/

The Amazon SSM multi-region endpoint

http://ssm.{region}.amazonaws.com

POST

Modifies an existing patch baseline. Fields not specified in the request are left unchanged.

Request Example

Shell

JavaScript

Java

Swift

curl --location -g --request POST 'http://ssm.{region}.amazonaws.com/' \
--header 'X-Amz-Target;' \
--header 'Content-Type: application/json' \
--data-raw '{
    "BaselineId": "string",
    "Name": "string",
    "GlobalFilters": {
        "PatchFilters": []
    },
    "ApprovalRules": {
        "PatchRules": []
    },
    "ApprovedPatches": [],
    "ApprovedPatchesComplianceLevel": "CRITICAL",
    "ApprovedPatchesEnableNonSecurity": true,
    "RejectedPatches": [],
    "RejectedPatchesAction": "ALLOW_AS_DEPENDENCY",
    "Description": "string",
    "Sources": [],
    "Replace": true
}'

Response Example

200 - Example 1

{
    "BaselineId": "string",
    "Name": "string",
    "OperatingSystem": "WINDOWS",
    "GlobalFilters": {
        "PatchFilters": []
    },
    "ApprovalRules": {
        "PatchRules": []
    },
    "ApprovedPatches": [],
    "ApprovedPatchesComplianceLevel": "CRITICAL",
    "ApprovedPatchesEnableNonSecurity": true,
    "RejectedPatches": [],
    "RejectedPatchesAction": "ALLOW_AS_DEPENDENCY",
    "CreatedDate": "string",
    "ModifiedDate": "string",
    "Description": "string",
    "Sources": []
}

Request

Header Params

X-Amz-Target

string

required

Body Params application/json

BaselineId

string

required

The ID of the patch baseline to update.

>= 20 characters<= 128 characters

Match pattern:

^[a-zA-Z0-9_\-:/]{20,128}$

Name

string

optional

The name of the patch baseline.

>= 3 characters<= 128 characters

Match pattern:

^[a-zA-Z0-9_\-.]{3,128}$

GlobalFilters

object

optional

A set of global filters used to include patches in the baseline.

PatchFilters

array [object]

required

The set of patch filters that make up the group.

>= 0 items<= 4 items

ApprovalRules

object

optional

A set of rules used to include patches in the baseline.

PatchRules

array[object (PatchRule) {5}]

required

The rules that make up the rule group.

>= 0 items<= 10 items

ApprovedPatches

array[string]

optional

A list of explicitly approved patches for the baseline.

For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.

>= 0 items<= 50 items

ApprovedPatchesComplianceLevel

enum<string>

optional

Assigns a new compliance severity level to an existing patch baseline.

Allowed values:

CRITICALHIGHMEDIUMLOWINFORMATIONALUNSPECIFIED

ApprovedPatchesEnableNonSecurity

boolean

optional

Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes. The default value is false. Applies to Linux managed nodes only.

RejectedPatches

array[string]

optional

A list of explicitly rejected patches for the baseline.

>= 0 items<= 50 items

RejectedPatchesAction

enum<string>

optional

The action for Patch Manager to take on patches included in the RejectedPackages list.

ALLOW_AS_DEPENDENCY : A package in the Rejected patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported as InstalledOther. This is the default action if no option is specified.
BLOCK : Packages in the RejectedPatches list, and packages that include them as dependencies, aren't installed under any circumstances. If a package was installed before it was added to the Rejected patches list, it is considered non-compliant with the patch baseline, and its status is reported as InstalledRejected.

Allowed values:

ALLOW_AS_DEPENDENCYBLOCK

Description

string

optional

A description of the patch baseline.

>= 1 characters<= 1024 characters

Sources

array[object (PatchSource) {3}]

optional

Information about the patches to use to update the managed nodes, including target operating systems and source repositories. Applies to Linux managed nodes only.

>= 0 items<= 20 items

Name

string

required

The name specified to identify the patch source.

Match pattern:

^[a-zA-Z0-9_\-.]{3,50}$

Products

array[string]

required

The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "AmazonLinux2016.09", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter.

>= 1 items<= 20 items

Configuration

string <password>

required

The value of the yum repo configuration. For example:

[main]

name=MyCustomRepository

baseurl=https://my-custom-repository

enabled=1

>= 1 characters<= 1024 characters

Replace

boolean

optional

If True, then all fields that are required by the CreatePatchBaseline operation are also required for this API request. Optional fields that aren't specified are set to null.

Examples

Responses

🟢200Success

application/json

Body

BaselineId

string

optional

The ID of the deleted patch baseline.

>= 20 characters<= 128 characters

Match pattern:

^[a-zA-Z0-9_\-:/]{20,128}$

Name

string

optional

The name of the patch baseline.

>= 3 characters<= 128 characters

Match pattern:

^[a-zA-Z0-9_\-.]{3,128}$

OperatingSystem

enum<string>

optional

The operating system rule used by the updated patch baseline.

Allowed values:

WINDOWSAMAZON_LINUXAMAZON_LINUX_2AMAZON_LINUX_2022UBUNTUREDHAT_ENTERPRISE_LINUXSUSECENTOSORACLE_LINUXDEBIANMACOSRASPBIANROCKY_LINUXALMA_LINUXAMAZON_LINUX_2023

GlobalFilters

object

optional

A set of global filters used to exclude patches from the baseline.

PatchFilters

array [object]

required

The set of patch filters that make up the group.

>= 0 items<= 4 items

ApprovalRules

object

optional

A set of rules used to include patches in the baseline.

PatchRules

array[object (PatchRule) {5}]

required

The rules that make up the rule group.

>= 0 items<= 10 items

ApprovedPatches

array[string]

optional

A list of explicitly approved patches for the baseline.

>= 0 items<= 50 items

ApprovedPatchesComplianceLevel

enum<string>

optional

The compliance severity level assigned to the patch baseline after the update completed.

Allowed values:

CRITICALHIGHMEDIUMLOWINFORMATIONALUNSPECIFIED

ApprovedPatchesEnableNonSecurity

boolean

optional

Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes. The default value is false. Applies to Linux managed nodes only.

RejectedPatches

array[string]

optional

A list of explicitly rejected patches for the baseline.

>= 0 items<= 50 items

RejectedPatchesAction

enum<string>

optional

The action specified to take on patches included in the RejectedPatches list. A patch can be allowed only if it is a dependency of another package, or blocked entirely along with packages that include it as a dependency.

Allowed values:

ALLOW_AS_DEPENDENCYBLOCK

CreatedDate

string <date-time>

optional

The date when the patch baseline was created.

ModifiedDate

string <date-time>

optional

The date when the patch baseline was last modified.

Description

string

optional

A description of the patch baseline.

>= 1 characters<= 1024 characters

Sources

array[object (PatchSource) {3}]

optional

Information about the patches to use to update the managed nodes, including target operating systems and source repositories. Applies to Linux managed nodes only.

>= 0 items<= 20 items

Name

string

required

The name specified to identify the patch source.

Match pattern:

^[a-zA-Z0-9_\-.]{3,50}$

Products

array[string]

required

>= 1 items<= 20 items

Configuration

string <password>

required

The value of the yum repo configuration. For example:

[main]

name=MyCustomRepository

baseurl=https://my-custom-repository

enabled=1

>= 1 characters<= 1024 characters

🟠480DoesNotExistException

🟠481InternalServerError