aws-sdk-ssm 1.190.0 → 1.192.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 969cf349669b65d73ea006352f2807a811beb6a8a9e3782c940fe99e1ead74f0
-  data.tar.gz: 8abcdcdabf6c162a5f422eeb94da6b2bc13901143f340f196f2a3886307b56e3
+  metadata.gz: 6b392c9f39b462f9232bf07b416e09ddc1f864a90813afdf24489e2c02084953
+  data.tar.gz: 86e0fcc4a634784174b93e8e9761fcd42385b9659f3565b4e49a98fa544880c7
 SHA512:
-  metadata.gz: a73bded80b209dbc33dad24c99c03d5b01f6dc7cf05e9e793b9d0ceaceb56c317712971f3c49d9cb6bf0bcd5d110330a49db310790344b6b3984aa939885aff3
-  data.tar.gz: 90018c5d8191fd062eb417d97d51a75d2e8ead1a93d4e0b31913278d009f76d6206b7f882595f688308b40d7d83517e1640173752b1fecfe67de68a19880e309
+  metadata.gz: 28969f382a189fbb73c78319bb941f9b6f6f414cd3727a06796559588d220e1829fbc10f19b109a5c82d422416e83ec2f68ba0e706c2a274eb42206d57df13f5
+  data.tar.gz: 47be473f1547beadffd6487ae69ac945cbcc7c1cb596647c402177614897d47f03c2225b1a2fc88962ddb418c3f989076245c37e7b9e1f2c2d0b62a96afcb3d6

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
 
+1.192.0 (2025-03-24)
+------------------
+
+* Feature - This release adds the AvailableSecurityUpdatesComplianceStatus field to patch baseline operations, as well as the AvailableSecurityUpdateCount and InstancesWithAvailableSecurityUpdates to patch state operations. Applies to Windows Server managed nodes only.
+
+1.191.0 (2025-02-28)
+------------------
+
+* Feature - Systems Manager doc-only updates for Feb. 2025.
+
 1.190.0 (2025-02-18)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.190.0
+1.192.0

data/lib/aws-sdk-ssm/client.rb

@@ -978,15 +978,27 @@ module Aws::SSM
     # @option params [Boolean] :apply_only_at_cron_interval
     #   By default, when you create a new association, the system runs it
     #   immediately after it is created and then according to the schedule you
-    #   specified. Specify this option if you don't want an association to
-    #   run immediately after you create it. This parameter isn't supported
-    #   for rate expressions.
+    #   specified and when target changes are detected. Specify `true` for
+    #   `ApplyOnlyAtCronInterval`if you want the association to run only
+    #   according to the schedule you specified.
+    #
+    #   For more information, see [Understanding when associations are applied
+    #   to resources][1] and [>About target updates with Automation
+    #   runbooks][2] in the *Amazon Web Services Systems Manager User Guide*.
+    #
+    #   This parameter isn't supported for rate expressions.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/state-manager-about.html#state-manager-about-scheduling
+    #   [2]: https://docs.aws.amazon.com/systems-manager/latest/userguide/state-manager-about.html#runbook-target-updates
     #
     # @option params [Array<String>] :calendar_names
-    #   The names or Amazon Resource Names (ARNs) of the Change Calendar type
+    #   The names of Amazon Resource Names (ARNs) of the Change Calendar type
     #   documents you want to gate your associations under. The associations
     #   only run when that change calendar is open. For more information, see
-    #   [Amazon Web Services Systems Manager Change Calendar][1].
+    #   [Amazon Web Services Systems Manager Change Calendar][1] in the
+    #   *Amazon Web Services Systems Manager User Guide*.
     #
     #
     #
@@ -2165,6 +2177,20 @@ module Aws::SSM
     #   including target operating systems and source repositories. Applies to
     #   Linux managed nodes only.
     #
+    # @option params [String] :available_security_updates_compliance_status
+    #   Indicates the status you want to assign to security patches that are
+    #   available but not approved because they don't meet the installation
+    #   criteria specified in the patch baseline.
+    #
+    #   Example scenario: Security patches that you might want installed can
+    #   be skipped if you have specified a long period to wait after a patch
+    #   is released before installation. If an update to the patch is released
+    #   during your specified waiting period, the waiting period for
+    #   installing the patch starts over. If the waiting period is too long,
+    #   multiple versions of the patch could be released but never installed.
+    #
+    #   Supported for Windows Server managed nodes only.
+    #
     # @option params [String] :client_token
     #   User-provided idempotency token.
     #
@@ -2236,6 +2262,7 @@ module Aws::SSM
     #         configuration: "PatchSourceConfiguration", # required
     #       },
     #     ],
+    #     available_security_updates_compliance_status: "COMPLIANT", # accepts COMPLIANT, NON_COMPLIANT
     #     client_token: "ClientToken",
     #     tags: [
     #       {
@@ -2821,9 +2848,20 @@ module Aws::SSM
     end
 
     # Removes the server or virtual machine from the list of registered
-    # servers. You can reregister the node again at any time. If you don't
-    # plan to use Run Command on the server, we suggest uninstalling SSM
-    # Agent first.
+    # servers.
+    #
+    # If you want to reregister an on-premises server, edge device, or VM,
+    # you must use a different Activation Code and Activation ID than used
+    # to register the machine previously. The Activation Code and Activation
+    # ID must not have already been used on the maximum number of
+    # activations specified when they were created. For more information,
+    # see [Deregistering managed nodes in a hybrid and multicloud
+    # environment][1] in the *Amazon Web Services Systems Manager User
+    # Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/fleet-manager-deregister-hybrid-nodes.html
     #
     # @option params [required, String] :instance_id
     #   The ID assigned to the managed node when you registered it using the
@@ -4168,6 +4206,7 @@ module Aws::SSM
     #   resp.instance_patch_states[0].failed_count #=> Integer
     #   resp.instance_patch_states[0].unreported_not_applicable_count #=> Integer
     #   resp.instance_patch_states[0].not_applicable_count #=> Integer
+    #   resp.instance_patch_states[0].available_security_update_count #=> Integer
     #   resp.instance_patch_states[0].operation_start_time #=> Time
     #   resp.instance_patch_states[0].operation_end_time #=> Time
     #   resp.instance_patch_states[0].operation #=> String, one of "Scan", "Install"
@@ -4249,6 +4288,7 @@ module Aws::SSM
     #   resp.instance_patch_states[0].failed_count #=> Integer
     #   resp.instance_patch_states[0].unreported_not_applicable_count #=> Integer
     #   resp.instance_patch_states[0].not_applicable_count #=> Integer
+    #   resp.instance_patch_states[0].available_security_update_count #=> Integer
     #   resp.instance_patch_states[0].operation_start_time #=> Time
     #   resp.instance_patch_states[0].operation_end_time #=> Time
     #   resp.instance_patch_states[0].operation #=> String, one of "Scan", "Install"
@@ -4340,7 +4380,7 @@ module Aws::SSM
     #   resp.patches[0].kb_id #=> String
     #   resp.patches[0].classification #=> String
     #   resp.patches[0].severity #=> String
-    #   resp.patches[0].state #=> String, one of "INSTALLED", "INSTALLED_OTHER", "INSTALLED_PENDING_REBOOT", "INSTALLED_REJECTED", "MISSING", "NOT_APPLICABLE", "FAILED"
+    #   resp.patches[0].state #=> String, one of "INSTALLED", "INSTALLED_OTHER", "INSTALLED_PENDING_REBOOT", "INSTALLED_REJECTED", "MISSING", "NOT_APPLICABLE", "FAILED", "AVAILABLE_SECURITY_UPDATE"
     #   resp.patches[0].installed_time #=> Time
     #   resp.patches[0].cve_ids #=> String
     #   resp.next_token #=> String
@@ -5396,6 +5436,7 @@ module Aws::SSM
     #   * {Types::DescribePatchGroupStateResult#instances_with_critical_non_compliant_patches #instances_with_critical_non_compliant_patches} => Integer
     #   * {Types::DescribePatchGroupStateResult#instances_with_security_non_compliant_patches #instances_with_security_non_compliant_patches} => Integer
     #   * {Types::DescribePatchGroupStateResult#instances_with_other_non_compliant_patches #instances_with_other_non_compliant_patches} => Integer
+    #   * {Types::DescribePatchGroupStateResult#instances_with_available_security_updates #instances_with_available_security_updates} => Integer
     #
     # @example Request syntax with placeholder values
     #
@@ -5417,6 +5458,7 @@ module Aws::SSM
     #   resp.instances_with_critical_non_compliant_patches #=> Integer
     #   resp.instances_with_security_non_compliant_patches #=> Integer
     #   resp.instances_with_other_non_compliant_patches #=> Integer
+    #   resp.instances_with_available_security_updates #=> Integer
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/DescribePatchGroupState AWS API Documentation
     #
@@ -5920,7 +5962,7 @@ module Aws::SSM
     # [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-change-calendar.html
     #
     # @option params [required, Array<String>] :calendar_names
-    #   The names or Amazon Resource Names (ARNs) of the Systems Manager
+    #   The names of Amazon Resource Names (ARNs) of the Systems Manager
     #   documents (SSM documents) that represent the calendar entries for
     #   which you want to get the state.
     #
@@ -6208,6 +6250,7 @@ module Aws::SSM
     #           configuration: "PatchSourceConfiguration", # required
     #         },
     #       ],
+    #       available_security_updates_compliance_status: "COMPLIANT", # accepts COMPLIANT, NON_COMPLIANT
     #     },
     #   })
     #
@@ -7411,6 +7454,7 @@ module Aws::SSM
     #   * {Types::GetPatchBaselineResult#modified_date #modified_date} => Time
     #   * {Types::GetPatchBaselineResult#description #description} => String
     #   * {Types::GetPatchBaselineResult#sources #sources} => Array&lt;Types::PatchSource&gt;
+    #   * {Types::GetPatchBaselineResult#available_security_updates_compliance_status #available_security_updates_compliance_status} => String
     #
     # @example Request syntax with placeholder values
     #
@@ -7453,6 +7497,7 @@ module Aws::SSM
     #   resp.sources[0].products #=> Array
     #   resp.sources[0].products[0] #=> String
     #   resp.sources[0].configuration #=> String
+    #   resp.available_security_updates_compliance_status #=> String, one of "COMPLIANT", "NON_COMPLIANT"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/GetPatchBaseline AWS API Documentation
     #
@@ -8500,9 +8545,15 @@ module Aws::SSM
     # filter criteria.
     #
     # @option params [String] :sync_name
-    #   The name of the resource data sync to retrieve information about.
-    #   Required for cross-account/cross-Region configurations. Optional for
-    #   single account/single-Region configurations.
+    #   The name of the Amazon Web Services managed resource data sync to
+    #   retrieve information about.
+    #
+    #   For cross-account/cross-Region configurations, this parameter is
+    #   required, and the name of the supported resource data sync is
+    #   `AWS-QuickSetup-ManagedNode`.
+    #
+    #   For single account/single-Region configurations, the parameter is not
+    #   required.
     #
     # @option params [Array<Types::NodeFilter>] :filters
     #   One or more filters. Use a filter to return a more specific list of
@@ -8624,9 +8675,15 @@ module Aws::SSM
     # aggregator you specify.
     #
     # @option params [String] :sync_name
-    #   The name of the resource data sync to retrieve information about.
-    #   Required for cross-account/cross-Region configuration. Optional for
-    #   single account/single-Region configurations.
+    #   The name of the Amazon Web Services managed resource data sync to
+    #   retrieve information about.
+    #
+    #   For cross-account/cross-Region configurations, this parameter is
+    #   required, and the name of the supported resource data sync is
+    #   `AWS-QuickSetup-ManagedNode`.
+    #
+    #   For single account/single-Region configurations, the parameter is not
+    #   required.
     #
     # @option params [Array<Types::NodeFilter>] :filters
     #   One or more filters. Use a filter to generate a summary that matches
@@ -9124,14 +9181,17 @@ module Aws::SSM
     #
     # @option params [Array<String>] :account_ids_to_add
     #   The Amazon Web Services users that should have access to the document.
-    #   The account IDs can either be a group of account IDs or *All*.
+    #   The account IDs can either be a group of account IDs or *All*. You
+    #   must specify a value for this parameter or the `AccountIdsToRemove`
+    #   parameter.
     #
     # @option params [Array<String>] :account_ids_to_remove
     #   The Amazon Web Services users that should no longer have access to the
     #   document. The Amazon Web Services user can either be a group of
     #   account IDs or *All*. This action has a higher priority than
     #   `AccountIdsToAdd`. If you specify an ID to add and the same ID to
-    #   remove, the system removes access to the document.
+    #   remove, the system removes access to the document. You must specify a
+    #   value for this parameter or the `AccountIdsToAdd` parameter.
     #
     # @option params [String] :shared_document_version
     #   (Optional) The version of the document to share. If it isn't
@@ -9333,11 +9393,11 @@ module Aws::SSM
       req.send_request(options)
     end
 
-    # Add a parameter to the system.
+    # Create or update a parameter in Parameter Store.
     #
     # @option params [required, String] :name
-    #   The fully qualified name of the parameter that you want to add to the
-    #   system.
+    #   The fully qualified name of the parameter that you want to create or
+    #   update.
     #
     #   <note markdown="1"> You can't enter the Amazon Resource Name (ARN) for a parameter, only
     #   the parameter name itself.
@@ -9374,11 +9434,16 @@ module Aws::SSM
     #   [Creating Systems Manager parameters][1] in the *Amazon Web Services
     #   Systems Manager User Guide*.
     #
-    #   <note markdown="1"> The maximum length constraint of 2048 characters listed below includes
-    #   1037 characters reserved for internal use by Systems Manager. The
-    #   maximum length for a parameter name that you create is 1011
-    #   characters. This includes the characters in the ARN that precede the
-    #   name you specify, such as
+    #   <note markdown="1"> The reported maximum length of 2048 characters for a parameter name
+    #   includes 1037 characters that are reserved for internal use by Systems
+    #   Manager. The maximum length for a parameter name that you specify is
+    #   1011 characters.
+    #
+    #    This count of 1011 characters includes the characters in the ARN that
+    #   precede the name you specify. This ARN length will vary depending on
+    #   your partition and Region. For example, the following 45 characters
+    #   count toward the 1011 character maximum for a parameter created in the
+    #   US East (Ohio) Region:
     #   `arn:aws:ssm:us-east-2:111122223333:parameter/`.
     #
     #    </note>
@@ -9405,7 +9470,7 @@ module Aws::SSM
     #    </note>
     #
     # @option params [String] :type
-    #   The type of parameter that you want to add to the system.
+    #   The type of parameter that you want to create.
     #
     #   <note markdown="1"> `SecureString` isn't currently supported for CloudFormation
     #   templates.
@@ -9426,7 +9491,7 @@ module Aws::SSM
     #   parameters that use the `SecureString` data type.
     #
     #   If you don't specify a key ID, the system uses the default key
-    #   associated with your Amazon Web Services account which is not as
+    #   associated with your Amazon Web Services account, which is not as
     #   secure as using a custom key.
     #
     #   * To use a custom KMS key, choose the `SecureString` data type with
@@ -11487,32 +11552,43 @@ module Aws::SSM
     # @option params [Boolean] :apply_only_at_cron_interval
     #   By default, when you update an association, the system runs it
     #   immediately after it is updated and then according to the schedule you
-    #   specified. Specify this option if you don't want an association to
-    #   run immediately after you update it. This parameter isn't supported
-    #   for rate expressions.
+    #   specified. Specify `true` for `ApplyOnlyAtCronInterval` if you want
+    #   the association to run only according to the schedule you specified.
     #
     #   If you chose this option when you created an association and later you
-    #   edit that association or you make changes to the SSM document on which
-    #   that association is based (by using the Documents page in the
-    #   console), State Manager applies the association at the next specified
-    #   cron interval. For example, if you chose the `Latest` version of an
-    #   SSM document when you created an association and you edit the
-    #   association by choosing a different document version on the Documents
-    #   page, State Manager applies the association at the next specified cron
-    #   interval if you previously selected this option. If this option
-    #   wasn't selected, State Manager immediately runs the association.
-    #
-    #   You can reset this option. To do so, specify the
+    #   edit that association or you make changes to the Automation runbook or
+    #   SSM document on which that association is based, State Manager applies
+    #   the association at the next specified cron interval. For example, if
+    #   you chose the `Latest` version of an SSM document when you created an
+    #   association and you edit the association by choosing a different
+    #   document version on the Documents page, State Manager applies the
+    #   association at the next specified cron interval if you previously set
+    #   `ApplyOnlyAtCronInterval` to `true`. If this option wasn't selected,
+    #   State Manager immediately runs the association.
+    #
+    #   For more information, see [Understanding when associations are applied
+    #   to resources][1] and [About target updates with Automation
+    #   runbooks][2] in the *Amazon Web Services Systems Manager User Guide*.
+    #
+    #   This parameter isn't supported for rate expressions.
+    #
+    #   You can reset this parameter. To do so, specify the
     #   `no-apply-only-at-cron-interval` parameter when you update the
     #   association from the command line. This parameter forces the
     #   association to run immediately after updating it and according to the
     #   interval specified.
     #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/state-manager-about.html#state-manager-about-scheduling
+    #   [2]: https://docs.aws.amazon.com/systems-manager/latest/userguide/state-manager-about.html#runbook-target-updates
+    #
     # @option params [Array<String>] :calendar_names
     #   The names or Amazon Resource Names (ARNs) of the Change Calendar type
     #   documents you want to gate your associations under. The associations
     #   only run when that change calendar is open. For more information, see
-    #   [Amazon Web Services Systems Manager Change Calendar][1].
+    #   [Amazon Web Services Systems Manager Change Calendar][1] in the
+    #   *Amazon Web Services Systems Manager User Guide*.
     #
     #
     #
@@ -12993,6 +13069,20 @@ module Aws::SSM
     #   including target operating systems and source repositories. Applies to
     #   Linux managed nodes only.
     #
+    # @option params [String] :available_security_updates_compliance_status
+    #   Indicates the status to be assigned to security patches that are
+    #   available but not approved because they don't meet the installation
+    #   criteria specified in the patch baseline.
+    #
+    #   Example scenario: Security patches that you might want installed can
+    #   be skipped if you have specified a long period to wait after a patch
+    #   is released before installation. If an update to the patch is released
+    #   during your specified waiting period, the waiting period for
+    #   installing the patch starts over. If the waiting period is too long,
+    #   multiple versions of the patch could be released but never installed.
+    #
+    #   Supported for Windows Server managed nodes only.
+    #
     # @option params [Boolean] :replace
     #   If True, then all fields that are required by the CreatePatchBaseline
     #   operation are also required for this API request. Optional fields that
@@ -13014,6 +13104,7 @@ module Aws::SSM
     #   * {Types::UpdatePatchBaselineResult#modified_date #modified_date} => Time
     #   * {Types::UpdatePatchBaselineResult#description #description} => String
     #   * {Types::UpdatePatchBaselineResult#sources #sources} => Array&lt;Types::PatchSource&gt;
+    #   * {Types::UpdatePatchBaselineResult#available_security_updates_compliance_status #available_security_updates_compliance_status} => String
     #
     # @example Request syntax with placeholder values
     #
@@ -13059,6 +13150,7 @@ module Aws::SSM
     #         configuration: "PatchSourceConfiguration", # required
     #       },
     #     ],
+    #     available_security_updates_compliance_status: "COMPLIANT", # accepts COMPLIANT, NON_COMPLIANT
     #     replace: false,
     #   })
     #
@@ -13095,6 +13187,7 @@ module Aws::SSM
     #   resp.sources[0].products #=> Array
     #   resp.sources[0].products[0] #=> String
     #   resp.sources[0].configuration #=> String
+    #   resp.available_security_updates_compliance_status #=> String, one of "COMPLIANT", "NON_COMPLIANT"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/UpdatePatchBaseline AWS API Documentation
     #
@@ -13278,7 +13371,7 @@ module Aws::SSM
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-ssm'
-      context[:gem_version] = '1.190.0'
+      context[:gem_version] = '1.192.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-ssm/client_api.rb

@@ -947,6 +947,7 @@ module Aws::SSM
     PatchAdvisoryId = Shapes::StringShape.new(name: 'PatchAdvisoryId')
     PatchAdvisoryIdList = Shapes::ListShape.new(name: 'PatchAdvisoryIdList')
     PatchArch = Shapes::StringShape.new(name: 'PatchArch')
+    PatchAvailableSecurityUpdateCount = Shapes::IntegerShape.new(name: 'PatchAvailableSecurityUpdateCount')
     PatchBaselineIdentity = Shapes::StructureShape.new(name: 'PatchBaselineIdentity')
     PatchBaselineIdentityList = Shapes::ListShape.new(name: 'PatchBaselineIdentityList')
     PatchBaselineMaxResults = Shapes::IntegerShape.new(name: 'PatchBaselineMaxResults')
@@ -961,6 +962,7 @@ module Aws::SSM
     PatchComplianceDataState = Shapes::StringShape.new(name: 'PatchComplianceDataState')
     PatchComplianceLevel = Shapes::StringShape.new(name: 'PatchComplianceLevel')
     PatchComplianceMaxResults = Shapes::IntegerShape.new(name: 'PatchComplianceMaxResults')
+    PatchComplianceStatus = Shapes::StringShape.new(name: 'PatchComplianceStatus')
     PatchContentUrl = Shapes::StringShape.new(name: 'PatchContentUrl')
     PatchCriticalNonCompliantCount = Shapes::IntegerShape.new(name: 'PatchCriticalNonCompliantCount')
     PatchDeploymentStatus = Shapes::StringShape.new(name: 'PatchDeploymentStatus')
@@ -1644,6 +1646,7 @@ module Aws::SSM
     BaselineOverride.add_member(:rejected_patches_action, Shapes::ShapeRef.new(shape: PatchAction, location_name: "RejectedPatchesAction"))
     BaselineOverride.add_member(:approved_patches_enable_non_security, Shapes::ShapeRef.new(shape: Boolean, location_name: "ApprovedPatchesEnableNonSecurity"))
     BaselineOverride.add_member(:sources, Shapes::ShapeRef.new(shape: PatchSourceList, location_name: "Sources"))
+    BaselineOverride.add_member(:available_security_updates_compliance_status, Shapes::ShapeRef.new(shape: PatchComplianceStatus, location_name: "AvailableSecurityUpdatesComplianceStatus"))
     BaselineOverride.struct_class = Types::BaselineOverride
 
     CalendarNameOrARNList.member = Shapes::ShapeRef.new(shape: CalendarNameOrARN)
@@ -1940,6 +1943,7 @@ module Aws::SSM
     CreatePatchBaselineRequest.add_member(:rejected_patches_action, Shapes::ShapeRef.new(shape: PatchAction, location_name: "RejectedPatchesAction"))
     CreatePatchBaselineRequest.add_member(:description, Shapes::ShapeRef.new(shape: BaselineDescription, location_name: "Description"))
     CreatePatchBaselineRequest.add_member(:sources, Shapes::ShapeRef.new(shape: PatchSourceList, location_name: "Sources"))
+    CreatePatchBaselineRequest.add_member(:available_security_updates_compliance_status, Shapes::ShapeRef.new(shape: PatchComplianceStatus, location_name: "AvailableSecurityUpdatesComplianceStatus"))
     CreatePatchBaselineRequest.add_member(:client_token, Shapes::ShapeRef.new(shape: ClientToken, location_name: "ClientToken", metadata: {"idempotencyToken"=>true}))
     CreatePatchBaselineRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, location_name: "Tags"))
     CreatePatchBaselineRequest.struct_class = Types::CreatePatchBaselineRequest
@@ -2370,6 +2374,7 @@ module Aws::SSM
     DescribePatchGroupStateResult.add_member(:instances_with_critical_non_compliant_patches, Shapes::ShapeRef.new(shape: InstancesCount, location_name: "InstancesWithCriticalNonCompliantPatches", metadata: {"box"=>true}))
     DescribePatchGroupStateResult.add_member(:instances_with_security_non_compliant_patches, Shapes::ShapeRef.new(shape: InstancesCount, location_name: "InstancesWithSecurityNonCompliantPatches", metadata: {"box"=>true}))
     DescribePatchGroupStateResult.add_member(:instances_with_other_non_compliant_patches, Shapes::ShapeRef.new(shape: InstancesCount, location_name: "InstancesWithOtherNonCompliantPatches", metadata: {"box"=>true}))
+    DescribePatchGroupStateResult.add_member(:instances_with_available_security_updates, Shapes::ShapeRef.new(shape: Integer, location_name: "InstancesWithAvailableSecurityUpdates", metadata: {"box"=>true}))
     DescribePatchGroupStateResult.struct_class = Types::DescribePatchGroupStateResult
 
     DescribePatchGroupsRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: PatchBaselineMaxResults, location_name: "MaxResults", metadata: {"box"=>true}))
@@ -2891,6 +2896,7 @@ module Aws::SSM
     GetPatchBaselineResult.add_member(:modified_date, Shapes::ShapeRef.new(shape: DateTime, location_name: "ModifiedDate"))
     GetPatchBaselineResult.add_member(:description, Shapes::ShapeRef.new(shape: BaselineDescription, location_name: "Description"))
     GetPatchBaselineResult.add_member(:sources, Shapes::ShapeRef.new(shape: PatchSourceList, location_name: "Sources"))
+    GetPatchBaselineResult.add_member(:available_security_updates_compliance_status, Shapes::ShapeRef.new(shape: PatchComplianceStatus, location_name: "AvailableSecurityUpdatesComplianceStatus"))
     GetPatchBaselineResult.struct_class = Types::GetPatchBaselineResult
 
     GetResourcePoliciesRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: ResourceArnString, required: true, location_name: "ResourceArn"))
@@ -3031,6 +3037,7 @@ module Aws::SSM
     InstancePatchState.add_member(:failed_count, Shapes::ShapeRef.new(shape: PatchFailedCount, location_name: "FailedCount"))
     InstancePatchState.add_member(:unreported_not_applicable_count, Shapes::ShapeRef.new(shape: PatchUnreportedNotApplicableCount, location_name: "UnreportedNotApplicableCount", metadata: {"box"=>true}))
     InstancePatchState.add_member(:not_applicable_count, Shapes::ShapeRef.new(shape: PatchNotApplicableCount, location_name: "NotApplicableCount"))
+    InstancePatchState.add_member(:available_security_update_count, Shapes::ShapeRef.new(shape: PatchAvailableSecurityUpdateCount, location_name: "AvailableSecurityUpdateCount", metadata: {"box"=>true}))
     InstancePatchState.add_member(:operation_start_time, Shapes::ShapeRef.new(shape: DateTime, required: true, location_name: "OperationStartTime"))
     InstancePatchState.add_member(:operation_end_time, Shapes::ShapeRef.new(shape: DateTime, required: true, location_name: "OperationEndTime"))
     InstancePatchState.add_member(:operation, Shapes::ShapeRef.new(shape: PatchOperationType, required: true, location_name: "Operation"))
@@ -4986,6 +4993,7 @@ module Aws::SSM
     UpdatePatchBaselineRequest.add_member(:rejected_patches_action, Shapes::ShapeRef.new(shape: PatchAction, location_name: "RejectedPatchesAction"))
     UpdatePatchBaselineRequest.add_member(:description, Shapes::ShapeRef.new(shape: BaselineDescription, location_name: "Description"))
     UpdatePatchBaselineRequest.add_member(:sources, Shapes::ShapeRef.new(shape: PatchSourceList, location_name: "Sources"))
+    UpdatePatchBaselineRequest.add_member(:available_security_updates_compliance_status, Shapes::ShapeRef.new(shape: PatchComplianceStatus, location_name: "AvailableSecurityUpdatesComplianceStatus"))
     UpdatePatchBaselineRequest.add_member(:replace, Shapes::ShapeRef.new(shape: Boolean, location_name: "Replace", metadata: {"box"=>true}))
     UpdatePatchBaselineRequest.struct_class = Types::UpdatePatchBaselineRequest
 
@@ -5003,6 +5011,7 @@ module Aws::SSM
     UpdatePatchBaselineResult.add_member(:modified_date, Shapes::ShapeRef.new(shape: DateTime, location_name: "ModifiedDate"))
     UpdatePatchBaselineResult.add_member(:description, Shapes::ShapeRef.new(shape: BaselineDescription, location_name: "Description"))
     UpdatePatchBaselineResult.add_member(:sources, Shapes::ShapeRef.new(shape: PatchSourceList, location_name: "Sources"))
+    UpdatePatchBaselineResult.add_member(:available_security_updates_compliance_status, Shapes::ShapeRef.new(shape: PatchComplianceStatus, location_name: "AvailableSecurityUpdatesComplianceStatus"))
     UpdatePatchBaselineResult.struct_class = Types::UpdatePatchBaselineResult
 
     UpdateResourceDataSyncRequest.add_member(:sync_name, Shapes::ShapeRef.new(shape: ResourceDataSyncName, required: true, location_name: "SyncName"))

data/lib/aws-sdk-ssm/types.rb

@@ -529,7 +529,8 @@ module Aws::SSM
     #   The names or Amazon Resource Names (ARNs) of the Change Calendar
     #   type documents your associations are gated under. The associations
     #   only run when that change calendar is open. For more information,
-    #   see [Amazon Web Services Systems Manager Change Calendar][1].
+    #   see [Amazon Web Services Systems Manager Change Calendar][1] in the
+    #   *Amazon Web Services Systems Manager User Guide*.
     #
     #
     #
@@ -975,7 +976,7 @@ module Aws::SSM
     #   @return [String]
     #
     # @!attribute [rw] apply_only_at_cron_interval
-    #   By default, when you create a new associations, the system runs it
+    #   By default, when you create new associations, the system runs it
     #   immediately after it is created and then according to the schedule
     #   you specified. Specify this option if you don't want an association
     #   to run immediately after you create it. This parameter isn't
@@ -987,7 +988,8 @@ module Aws::SSM
     #   type documents your associations are gated under. The associations
     #   for this version only run when that Change Calendar is open. For
     #   more information, see [Amazon Web Services Systems Manager Change
-    #   Calendar][1].
+    #   Calendar][1] in the *Amazon Web Services Systems Manager User
+    #   Guide*.
     #
     #
     #
@@ -1827,6 +1829,16 @@ module Aws::SSM
     #   to Linux managed nodes only.
     #   @return [Array<Types::PatchSource>]
     #
+    # @!attribute [rw] available_security_updates_compliance_status
+    #   Indicates whether managed nodes for which there are available
+    #   security-related patches that have not been approved by the baseline
+    #   are being defined as `COMPLIANT` or `NON_COMPLIANT`. This option is
+    #   specified when the `CreatePatchBaseline` or `UpdatePatchBaseline`
+    #   commands are run.
+    #
+    #   Applies to Windows Server managed nodes only.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/BaselineOverride AWS API Documentation
     #
     class BaselineOverride < Struct.new(
@@ -1838,7 +1850,8 @@ module Aws::SSM
       :rejected_patches,
       :rejected_patches_action,
       :approved_patches_enable_non_security,
-      :sources)
+      :sources,
+      :available_security_updates_compliance_status)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3045,18 +3058,31 @@ module Aws::SSM
     #   @return [String]
     #
     # @!attribute [rw] apply_only_at_cron_interval
-    #   By default, when you create a new associations, the system runs it
+    #   By default, when you create a new association, the system runs it
     #   immediately after it is created and then according to the schedule
-    #   you specified. Specify this option if you don't want an association
-    #   to run immediately after you create it. This parameter isn't
-    #   supported for rate expressions.
+    #   you specified and when target changes are detected. Specify `true`
+    #   for `ApplyOnlyAtCronInterval` if you want the association to run
+    #   only according to the schedule you specified.
+    #
+    #   For more information, see [Understanding when associations are
+    #   applied to resources][1] and [&gt;About target updates with
+    #   Automation runbooks][2] in the *Amazon Web Services Systems Manager
+    #   User Guide*.
+    #
+    #   This parameter isn't supported for rate expressions.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/state-manager-about.html#state-manager-about-scheduling
+    #   [2]: https://docs.aws.amazon.com/systems-manager/latest/userguide/state-manager-about.html#runbook-target-updates
     #   @return [Boolean]
     #
     # @!attribute [rw] calendar_names
     #   The names or Amazon Resource Names (ARNs) of the Change Calendar
     #   type documents your associations are gated under. The associations
     #   only run when that Change Calendar is open. For more information,
-    #   see [Amazon Web Services Systems Manager Change Calendar][1].
+    #   see [Amazon Web Services Systems Manager Change Calendar][1] in the
+    #   *Amazon Web Services Systems Manager User Guide*.
     #
     #
     #
@@ -3292,17 +3318,30 @@ module Aws::SSM
     # @!attribute [rw] apply_only_at_cron_interval
     #   By default, when you create a new association, the system runs it
     #   immediately after it is created and then according to the schedule
-    #   you specified. Specify this option if you don't want an association
-    #   to run immediately after you create it. This parameter isn't
-    #   supported for rate expressions.
+    #   you specified and when target changes are detected. Specify `true`
+    #   for `ApplyOnlyAtCronInterval`if you want the association to run only
+    #   according to the schedule you specified.
+    #
+    #   For more information, see [Understanding when associations are
+    #   applied to resources][1] and [&gt;About target updates with
+    #   Automation runbooks][2] in the *Amazon Web Services Systems Manager
+    #   User Guide*.
+    #
+    #   This parameter isn't supported for rate expressions.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/state-manager-about.html#state-manager-about-scheduling
+    #   [2]: https://docs.aws.amazon.com/systems-manager/latest/userguide/state-manager-about.html#runbook-target-updates
     #   @return [Boolean]
     #
     # @!attribute [rw] calendar_names
-    #   The names or Amazon Resource Names (ARNs) of the Change Calendar
+    #   The names of Amazon Resource Names (ARNs) of the Change Calendar
     #   type documents you want to gate your associations under. The
     #   associations only run when that change calendar is open. For more
     #   information, see [Amazon Web Services Systems Manager Change
-    #   Calendar][1].
+    #   Calendar][1] in the *Amazon Web Services Systems Manager User
+    #   Guide*.
     #
     #
     #
@@ -4032,6 +4071,22 @@ module Aws::SSM
     #   to Linux managed nodes only.
     #   @return [Array<Types::PatchSource>]
     #
+    # @!attribute [rw] available_security_updates_compliance_status
+    #   Indicates the status you want to assign to security patches that are
+    #   available but not approved because they don't meet the installation
+    #   criteria specified in the patch baseline.
+    #
+    #   Example scenario: Security patches that you might want installed can
+    #   be skipped if you have specified a long period to wait after a patch
+    #   is released before installation. If an update to the patch is
+    #   released during your specified waiting period, the waiting period
+    #   for installing the patch starts over. If the waiting period is too
+    #   long, multiple versions of the patch could be released but never
+    #   installed.
+    #
+    #   Supported for Windows Server managed nodes only.
+    #   @return [String]
+    #
     # @!attribute [rw] client_token
     #   User-provided idempotency token.
     #
@@ -4071,6 +4126,7 @@ module Aws::SSM
       :rejected_patches_action,
       :description,
       :sources,
+      :available_security_updates_compliance_status,
       :client_token,
       :tags)
       SENSITIVE = []
@@ -6383,6 +6439,16 @@ module Aws::SSM
     #   is `NON_COMPLIANT`.
     #   @return [Integer]
     #
+    # @!attribute [rw] instances_with_available_security_updates
+    #   The number of managed nodes for which security-related patches are
+    #   available but not approved because because they didn't meet the
+    #   patch baseline requirements. For example, an updated version of a
+    #   patch might have been released before the specified auto-approval
+    #   period was over.
+    #
+    #   Applies to Windows Server managed nodes only.
+    #   @return [Integer]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/DescribePatchGroupStateResult AWS API Documentation
     #
     class DescribePatchGroupStateResult < Struct.new(
@@ -6397,7 +6463,8 @@ module Aws::SSM
       :instances_with_unreported_not_applicable_patches,
       :instances_with_critical_non_compliant_patches,
       :instances_with_security_non_compliant_patches,
-      :instances_with_other_non_compliant_patches)
+      :instances_with_other_non_compliant_patches,
+      :instances_with_available_security_updates)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -7529,7 +7596,7 @@ module Aws::SSM
     end
 
     # @!attribute [rw] calendar_names
-    #   The names or Amazon Resource Names (ARNs) of the Systems Manager
+    #   The names of Amazon Resource Names (ARNs) of the Systems Manager
     #   documents (SSM documents) that represent the calendar entries for
     #   which you want to get the state.
     #   @return [Array<String>]
@@ -9250,6 +9317,15 @@ module Aws::SSM
     #   to Linux managed nodes only.
     #   @return [Array<Types::PatchSource>]
     #
+    # @!attribute [rw] available_security_updates_compliance_status
+    #   Indicates the compliance status of managed nodes for which
+    #   security-related patches are available but were not approved. This
+    #   preference is specified when the `CreatePatchBaseline` or
+    #   `UpdatePatchBaseline` commands are run.
+    #
+    #   Applies to Windows Server managed nodes only.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/GetPatchBaselineResult AWS API Documentation
     #
     class GetPatchBaselineResult < Struct.new(
@@ -9267,7 +9343,8 @@ module Aws::SSM
       :created_date,
       :modified_date,
       :description,
-      :sources)
+      :sources,
+      :available_security_updates_compliance_status)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -10021,6 +10098,15 @@ module Aws::SSM
     #   `UnreportedNotApplicableCount`.
     #   @return [Integer]
     #
+    # @!attribute [rw] available_security_update_count
+    #   The number of security-related patches that are available but not
+    #   approved because they didn't meet the patch baseline requirements.
+    #   For example, an updated version of a patch might have been released
+    #   before the specified auto-approval period was over.
+    #
+    #   Applies to Windows Server managed nodes only.
+    #   @return [Integer]
+    #
     # @!attribute [rw] operation_start_time
     #   The time the most recent patching operation was started on the
     #   managed node.
@@ -10101,6 +10187,7 @@ module Aws::SSM
       :failed_count,
       :unreported_not_applicable_count,
       :not_applicable_count,
+      :available_security_update_count,
       :operation_start_time,
       :operation_end_time,
       :operation,
@@ -12055,9 +12142,15 @@ module Aws::SSM
     end
 
     # @!attribute [rw] sync_name
-    #   The name of the resource data sync to retrieve information about.
-    #   Required for cross-account/cross-Region configurations. Optional for
-    #   single account/single-Region configurations.
+    #   The name of the Amazon Web Services managed resource data sync to
+    #   retrieve information about.
+    #
+    #   For cross-account/cross-Region configurations, this parameter is
+    #   required, and the name of the supported resource data sync is
+    #   `AWS-QuickSetup-ManagedNode`.
+    #
+    #   For single account/single-Region configurations, the parameter is
+    #   not required.
     #   @return [String]
     #
     # @!attribute [rw] filters
@@ -12106,9 +12199,15 @@ module Aws::SSM
     end
 
     # @!attribute [rw] sync_name
-    #   The name of the resource data sync to retrieve information about.
-    #   Required for cross-account/cross-Region configuration. Optional for
-    #   single account/single-Region configurations.
+    #   The name of the Amazon Web Services managed resource data sync to
+    #   retrieve information about.
+    #
+    #   For cross-account/cross-Region configurations, this parameter is
+    #   required, and the name of the supported resource data sync is
+    #   `AWS-QuickSetup-ManagedNode`.
+    #
+    #   For single account/single-Region configurations, the parameter is
+    #   not required.
     #   @return [String]
     #
     # @!attribute [rw] filters
@@ -13342,7 +13441,8 @@ module Aws::SSM
     # @!attribute [rw] account_ids_to_add
     #   The Amazon Web Services users that should have access to the
     #   document. The account IDs can either be a group of account IDs or
-    #   *All*.
+    #   *All*. You must specify a value for this parameter or the
+    #   `AccountIdsToRemove` parameter.
     #   @return [Array<String>]
     #
     # @!attribute [rw] account_ids_to_remove
@@ -13350,7 +13450,8 @@ module Aws::SSM
     #   the document. The Amazon Web Services user can either be a group of
     #   account IDs or *All*. This action has a higher priority than
     #   `AccountIdsToAdd`. If you specify an ID to add and the same ID to
-    #   remove, the system removes access to the document.
+    #   remove, the system removes access to the document. You must specify
+    #   a value for this parameter or the `AccountIdsToAdd` parameter.
     #   @return [Array<String>]
     #
     # @!attribute [rw] shared_document_version
@@ -14886,6 +14987,12 @@ module Aws::SSM
 
     # The parameter couldn't be found. Verify the name and try again.
     #
+    # <note markdown="1"> For the `DeleteParameter` and `GetParameter` actions, if the specified
+    # parameter doesn't exist, the `ParameterNotFound` exception is *not*
+    # recorded in CloudTrail event logs.
+    #
+    #  </note>
+    #
     # @!attribute [rw] message
     #   @return [String]
     #
@@ -15722,8 +15829,8 @@ module Aws::SSM
     end
 
     # @!attribute [rw] name
-    #   The fully qualified name of the parameter that you want to add to
-    #   the system.
+    #   The fully qualified name of the parameter that you want to create or
+    #   update.
     #
     #   <note markdown="1"> You can't enter the Amazon Resource Name (ARN) for a parameter,
     #   only the parameter name itself.
@@ -15762,11 +15869,16 @@ module Aws::SSM
     #   see [Creating Systems Manager parameters][1] in the *Amazon Web
     #   Services Systems Manager User Guide*.
     #
-    #   <note markdown="1"> The maximum length constraint of 2048 characters listed below
-    #   includes 1037 characters reserved for internal use by Systems
-    #   Manager. The maximum length for a parameter name that you create is
-    #   1011 characters. This includes the characters in the ARN that
-    #   precede the name you specify, such as
+    #   <note markdown="1"> The reported maximum length of 2048 characters for a parameter name
+    #   includes 1037 characters that are reserved for internal use by
+    #   Systems Manager. The maximum length for a parameter name that you
+    #   specify is 1011 characters.
+    #
+    #    This count of 1011 characters includes the characters in the ARN
+    #   that precede the name you specify. This ARN length will vary
+    #   depending on your partition and Region. For example, the following
+    #   45 characters count toward the 1011 character maximum for a
+    #   parameter created in the US East (Ohio) Region:
     #   `arn:aws:ssm:us-east-2:111122223333:parameter/`.
     #
     #    </note>
@@ -15796,7 +15908,7 @@ module Aws::SSM
     #   @return [String]
     #
     # @!attribute [rw] type
-    #   The type of parameter that you want to add to the system.
+    #   The type of parameter that you want to create.
     #
     #   <note markdown="1"> `SecureString` isn't currently supported for CloudFormation
     #   templates.
@@ -15819,7 +15931,7 @@ module Aws::SSM
     #   parameters that use the `SecureString` data type.
     #
     #   If you don't specify a key ID, the system uses the default key
-    #   associated with your Amazon Web Services account which is not as
+    #   associated with your Amazon Web Services account, which is not as
     #   secure as using a custom key.
     #
     #   * To use a custom KMS key, choose the `SecureString` data type with
@@ -19204,27 +19316,39 @@ module Aws::SSM
     # @!attribute [rw] apply_only_at_cron_interval
     #   By default, when you update an association, the system runs it
     #   immediately after it is updated and then according to the schedule
-    #   you specified. Specify this option if you don't want an association
-    #   to run immediately after you update it. This parameter isn't
-    #   supported for rate expressions.
+    #   you specified. Specify `true` for `ApplyOnlyAtCronInterval` if you
+    #   want the association to run only according to the schedule you
+    #   specified.
     #
     #   If you chose this option when you created an association and later
-    #   you edit that association or you make changes to the SSM document on
-    #   which that association is based (by using the Documents page in the
-    #   console), State Manager applies the association at the next
-    #   specified cron interval. For example, if you chose the `Latest`
-    #   version of an SSM document when you created an association and you
-    #   edit the association by choosing a different document version on the
-    #   Documents page, State Manager applies the association at the next
-    #   specified cron interval if you previously selected this option. If
-    #   this option wasn't selected, State Manager immediately runs the
+    #   you edit that association or you make changes to the Automation
+    #   runbook or SSM document on which that association is based, State
+    #   Manager applies the association at the next specified cron interval.
+    #   For example, if you chose the `Latest` version of an SSM document
+    #   when you created an association and you edit the association by
+    #   choosing a different document version on the Documents page, State
+    #   Manager applies the association at the next specified cron interval
+    #   if you previously set `ApplyOnlyAtCronInterval` to `true`. If this
+    #   option wasn't selected, State Manager immediately runs the
     #   association.
     #
-    #   You can reset this option. To do so, specify the
+    #   For more information, see [Understanding when associations are
+    #   applied to resources][1] and [About target updates with Automation
+    #   runbooks][2] in the *Amazon Web Services Systems Manager User
+    #   Guide*.
+    #
+    #   This parameter isn't supported for rate expressions.
+    #
+    #   You can reset this parameter. To do so, specify the
     #   `no-apply-only-at-cron-interval` parameter when you update the
     #   association from the command line. This parameter forces the
     #   association to run immediately after updating it and according to
     #   the interval specified.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/state-manager-about.html#state-manager-about-scheduling
+    #   [2]: https://docs.aws.amazon.com/systems-manager/latest/userguide/state-manager-about.html#runbook-target-updates
     #   @return [Boolean]
     #
     # @!attribute [rw] calendar_names
@@ -19232,7 +19356,8 @@ module Aws::SSM
     #   type documents you want to gate your associations under. The
     #   associations only run when that change calendar is open. For more
     #   information, see [Amazon Web Services Systems Manager Change
-    #   Calendar][1].
+    #   Calendar][1] in the *Amazon Web Services Systems Manager User
+    #   Guide*.
     #
     #
     #
@@ -20419,6 +20544,22 @@ module Aws::SSM
     #   to Linux managed nodes only.
     #   @return [Array<Types::PatchSource>]
     #
+    # @!attribute [rw] available_security_updates_compliance_status
+    #   Indicates the status to be assigned to security patches that are
+    #   available but not approved because they don't meet the installation
+    #   criteria specified in the patch baseline.
+    #
+    #   Example scenario: Security patches that you might want installed can
+    #   be skipped if you have specified a long period to wait after a patch
+    #   is released before installation. If an update to the patch is
+    #   released during your specified waiting period, the waiting period
+    #   for installing the patch starts over. If the waiting period is too
+    #   long, multiple versions of the patch could be released but never
+    #   installed.
+    #
+    #   Supported for Windows Server managed nodes only.
+    #   @return [String]
+    #
     # @!attribute [rw] replace
     #   If True, then all fields that are required by the
     #   CreatePatchBaseline operation are also required for this API
@@ -20439,6 +20580,7 @@ module Aws::SSM
       :rejected_patches_action,
       :description,
       :sources,
+      :available_security_updates_compliance_status,
       :replace)
       SENSITIVE = []
       include Aws::Structure
@@ -20508,6 +20650,15 @@ module Aws::SSM
     #   to Linux managed nodes only.
     #   @return [Array<Types::PatchSource>]
     #
+    # @!attribute [rw] available_security_updates_compliance_status
+    #   Indicates the compliance status of managed nodes for which
+    #   security-related patches are available but were not approved. This
+    #   preference is specified when the `CreatePatchBaseline` or
+    #   `UpdatePatchBaseline` commands are run.
+    #
+    #   Applies to Windows Server managed nodes only.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/UpdatePatchBaselineResult AWS API Documentation
     #
     class UpdatePatchBaselineResult < Struct.new(
@@ -20524,7 +20675,8 @@ module Aws::SSM
       :created_date,
       :modified_date,
       :description,
-      :sources)
+      :sources,
+      :available_security_updates_compliance_status)
       SENSITIVE = []
       include Aws::Structure
     end

data/lib/aws-sdk-ssm.rb

@@ -55,7 +55,7 @@ module Aws::SSM
   autoload :EndpointProvider, 'aws-sdk-ssm/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-ssm/endpoints'
 
-  GEM_VERSION = '1.190.0'
+  GEM_VERSION = '1.192.0'
 
 end
 

data/sig/client.rbs

@@ -486,6 +486,7 @@ module Aws
                                        configuration: ::String
                                      },
                                    ],
+                                   ?available_security_updates_compliance_status: ("COMPLIANT" | "NON_COMPLIANT"),
                                    ?client_token: ::String,
                                    ?tags: Array[
                                      {
@@ -1245,6 +1246,7 @@ module Aws
         def instances_with_critical_non_compliant_patches: () -> ::Integer
         def instances_with_security_non_compliant_patches: () -> ::Integer
         def instances_with_other_non_compliant_patches: () -> ::Integer
+        def instances_with_available_security_updates: () -> ::Integer
       end
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/SSM/Client.html#describe_patch_group_state-instance_method
       def describe_patch_group_state: (
@@ -1437,7 +1439,8 @@ module Aws
                                                               products: Array[::String],
                                                               configuration: ::String
                                                             },
-                                                          ]?
+                                                          ]?,
+                                                          available_security_updates_compliance_status: ("COMPLIANT" | "NON_COMPLIANT")?
                                                         }
                                                       ) -> _GetDeployablePatchSnapshotForInstanceResponseSuccess
                                                     | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _GetDeployablePatchSnapshotForInstanceResponseSuccess
@@ -1793,6 +1796,7 @@ module Aws
         def modified_date: () -> ::Time
         def description: () -> ::String
         def sources: () -> ::Array[Types::PatchSource]
+        def available_security_updates_compliance_status: () -> ("COMPLIANT" | "NON_COMPLIANT")
       end
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/SSM/Client.html#get_patch_baseline-instance_method
       def get_patch_baseline: (
@@ -3121,6 +3125,7 @@ module Aws
         def modified_date: () -> ::Time
         def description: () -> ::String
         def sources: () -> ::Array[Types::PatchSource]
+        def available_security_updates_compliance_status: () -> ("COMPLIANT" | "NON_COMPLIANT")
       end
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/SSM/Client.html#update_patch_baseline-instance_method
       def update_patch_baseline: (
@@ -3165,6 +3170,7 @@ module Aws
                                        configuration: ::String
                                      },
                                    ],
+                                   ?available_security_updates_compliance_status: ("COMPLIANT" | "NON_COMPLIANT"),
                                    ?replace: bool
                                  ) -> _UpdatePatchBaselineResponseSuccess
                                | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _UpdatePatchBaselineResponseSuccess

data/sig/types.rbs

@@ -391,6 +391,7 @@ module Aws::SSM
       attr_accessor rejected_patches_action: ("ALLOW_AS_DEPENDENCY" | "BLOCK")
       attr_accessor approved_patches_enable_non_security: bool
       attr_accessor sources: ::Array[Types::PatchSource]
+      attr_accessor available_security_updates_compliance_status: ("COMPLIANT" | "NON_COMPLIANT")
       SENSITIVE: []
     end
 
@@ -717,6 +718,7 @@ module Aws::SSM
       attr_accessor rejected_patches_action: ("ALLOW_AS_DEPENDENCY" | "BLOCK")
       attr_accessor description: ::String
       attr_accessor sources: ::Array[Types::PatchSource]
+      attr_accessor available_security_updates_compliance_status: ("COMPLIANT" | "NON_COMPLIANT")
       attr_accessor client_token: ::String
       attr_accessor tags: ::Array[Types::Tag]
       SENSITIVE: []
@@ -1329,6 +1331,7 @@ module Aws::SSM
       attr_accessor instances_with_critical_non_compliant_patches: ::Integer
       attr_accessor instances_with_security_non_compliant_patches: ::Integer
       attr_accessor instances_with_other_non_compliant_patches: ::Integer
+      attr_accessor instances_with_available_security_updates: ::Integer
       SENSITIVE: []
     end
 
@@ -1994,6 +1997,7 @@ module Aws::SSM
       attr_accessor modified_date: ::Time
       attr_accessor description: ::String
       attr_accessor sources: ::Array[Types::PatchSource]
+      attr_accessor available_security_updates_compliance_status: ("COMPLIANT" | "NON_COMPLIANT")
       SENSITIVE: []
     end
 
@@ -2153,6 +2157,7 @@ module Aws::SSM
       attr_accessor failed_count: ::Integer
       attr_accessor unreported_not_applicable_count: ::Integer
       attr_accessor not_applicable_count: ::Integer
+      attr_accessor available_security_update_count: ::Integer
       attr_accessor operation_start_time: ::Time
       attr_accessor operation_end_time: ::Time
       attr_accessor operation: ("Scan" | "Install")
@@ -3448,7 +3453,7 @@ module Aws::SSM
       attr_accessor kb_id: ::String
       attr_accessor classification: ::String
       attr_accessor severity: ::String
-      attr_accessor state: ("INSTALLED" | "INSTALLED_OTHER" | "INSTALLED_PENDING_REBOOT" | "INSTALLED_REJECTED" | "MISSING" | "NOT_APPLICABLE" | "FAILED")
+      attr_accessor state: ("INSTALLED" | "INSTALLED_OTHER" | "INSTALLED_PENDING_REBOOT" | "INSTALLED_REJECTED" | "MISSING" | "NOT_APPLICABLE" | "FAILED" | "AVAILABLE_SECURITY_UPDATE")
       attr_accessor installed_time: ::Time
       attr_accessor cve_ids: ::String
       SENSITIVE: []
@@ -4438,6 +4443,7 @@ module Aws::SSM
       attr_accessor rejected_patches_action: ("ALLOW_AS_DEPENDENCY" | "BLOCK")
       attr_accessor description: ::String
       attr_accessor sources: ::Array[Types::PatchSource]
+      attr_accessor available_security_updates_compliance_status: ("COMPLIANT" | "NON_COMPLIANT")
       attr_accessor replace: bool
       SENSITIVE: []
     end
@@ -4457,6 +4463,7 @@ module Aws::SSM
       attr_accessor modified_date: ::Time
       attr_accessor description: ::String
       attr_accessor sources: ::Array[Types::PatchSource]
+      attr_accessor available_security_updates_compliance_status: ("COMPLIANT" | "NON_COMPLIANT")
       SENSITIVE: []
     end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-ssm
 version: !ruby/object:Gem::Version
-  version: 1.190.0
+  version: 1.192.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-02-18 00:00:00.000000000 Z
+date: 2025-03-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core