Top / Amazon Web Service / AWS Systems Manager / Patch Group

AWS Systems Manager Patch Group

This page shows how to write Terraform and CloudFormation for Systems Manager Patch Group and write them securely.

terraform-logo

Review your .tf file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

aws_ssm_patch_group (Terraform)

The Patch Group in Systems Manager can be configured in Terraform with the resource name aws_ssm_patch_group. The following sections describe 2 examples of how to use the resource and its parameters.

Example Usage from GitHub

patch_groups.tf#L3
resource "aws_ssm_patch_group" "patchgroup-scan-default" {
  count = var.default_scan ? 9 : 0
  baseline_id = element([
    data.aws_ssm_patch_baseline.windows.id,
    data.aws_ssm_patch_baseline.suse.id,
    data.aws_ssm_patch_baseline.ubuntu.id,
main.tf#L64
resource "aws_ssm_patch_group" "test-patchgroup" {
  baseline_id = aws_ssm_patch_baseline.test-baseline.id
  patch_group = "test-amazon-linux"
}

resource "aws_ssm_patch_group" "prod-patchgroup" {

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Provides an SSM Patch Group resource

>> from Terraform Registry

AWS::SSM::PatchBaseline PatchFilterGroup (CloudFormation)

The PatchBaseline PatchFilterGroup in SSM can be configured in CloudFormation with the resource name AWS::SSM::PatchBaseline PatchFilterGroup. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Parameters

PatchFilters The set of patch filters that make up the group.
Required: No
Type: List of PatchFilter
Maximum: 4
Update requires: No interruption

>> from AWS CloudFormation Documentation

Explanation in CloudFormation Registry

The PatchFilterGroup property type specifies a set of patch filters for an AWS Systems Manager patch baseline, typically used for approval rules for a Systems Manager patch baseline. PatchFilterGroup is the property type for the GlobalFilters property of the AWS::SSM::PatchBaseline resource and the PatchFilterGroup property of the Rule property type.

>> from AWS CloudFormation Documentation

The Other Related AWS Systems Manager Resources

Frequently asked questions

What is AWS Systems Manager Patch Group?

AWS Systems Manager Patch Group is a resource for Systems Manager of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Systems Manager Patch Group?

For Terraform, the THOM-AwS/terraform-patch-manager and csa-bconnors/ssm-tf-demo source code examples are useful. See the Terraform Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents