string|
).

This is an example of reading all possible response values

lo_result = lo_result.
IF lo_result IS NOT INITIAL.
  LOOP AT lo_result->get_patches( ) into lo_row.
    lo_row_1 = lo_row.
    IF lo_row_1 IS NOT INITIAL.
      lv_patchid = lo_row_1->get_id( ).
      lv_datetime = lo_row_1->get_releasedate( ).
      lv_patchtitle = lo_row_1->get_title( ).
      lv_patchdescription = lo_row_1->get_description( ).
      lv_patchcontenturl = lo_row_1->get_contenturl( ).
      lv_patchvendor = lo_row_1->get_vendor( ).
      lv_patchproductfamily = lo_row_1->get_productfamily( ).
      lv_patchproduct = lo_row_1->get_product( ).
      lv_patchclassification = lo_row_1->get_classification( ).
      lv_patchmsrcseverity = lo_row_1->get_msrcseverity( ).
      lv_patchkbnumber = lo_row_1->get_kbnumber( ).
      lv_patchmsrcnumber = lo_row_1->get_msrcnumber( ).
      lv_patchlanguage = lo_row_1->get_language( ).
      LOOP AT lo_row_1->get_advisoryids( ) into lo_row_2.
        lo_row_3 = lo_row_2.
        IF lo_row_3 IS NOT INITIAL.
          lv_patchadvisoryid = lo_row_3->get_value( ).
        ENDIF.
      ENDLOOP.
      LOOP AT lo_row_1->get_bugzillaids( ) into lo_row_4.
        lo_row_5 = lo_row_4.
        IF lo_row_5 IS NOT INITIAL.
          lv_patchbugzillaid = lo_row_5->get_value( ).
        ENDIF.
      ENDLOOP.
      LOOP AT lo_row_1->get_cveids( ) into lo_row_6.
        lo_row_7 = lo_row_6.
        IF lo_row_7 IS NOT INITIAL.
          lv_patchcveid = lo_row_7->get_value( ).
        ENDIF.
      ENDLOOP.
      lv_patchname = lo_row_1->get_name( ).
      lv_patchepoch = lo_row_1->get_epoch( ).
      lv_patchversion = lo_row_1->get_version( ).
      lv_patchrelease = lo_row_1->get_release( ).
      lv_patcharch = lo_row_1->get_arch( ).
      lv_patchseverity = lo_row_1->get_severity( ).
      lv_patchrepository = lo_row_1->get_repository( ).
    ENDIF.
  ENDLOOP.
  lv_nexttoken = lo_result->get_nexttoken( ).
ENDIF.