AWS CDK补丁基线

baseline1 = CfnPatchBaseline(self, "PatchBaselineLinux", name="TestPatchBaseline_Linux", operating_system="AMAZON_LINUX_2", description="TestPatchBaseline for Linux updates, Amazon_Linux_2 distr.", approved_patches_enable_non_security=True, approval_rules={"patch_rules": [ { "enable_non_security": True, "approve_after_days": 1, "approve_until_date": "2021-02-09", "compliance_level": "CRITICAL", "patch_filter_group": {"patch_filters": [ {"key": "PRODUCT", "values": ['AmazonLinux2', 'AmazonLinux2.0']}, {"key": "CLASSIFICATION", "values": ["Security", "Bugfix", "Enhancement", "Recommended"]}, {"key": "SEVERITY", "values": ["Critical", "Important", "Medium", "Low"]}]} } ] }, patch_groups=["AWS-Linux-2-Test"])

1条回答

网友

1楼 · 发布于 2024-10-02 18:21:39

我建议把你的审批规则分开。批准规则应为RuleGroupProperty。您有一个json字符串。有关详细信息，请查看以下链接：

https://docs.aws.amazon.com/cdk/api/latest/python/aws_cdk.aws_ssm/CfnPatchBaseline.html#aws_cdk.aws_ssm.CfnPatchBaseline.RuleGroupProperty

以下几点应该行得通。一定要检查所有的财产，我没有包括你所有的东西

def __init__(self, scope: cdk.Construct, construct_id: str, **kwargs) -> None:
    super().__init__(scope, construct_id, **kwargs)

    amazon_linux2_product_patch_filter = ssm.CfnPatchBaseline.PatchFilterProperty(key='PRODUCT',
                                                                                  values=['AmazonLinux2',
                                                                                          'AmazonLinux2.0'])

    amazon_linux2_classification_patch_filter = ssm.CfnPatchBaseline.PatchFilterProperty(key='CLASSIFICATION',
                                                                                         values=['Security',
                                                                                                 'Bugfix',
                                                                                                 'Enhancement',
                                                                                                 'Recommended'])

    amazon_linux2_severity_patch_filter = ssm.CfnPatchBaseline.PatchFilterProperty(key='SEVERITY',
                                                                                   values=['Critical',
                                                                                           'Important',
                                                                                           'Medium',
                                                                                           'Low'])

    patch_baseline_patch_filter_group = ssm.CfnPatchBaseline.PatchFilterGroupProperty(
        patch_filters=[amazon_linux2_product_patch_filter,
                       amazon_linux2_classification_patch_filter,
                       amazon_linux2_severity_patch_filter])

    patch_baseline_rule = ssm.CfnPatchBaseline.RuleProperty(approve_after_days=0,
                                                            compliance_level='CRITICAL',
                                                            enable_non_security=True,
                                                            patch_filter_group=patch_baseline_patch_filter_group
                                                            )

    patch_baseline_rule_group = ssm.CfnPatchBaseline.RuleGroupProperty(patch_rules=[patch_baseline_rule])

    patch_baseline = ssm.CfnPatchBaseline(self, 'rPatchBaseline',
                                          name=f'TestPatchBaseline_Linux',
                                          description='TestPatchBaseline for Linux updates, Amazon_Linux_2 distr.',
                                          operating_system='AMAZON_LINUX_2',
                                          approved_patches_enable_non_security=True,
                                          patch_groups=['AWS-Linux-2-Test'],
                                          approval_rules=patch_baseline_rule_group,
                                          )

相关问题更多 >

编程相关推荐

热门问题

热门文章