:doc:`SSM <../../ssm>` / Client / describe_patch_group_state

**************************
describe_patch_group_state
**************************



.. py:method:: SSM.Client.describe_patch_group_state(**kwargs)

  

  Returns high-level aggregated patch compliance state information for a patch group.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/DescribePatchGroupState>`_  


  **Request Syntax**
  ::

    response = client.describe_patch_group_state(
        PatchGroup='string'
    )
    
  :type PatchGroup: string
  :param PatchGroup: **[REQUIRED]** 

    The name of the patch group whose patch snapshot should be retrieved.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'Instances': 123,
          'InstancesWithInstalledPatches': 123,
          'InstancesWithInstalledOtherPatches': 123,
          'InstancesWithInstalledPendingRebootPatches': 123,
          'InstancesWithInstalledRejectedPatches': 123,
          'InstancesWithMissingPatches': 123,
          'InstancesWithFailedPatches': 123,
          'InstancesWithNotApplicablePatches': 123,
          'InstancesWithUnreportedNotApplicablePatches': 123,
          'InstancesWithCriticalNonCompliantPatches': 123,
          'InstancesWithSecurityNonCompliantPatches': 123,
          'InstancesWithOtherNonCompliantPatches': 123,
          'InstancesWithAvailableSecurityUpdates': 123
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **Instances** *(integer) --* 

        The number of managed nodes in the patch group.

        
      

      - **InstancesWithInstalledPatches** *(integer) --* 

        The number of managed nodes with installed patches.

        
      

      - **InstancesWithInstalledOtherPatches** *(integer) --* 

        The number of managed nodes with patches installed that aren't defined in the patch baseline.

        
      

      - **InstancesWithInstalledPendingRebootPatches** *(integer) --* 

        The number of managed nodes with patches installed by Patch Manager that haven't been rebooted after the patch installation. The status of these managed nodes is ``NON_COMPLIANT``.

        
      

      - **InstancesWithInstalledRejectedPatches** *(integer) --* 

        The number of managed nodes with patches installed that are specified in a ``RejectedPatches`` list. Patches with a status of ``INSTALLED_REJECTED`` were typically installed before they were added to a ``RejectedPatches`` list.

         

        .. note::

          

          If ``ALLOW_AS_DEPENDENCY`` is the specified option for ``RejectedPatchesAction``, the value of ``InstancesWithInstalledRejectedPatches`` will always be ``0`` (zero).

          

        
      

      - **InstancesWithMissingPatches** *(integer) --* 

        The number of managed nodes with missing patches from the patch baseline.

        
      

      - **InstancesWithFailedPatches** *(integer) --* 

        The number of managed nodes with patches from the patch baseline that failed to install.

        
      

      - **InstancesWithNotApplicablePatches** *(integer) --* 

        The number of managed nodes with patches that aren't applicable.

        
      

      - **InstancesWithUnreportedNotApplicablePatches** *(integer) --* 

        The number of managed nodes with ``NotApplicable`` patches beyond the supported limit, which aren't reported by name to Inventory. Inventory is a tool in Amazon Web Services Systems Manager.

        
      

      - **InstancesWithCriticalNonCompliantPatches** *(integer) --* 

        The number of managed nodes where patches that are specified as ``Critical`` for compliance reporting in the patch baseline aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required managed node reboot. The status of these managed nodes is ``NON_COMPLIANT``.

        
      

      - **InstancesWithSecurityNonCompliantPatches** *(integer) --* 

        The number of managed nodes where patches that are specified as ``Security`` in a patch advisory aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required managed node reboot. The status of these managed nodes is ``NON_COMPLIANT``.

        
      

      - **InstancesWithOtherNonCompliantPatches** *(integer) --* 

        The number of managed nodes with patches installed that are specified as other than ``Critical`` or ``Security`` but aren't compliant with the patch baseline. The status of these managed nodes is ``NON_COMPLIANT``.

        
      

      - **InstancesWithAvailableSecurityUpdates** *(integer) --* 

        The number of managed nodes for which security-related patches are available but not approved because because they didn't meet the patch baseline requirements. For example, an updated version of a patch might have been released before the specified auto-approval period was over.

         

        Applies to Windows Server managed nodes only.

        
  
  **Exceptions**
  
  *   :py:class:`SSM.Client.exceptions.InternalServerError`

  
  *   :py:class:`SSM.Client.exceptions.InvalidNextToken`

  