InstancePatchState
Defines the high-level patch compliance state for a managed node, providing information about the number of installed, missing, not applicable, and failed patches along with metadata about the operation when this information was gathered for the managed node.
Types
Properties
The ID of the patch baseline used to patch the managed node.
The number of patches per node that are specified as Critical for compliance reporting in the patch baseline aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required managed node reboot. The status of these managed nodes is NON_COMPLIANT.
The number of patches from the patch baseline that were attempted to be installed during the last patching operation, but failed to install.
The number of patches from the patch baseline that are installed on the managed node.
The number of patches not specified in the patch baseline that are installed on the managed node.
The number of patches installed by Patch Manager since the last time the managed node was rebooted.
The number of patches installed on a managed node that are specified in a RejectedPatches list. Patches with a status of InstalledRejected were typically installed before they were added to a RejectedPatches list.
An https URL or an Amazon Simple Storage Service (Amazon S3) path-style URL to a list of patches to be installed. This patch installation list, which you maintain in an S3 bucket in YAML format and specify in the SSM document AWS-RunPatchBaseline, overrides the patches specified by the default patch baseline.
The ID of the managed node the high-level patch compliance information was collected for.
The time of the last attempt to patch the managed node with NoReboot specified as the reboot option.
The number of patches from the patch baseline that are applicable for the managed node but aren't currently installed.
The number of patches from the patch baseline that aren't applicable for the managed node and therefore aren't installed on the node. This number may be truncated if the list of patch names is very large. The number of patches beyond this limit are reported in UnreportedNotApplicableCount.
The type of patching operation that was performed: or
The time the most recent patching operation completed on the managed node.
The time the most recent patching operation was started on the managed node.
The number of patches per node that are specified as other than Critical or Security but aren't compliant with the patch baseline. The status of these managed nodes is NON_COMPLIANT.
Placeholder information. This field will always be empty in the current release of the service.
The name of the patch group the managed node belongs to.
Indicates the reboot option specified in the patch baseline.
The number of patches per node that are specified as Security in a patch advisory aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required managed node reboot. The status of these managed nodes is NON_COMPLIANT.
The ID of the patch baseline snapshot used during the patching operation when this compliance data was collected.
The number of patches beyond the supported limit of NotApplicableCount that aren't reported by name to Inventory. Inventory is a capability of Amazon Web Services Systems Manager.