CfnPatchBaseline (software.amazon.awscdk:aws-cdk-lib 2.42.1 API)

java.lang.Object
- software.amazon.jsii.JsiiObject
- - software.constructs.Construct
  - - software.amazon.awscdk.CfnElement
    - - software.amazon.awscdk.CfnRefElement
      - software.amazon.awscdk.CfnResource
        
        software.amazon.awscdk.services.ssm.CfnPatchBaseline

All Implemented Interfaces:: IInspectable, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable

@Generated(value="jsii-pacmak/1.67.0 (build 2c027f5)",
           date="2022-09-19T20:26:42.321Z")
 @Stability(value=Stable)
public class CfnPatchBaseline
extends CfnResource
implements IInspectable

A CloudFormation `AWS::SSM::PatchBaseline`.

The AWS::SSM::PatchBaseline resource defines the basic information for an AWS Systems Manager patch baseline. A patch baseline defines which patches are approved for installation on your instances.

For more information, see CreatePatchBaseline in the AWS Systems Manager API Reference .

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.ssm.*;
 CfnPatchBaseline cfnPatchBaseline = CfnPatchBaseline.Builder.create(this, "MyCfnPatchBaseline")
         .name("name")
         // the properties below are optional
         .approvalRules(RuleGroupProperty.builder()
                 .patchRules(List.of(RuleProperty.builder()
                         .approveAfterDays(123)
                         .approveUntilDate("approveUntilDate")
                         .complianceLevel("complianceLevel")
                         .enableNonSecurity(false)
                         .patchFilterGroup(PatchFilterGroupProperty.builder()
                                 .patchFilters(List.of(PatchFilterProperty.builder()
                                         .key("key")
                                         .values(List.of("values"))
                                         .build()))
                                 .build())
                         .build()))
                 .build())
         .approvedPatches(List.of("approvedPatches"))
         .approvedPatchesComplianceLevel("approvedPatchesComplianceLevel")
         .approvedPatchesEnableNonSecurity(false)
         .description("description")
         .globalFilters(PatchFilterGroupProperty.builder()
                 .patchFilters(List.of(PatchFilterProperty.builder()
                         .key("key")
                         .values(List.of("values"))
                         .build()))
                 .build())
         .operatingSystem("operatingSystem")
         .patchGroups(List.of("patchGroups"))
         .rejectedPatches(List.of("rejectedPatches"))
         .rejectedPatchesAction("rejectedPatchesAction")
         .sources(List.of(PatchSourceProperty.builder()
                 .configuration("configuration")
                 .name("name")
                 .products(List.of("products"))
                 .build()))
         .tags(List.of(CfnTag.builder()
                 .key("key")
                 .value("value")
                 .build()))
         .build();

Nested Class Summary

Nested Classes
Modifier and Type	Class and Description
`static class`	`CfnPatchBaseline.Builder` A fluent builder for `CfnPatchBaseline`.
`static interface`	`CfnPatchBaseline.PatchFilterGroupProperty` The `PatchFilterGroup` property type specifies a set of patch filters for an AWS Systems Manager patch baseline, typically used for approval rules for a Systems Manager patch baseline.
`static interface`	`CfnPatchBaseline.PatchFilterProperty` The `PatchFilter` property type defines a patch filter for an AWS Systems Manager patch baseline.
`static interface`	`CfnPatchBaseline.PatchSourceProperty` `PatchSource` is the property type for the `Sources` resource of the [AWS::SSM::PatchBaseline](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-patchbaseline.html) resource.
`static interface`	`CfnPatchBaseline.RuleGroupProperty` The `RuleGroup` property type specifies a set of rules that define the approval rules for an AWS Systems Manager patch baseline.
`static interface`	`CfnPatchBaseline.RuleProperty` The `Rule` property type specifies an approval rule for a Systems Manager patch baseline.

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject
software.amazon.jsii.JsiiObject.InitializationMode

Nested classes/interfaces inherited from interface software.amazon.awscdk.IInspectable
IInspectable.Jsii$Default, IInspectable.Jsii$Proxy

Nested classes/interfaces inherited from interface software.constructs.IConstruct
software.constructs.IConstruct.Jsii$Default

Field Summary

Fields
Modifier and Type Field and Description

static String CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.

Fields
Modifier and Type	Field and Description
`static String`	`CFN_RESOURCE_TYPE_NAME` The CloudFormation resource type name for this resource class.

Constructor Summary

Constructors
Modifier	Constructor and Description
	`CfnPatchBaseline(software.constructs.Construct scope, String id, CfnPatchBaselineProps props)` Create a new `AWS::SSM::PatchBaseline`.
`protected`	`CfnPatchBaseline(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)`
`protected`	`CfnPatchBaseline(software.amazon.jsii.JsiiObjectRef objRef)`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`Object`	`getApprovalRules()` A set of rules used to include patches in the baseline.
`List<String>`	`getApprovedPatches()` A list of explicitly approved patches for the baseline.
`String`	`getApprovedPatchesComplianceLevel()` Defines the compliance level for approved patches.
`Object`	`getApprovedPatchesEnableNonSecurity()` Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes.
`protected Map<String,Object>`	`getCfnProperties()`
`String`	`getDescription()` A description of the patch baseline.
`Object`	`getGlobalFilters()` A set of global filters used to include patches in the baseline.
`String`	`getName()` The name of the patch baseline.
`String`	`getOperatingSystem()` Defines the operating system the patch baseline applies to.
`List<String>`	`getPatchGroups()` The name of the patch group to be registered with the patch baseline.
`List<String>`	`getRejectedPatches()` A list of explicitly rejected patches for the baseline.
`String`	`getRejectedPatchesAction()` The action for Patch Manager to take on patches included in the `RejectedPackages` list.
`Object`	`getSources()` Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
`TagManager`	`getTags()` Optional metadata that you assign to a resource.
`void`	`inspect(TreeInspector inspector)` Examines the CloudFormation resource and discloses attributes.
`protected Map<String,Object>`	`renderProperties(Map<String,Object> props)`
`void`	`setApprovalRules(CfnPatchBaseline.RuleGroupProperty value)` A set of rules used to include patches in the baseline.
`void`	`setApprovalRules(IResolvable value)` A set of rules used to include patches in the baseline.
`void`	`setApprovedPatches(List<String> value)` A list of explicitly approved patches for the baseline.
`void`	`setApprovedPatchesComplianceLevel(String value)` Defines the compliance level for approved patches.
`void`	`setApprovedPatchesEnableNonSecurity(Boolean value)` Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes.
`void`	`setApprovedPatchesEnableNonSecurity(IResolvable value)` Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes.
`void`	`setDescription(String value)` A description of the patch baseline.
`void`	`setGlobalFilters(CfnPatchBaseline.PatchFilterGroupProperty value)` A set of global filters used to include patches in the baseline.
`void`	`setGlobalFilters(IResolvable value)` A set of global filters used to include patches in the baseline.
`void`	`setName(String value)` The name of the patch baseline.
`void`	`setOperatingSystem(String value)` Defines the operating system the patch baseline applies to.
`void`	`setPatchGroups(List<String> value)` The name of the patch group to be registered with the patch baseline.
`void`	`setRejectedPatches(List<String> value)` A list of explicitly rejected patches for the baseline.
`void`	`setRejectedPatchesAction(String value)` The action for Patch Manager to take on patches included in the `RejectedPackages` list.
`void`	`setSources(IResolvable value)` Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
`void`	`setSources(List<Object> value)` Information about the patches to use to update the managed nodes, including target operating systems and source repositories.

Methods inherited from class software.amazon.awscdk.CfnResource
addDeletionOverride, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, getUpdatedProperties, isCfnResource, shouldSynthesize, toString, validateProperties

Methods inherited from class software.amazon.awscdk.CfnRefElement
getRef

Methods inherited from class software.amazon.awscdk.CfnElement
getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId

Methods inherited from class software.constructs.Construct
getNode, isConstruct

Methods inherited from class software.amazon.jsii.JsiiObject
jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson

- Field Detail
  - CFN_RESOURCE_TYPE_NAME
```
@Stability(value=Stable)
public static final String CFN_RESOURCE_TYPE_NAME
```
    The CloudFormation resource type name for this resource class.
- Constructor Detail
  - CfnPatchBaseline
```
protected CfnPatchBaseline(software.amazon.jsii.JsiiObjectRef objRef)
```
  - CfnPatchBaseline
```
protected CfnPatchBaseline(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
```
  - CfnPatchBaseline
```
@Stability(value=Stable)
public CfnPatchBaseline(@NotNull
                                                 software.constructs.Construct scope,
                                                 @NotNull
                                                 String id,
                                                 @NotNull
                                                 CfnPatchBaselineProps props)
```
    Create a new `AWS::SSM::PatchBaseline`.
    
    Parameters:
    
    scope - - scope in which this resource is defined. This parameter is required.
    
    id - - scoped id of the resource. This parameter is required.
    
    props - - resource properties. This parameter is required.
- Method Detail
  - inspect
```
@Stability(value=Stable)
public void inspect(@NotNull
                                             TreeInspector inspector)
```
    Examines the CloudFormation resource and discloses attributes.
    
    Specified by:
    
    inspect in interface IInspectable
    
    Parameters:
    
    inspector - - tree inspector to collect and process attributes. This parameter is required.
  - renderProperties
```
@Stability(value=Stable)
 @NotNull
protected Map<String,Object> renderProperties(@NotNull
                                                                                 Map<String,Object> props)
```
    Overrides:
    
    renderProperties in class CfnResource
    
    Parameters:
    
    props - This parameter is required.
  - getCfnProperties
```
@Stability(value=Stable)
 @NotNull
protected Map<String,Object> getCfnProperties()
```
    Overrides:
    
    getCfnProperties in class CfnResource
  - getTags
```
@Stability(value=Stable)
 @NotNull
public TagManager getTags()
```
    Optional metadata that you assign to a resource.
    Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a patch baseline to identify the severity level of patches it specifies and the operating system family it applies to.
  - getName
```
@Stability(value=Stable)
 @NotNull
public String getName()
```
    The name of the patch baseline.
  - setName
```
@Stability(value=Stable)
public void setName(@NotNull
                                             String value)
```
    The name of the patch baseline.
  - getApprovalRules
```
@Stability(value=Stable)
 @Nullable
public Object getApprovalRules()
```
    A set of rules used to include patches in the baseline.
  - setApprovalRules
```
@Stability(value=Stable)
public void setApprovalRules(@Nullable
                                                      CfnPatchBaseline.RuleGroupProperty value)
```
    A set of rules used to include patches in the baseline.
  - setApprovalRules
```
@Stability(value=Stable)
public void setApprovalRules(@Nullable
                                                      IResolvable value)
```
    A set of rules used to include patches in the baseline.
  - getApprovedPatches
```
@Stability(value=Stable)
 @Nullable
public List<String> getApprovedPatches()
```
    A list of explicitly approved patches for the baseline.
    For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the AWS Systems Manager User Guide .
  - setApprovedPatches
```
@Stability(value=Stable)
public void setApprovedPatches(@Nullable
                                                        List<String> value)
```
    A list of explicitly approved patches for the baseline.
    For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the AWS Systems Manager User Guide .
  - getApprovedPatchesComplianceLevel
```
@Stability(value=Stable)
 @Nullable
public String getApprovedPatchesComplianceLevel()
```
    Defines the compliance level for approved patches.
    When an approved patch is reported as missing, this value describes the severity of the compliance violation. The default value is UNSPECIFIED .
  - setApprovedPatchesComplianceLevel
```
@Stability(value=Stable)
public void setApprovedPatchesComplianceLevel(@Nullable
                                                                       String value)
```
    Defines the compliance level for approved patches.
    When an approved patch is reported as missing, this value describes the severity of the compliance violation. The default value is UNSPECIFIED .
  - getApprovedPatchesEnableNonSecurity
```
@Stability(value=Stable)
 @Nullable
public Object getApprovedPatchesEnableNonSecurity()
```
    Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes.
    The default value is false . Applies to Linux managed nodes only.
  - setApprovedPatchesEnableNonSecurity
```
@Stability(value=Stable)
public void setApprovedPatchesEnableNonSecurity(@Nullable
                                                                         Boolean value)
```
    Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes.
    The default value is false . Applies to Linux managed nodes only.
  - setApprovedPatchesEnableNonSecurity
```
@Stability(value=Stable)
public void setApprovedPatchesEnableNonSecurity(@Nullable
                                                                         IResolvable value)
```
    Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes.
    The default value is false . Applies to Linux managed nodes only.
  - getDescription
```
@Stability(value=Stable)
 @Nullable
public String getDescription()
```
    A description of the patch baseline.
  - setDescription
```
@Stability(value=Stable)
public void setDescription(@Nullable
                                                    String value)
```
    A description of the patch baseline.
  - getGlobalFilters
```
@Stability(value=Stable)
 @Nullable
public Object getGlobalFilters()
```
    A set of global filters used to include patches in the baseline.
  - setGlobalFilters
```
@Stability(value=Stable)
public void setGlobalFilters(@Nullable
                                                      CfnPatchBaseline.PatchFilterGroupProperty value)
```
    A set of global filters used to include patches in the baseline.
  - setGlobalFilters
```
@Stability(value=Stable)
public void setGlobalFilters(@Nullable
                                                      IResolvable value)
```
    A set of global filters used to include patches in the baseline.
  - getOperatingSystem
```
@Stability(value=Stable)
 @Nullable
public String getOperatingSystem()
```
    Defines the operating system the patch baseline applies to.
    The default value is WINDOWS .
  - setOperatingSystem
```
@Stability(value=Stable)
public void setOperatingSystem(@Nullable
                                                        String value)
```
    Defines the operating system the patch baseline applies to.
    The default value is WINDOWS .
  - getPatchGroups
```
@Stability(value=Stable)
 @Nullable
public List<String> getPatchGroups()
```
    The name of the patch group to be registered with the patch baseline.
  - setPatchGroups
```
@Stability(value=Stable)
public void setPatchGroups(@Nullable
                                                    List<String> value)
```
    The name of the patch group to be registered with the patch baseline.
  - getRejectedPatches
```
@Stability(value=Stable)
 @Nullable
public List<String> getRejectedPatches()
```
    A list of explicitly rejected patches for the baseline.
    For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the AWS Systems Manager User Guide .
  - setRejectedPatches
```
@Stability(value=Stable)
public void setRejectedPatches(@Nullable
                                                        List<String> value)
```
    A list of explicitly rejected patches for the baseline.
    For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the AWS Systems Manager User Guide .
  - getRejectedPatchesAction
```
@Stability(value=Stable)
 @Nullable
public String getRejectedPatchesAction()
```
    The action for Patch Manager to take on patches included in the `RejectedPackages` list.
    - ALLOW_AS_DEPENDENCY : A package in the Rejected patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported as InstalledOther . This is the default action if no option is specified.
    - BLOCK : Packages in the RejectedPatches list, and packages that include them as dependencies, aren't installed under any circumstances. If a package was installed before it was added to the Rejected patches list, it is considered non-compliant with the patch baseline, and its status is reported as InstalledRejected .
  - setRejectedPatchesAction
```
@Stability(value=Stable)
public void setRejectedPatchesAction(@Nullable
                                                              String value)
```
    The action for Patch Manager to take on patches included in the `RejectedPackages` list.
    - ALLOW_AS_DEPENDENCY : A package in the Rejected patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported as InstalledOther . This is the default action if no option is specified.
    - BLOCK : Packages in the RejectedPatches list, and packages that include them as dependencies, aren't installed under any circumstances. If a package was installed before it was added to the Rejected patches list, it is considered non-compliant with the patch baseline, and its status is reported as InstalledRejected .
  - getSources
```
@Stability(value=Stable)
 @Nullable
public Object getSources()
```
    Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
    Applies to Linux managed nodes only.
  - setSources
```
@Stability(value=Stable)
public void setSources(@Nullable
                                                IResolvable value)
```
    Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
    Applies to Linux managed nodes only.
  - setSources
```
@Stability(value=Stable)
public void setSources(@Nullable
                                                List<Object> value)
```
    Information about the patches to use to update the managed nodes, including target operating systems and source repositories.
    Applies to Linux managed nodes only.

Class CfnPatchBaseline

Nested Class Summary

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

Nested classes/interfaces inherited from interface software.amazon.awscdk.IInspectable

Nested classes/interfaces inherited from interface software.constructs.IConstruct

Field Summary

Constructor Summary

Method Summary

Methods inherited from class software.amazon.awscdk.CfnResource

Methods inherited from class software.amazon.awscdk.CfnRefElement

Methods inherited from class software.amazon.awscdk.CfnElement

Methods inherited from class software.constructs.Construct

Methods inherited from class software.amazon.jsii.JsiiObject

Methods inherited from class java.lang.Object

Methods inherited from interface software.amazon.jsii.JsiiSerializable

Field Detail

CFN_RESOURCE_TYPE_NAME

Constructor Detail

CfnPatchBaseline

CfnPatchBaseline

CfnPatchBaseline

Method Detail

inspect

renderProperties

getCfnProperties

getTags

getName

setName

getApprovalRules

setApprovalRules

setApprovalRules

getApprovedPatches

setApprovedPatches

getApprovedPatchesComplianceLevel

setApprovedPatchesComplianceLevel

getApprovedPatchesEnableNonSecurity

setApprovedPatchesEnableNonSecurity

setApprovedPatchesEnableNonSecurity

getDescription

setDescription

getGlobalFilters

setGlobalFilters

setGlobalFilters

getOperatingSystem

setOperatingSystem

getPatchGroups

setPatchGroups

getRejectedPatches

setRejectedPatches

getRejectedPatchesAction

setRejectedPatchesAction

getSources

setSources

setSources