:doc:`SSM <../../ssm>` / Client / describe_instance_patches

*************************
describe_instance_patches
*************************



.. py:method:: SSM.Client.describe_instance_patches(**kwargs)

  

  Retrieves information about the patches on the specified managed node and their state relative to the patch baseline being used for the node.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/DescribeInstancePatches>`_  


  **Request Syntax**
  ::

    response = client.describe_instance_patches(
        InstanceId='string',
        Filters=[
            {
                'Key': 'string',
                'Values': [
                    'string',
                ]
            },
        ],
        NextToken='string',
        MaxResults=123
    )
    
  :type InstanceId: string
  :param InstanceId: **[REQUIRED]** 

    The ID of the managed node whose patch state information should be retrieved.

    

  
  :type Filters: list
  :param Filters: 

    Each element in the array is a structure containing a key-value pair.

     

    Supported keys for ``DescribeInstancePatches``include the following:

     

    
    * ``Classification`` Sample values: ``Security`` | ``SecurityUpdates``
     
    * ``KBId`` Sample values: ``KB4480056`` | ``java-1.7.0-openjdk.x86_64``
     
    * ``Severity`` Sample values: ``Important`` | ``Medium`` | ``Low``
     
    * ``State`` Sample values: ``Installed`` | ``InstalledOther`` | ``InstalledPendingReboot`` For lists of all ``State`` values, see `Patch compliance state values <https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-compliance-states.html>`__ in the *Amazon Web Services Systems Manager User Guide*.
    

    

  
    - *(dict) --* 

      Defines a filter used in Patch Manager APIs. Supported filter keys depend on the API operation that includes the filter. Patch Manager API operations that use ``PatchOrchestratorFilter`` include the following:

       

      
      *  DescribeAvailablePatches
       
      *  DescribeInstancePatches
       
      *  DescribePatchBaselines
       
      *  DescribePatchGroups
      

      

    
      - **Key** *(string) --* 

        The key for the filter.

        

      
      - **Values** *(list) --* 

        The value for the filter.

        

      
        - *(string) --* 

        
    
    

  :type NextToken: string
  :param NextToken: 

    The token for the next set of items to return. (You received this token from a previous call.)

    

  
  :type MaxResults: integer
  :param MaxResults: 

    The maximum number of patches to return (per page).

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'Patches': [
              {
                  'Title': 'string',
                  'KBId': 'string',
                  'Classification': 'string',
                  'Severity': 'string',
                  'State': 'INSTALLED'|'INSTALLED_OTHER'|'INSTALLED_PENDING_REBOOT'|'INSTALLED_REJECTED'|'MISSING'|'NOT_APPLICABLE'|'FAILED'|'AVAILABLE_SECURITY_UPDATE',
                  'InstalledTime': datetime(2015, 1, 1),
                  'CVEIds': 'string'
              },
          ],
          'NextToken': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **Patches** *(list) --* 

        Each entry in the array is a structure containing:

         

        
        * Title (string)
         
        * KBId (string)
         
        * Classification (string)
         
        * Severity (string)
         
        * State (string, such as "INSTALLED" or "FAILED")
         
        * InstalledTime (DateTime)
         
        * InstalledBy (string)
        

        
        

        - *(dict) --* 

          Information about the state of a patch on a particular managed node as it relates to the patch baseline used to patch the node.

          
          

          - **Title** *(string) --* 

            The title of the patch.

            
          

          - **KBId** *(string) --* 

            The operating system-specific ID of the patch.

            
          

          - **Classification** *(string) --* 

            The classification of the patch, such as ``SecurityUpdates``, ``Updates``, and ``CriticalUpdates``.

            
          

          - **Severity** *(string) --* 

            The severity of the patch such as ``Critical``, ``Important``, and ``Moderate``.

            
          

          - **State** *(string) --* 

            The state of the patch on the managed node, such as INSTALLED or FAILED.

             

            For descriptions of each patch state, see `About patch compliance <https://docs.aws.amazon.com/systems-manager/latest/userguide/compliance-about.html#compliance-monitor-patch>`__ in the *Amazon Web Services Systems Manager User Guide*.

            
          

          - **InstalledTime** *(datetime) --* 

            The date/time the patch was installed on the managed node. Not all operating systems provide this level of information.

            
          

          - **CVEIds** *(string) --* 

            The IDs of one or more Common Vulnerabilities and Exposure (CVE) issues that are resolved by the patch.

             

            .. note::

              

              Currently, CVE ID values are reported only for patches with a status of ``Missing`` or ``Failed``.

              

            
      
    
      

      - **NextToken** *(string) --* 

        The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

        
  
  **Exceptions**
  
  *   :py:class:`SSM.Client.exceptions.InternalServerError`

  
  *   :py:class:`SSM.Client.exceptions.InvalidInstanceId`

  
  *   :py:class:`SSM.Client.exceptions.InvalidFilter`

  
  *   :py:class:`SSM.Client.exceptions.InvalidNextToken`

  