aws-sdk-ssm 1.191.0 → 1.192.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0cf59ccb8eeccc2f508b0927b7387de6f1244496a3f65248c7efeb19d89b8dee
-  data.tar.gz: 07dd8ae4bdcc32bafe5ac284c7406f12a044417248b72b6f4c2c1732a140ab19
+  metadata.gz: 6b392c9f39b462f9232bf07b416e09ddc1f864a90813afdf24489e2c02084953
+  data.tar.gz: 86e0fcc4a634784174b93e8e9761fcd42385b9659f3565b4e49a98fa544880c7
 SHA512:
-  metadata.gz: 0caffd58fae3ca04c79ace31884aa2ada349a1745575da2c3c715b725a80f8324050519ca721d63245d534b01b37b6ce28b3077dffe4eef68d47b21946bc2d15
-  data.tar.gz: 4af0b10fe3983290503268d99b4d4f3e445dbededbfebf706c020b93e33f53d2b1b200f05b9b8961ac43eee53876aa5d23c341c79b71ee641b474f9eb09d2710
+  metadata.gz: 28969f382a189fbb73c78319bb941f9b6f6f414cd3727a06796559588d220e1829fbc10f19b109a5c82d422416e83ec2f68ba0e706c2a274eb42206d57df13f5
+  data.tar.gz: 47be473f1547beadffd6487ae69ac945cbcc7c1cb596647c402177614897d47f03c2225b1a2fc88962ddb418c3f989076245c37e7b9e1f2c2d0b62a96afcb3d6

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.192.0 (2025-03-24)
+------------------
+
+* Feature - This release adds the AvailableSecurityUpdatesComplianceStatus field to patch baseline operations, as well as the AvailableSecurityUpdateCount and InstancesWithAvailableSecurityUpdates to patch state operations. Applies to Windows Server managed nodes only.
+
 1.191.0 (2025-02-28)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.191.0
+1.192.0

data/lib/aws-sdk-ssm/client.rb

@@ -2177,6 +2177,20 @@ module Aws::SSM
     #   including target operating systems and source repositories. Applies to
     #   Linux managed nodes only.
     #
+    # @option params [String] :available_security_updates_compliance_status
+    #   Indicates the status you want to assign to security patches that are
+    #   available but not approved because they don't meet the installation
+    #   criteria specified in the patch baseline.
+    #
+    #   Example scenario: Security patches that you might want installed can
+    #   be skipped if you have specified a long period to wait after a patch
+    #   is released before installation. If an update to the patch is released
+    #   during your specified waiting period, the waiting period for
+    #   installing the patch starts over. If the waiting period is too long,
+    #   multiple versions of the patch could be released but never installed.
+    #
+    #   Supported for Windows Server managed nodes only.
+    #
     # @option params [String] :client_token
     #   User-provided idempotency token.
     #
@@ -2248,6 +2262,7 @@ module Aws::SSM
     #         configuration: "PatchSourceConfiguration", # required
     #       },
     #     ],
+    #     available_security_updates_compliance_status: "COMPLIANT", # accepts COMPLIANT, NON_COMPLIANT
     #     client_token: "ClientToken",
     #     tags: [
     #       {
@@ -4191,6 +4206,7 @@ module Aws::SSM
     #   resp.instance_patch_states[0].failed_count #=> Integer
     #   resp.instance_patch_states[0].unreported_not_applicable_count #=> Integer
     #   resp.instance_patch_states[0].not_applicable_count #=> Integer
+    #   resp.instance_patch_states[0].available_security_update_count #=> Integer
     #   resp.instance_patch_states[0].operation_start_time #=> Time
     #   resp.instance_patch_states[0].operation_end_time #=> Time
     #   resp.instance_patch_states[0].operation #=> String, one of "Scan", "Install"
@@ -4272,6 +4288,7 @@ module Aws::SSM
     #   resp.instance_patch_states[0].failed_count #=> Integer
     #   resp.instance_patch_states[0].unreported_not_applicable_count #=> Integer
     #   resp.instance_patch_states[0].not_applicable_count #=> Integer
+    #   resp.instance_patch_states[0].available_security_update_count #=> Integer
     #   resp.instance_patch_states[0].operation_start_time #=> Time
     #   resp.instance_patch_states[0].operation_end_time #=> Time
     #   resp.instance_patch_states[0].operation #=> String, one of "Scan", "Install"
@@ -4363,7 +4380,7 @@ module Aws::SSM
     #   resp.patches[0].kb_id #=> String
     #   resp.patches[0].classification #=> String
     #   resp.patches[0].severity #=> String
-    #   resp.patches[0].state #=> String, one of "INSTALLED", "INSTALLED_OTHER", "INSTALLED_PENDING_REBOOT", "INSTALLED_REJECTED", "MISSING", "NOT_APPLICABLE", "FAILED"
+    #   resp.patches[0].state #=> String, one of "INSTALLED", "INSTALLED_OTHER", "INSTALLED_PENDING_REBOOT", "INSTALLED_REJECTED", "MISSING", "NOT_APPLICABLE", "FAILED", "AVAILABLE_SECURITY_UPDATE"
     #   resp.patches[0].installed_time #=> Time
     #   resp.patches[0].cve_ids #=> String
     #   resp.next_token #=> String
@@ -5419,6 +5436,7 @@ module Aws::SSM
     #   * {Types::DescribePatchGroupStateResult#instances_with_critical_non_compliant_patches #instances_with_critical_non_compliant_patches} => Integer
     #   * {Types::DescribePatchGroupStateResult#instances_with_security_non_compliant_patches #instances_with_security_non_compliant_patches} => Integer
     #   * {Types::DescribePatchGroupStateResult#instances_with_other_non_compliant_patches #instances_with_other_non_compliant_patches} => Integer
+    #   * {Types::DescribePatchGroupStateResult#instances_with_available_security_updates #instances_with_available_security_updates} => Integer
     #
     # @example Request syntax with placeholder values
     #
@@ -5440,6 +5458,7 @@ module Aws::SSM
     #   resp.instances_with_critical_non_compliant_patches #=> Integer
     #   resp.instances_with_security_non_compliant_patches #=> Integer
     #   resp.instances_with_other_non_compliant_patches #=> Integer
+    #   resp.instances_with_available_security_updates #=> Integer
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/DescribePatchGroupState AWS API Documentation
     #
@@ -6231,6 +6250,7 @@ module Aws::SSM
     #           configuration: "PatchSourceConfiguration", # required
     #         },
     #       ],
+    #       available_security_updates_compliance_status: "COMPLIANT", # accepts COMPLIANT, NON_COMPLIANT
     #     },
     #   })
     #
@@ -7434,6 +7454,7 @@ module Aws::SSM
     #   * {Types::GetPatchBaselineResult#modified_date #modified_date} => Time
     #   * {Types::GetPatchBaselineResult#description #description} => String
     #   * {Types::GetPatchBaselineResult#sources #sources} => Array<Types::PatchSource>
+    #   * {Types::GetPatchBaselineResult#available_security_updates_compliance_status #available_security_updates_compliance_status} => String
     #
     # @example Request syntax with placeholder values
     #
@@ -7476,6 +7497,7 @@ module Aws::SSM
     #   resp.sources[0].products #=> Array
     #   resp.sources[0].products[0] #=> String
     #   resp.sources[0].configuration #=> String
+    #   resp.available_security_updates_compliance_status #=> String, one of "COMPLIANT", "NON_COMPLIANT"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/GetPatchBaseline AWS API Documentation
     #
@@ -9159,14 +9181,17 @@ module Aws::SSM
     #
     # @option params [Array<String>] :account_ids_to_add
     #   The Amazon Web Services users that should have access to the document.
-    #   The account IDs can either be a group of account IDs or *All*.
+    #   The account IDs can either be a group of account IDs or *All*. You
+    #   must specify a value for this parameter or the `AccountIdsToRemove`
+    #   parameter.
     #
     # @option params [Array<String>] :account_ids_to_remove
     #   The Amazon Web Services users that should no longer have access to the
     #   document. The Amazon Web Services user can either be a group of
     #   account IDs or *All*. This action has a higher priority than
     #   `AccountIdsToAdd`. If you specify an ID to add and the same ID to
-    #   remove, the system removes access to the document.
+    #   remove, the system removes access to the document. You must specify a
+    #   value for this parameter or the `AccountIdsToAdd` parameter.
     #
     # @option params [String] :shared_document_version
     #   (Optional) The version of the document to share. If it isn't
@@ -9409,11 +9434,16 @@ module Aws::SSM
     #   [Creating Systems Manager parameters][1] in the *Amazon Web Services
     #   Systems Manager User Guide*.
     #
-    #   <note markdown="1"> The maximum length constraint of 2048 characters listed below includes
-    #   1037 characters reserved for internal use by Systems Manager. The
-    #   maximum length for a parameter name that you create is 1011
-    #   characters. This includes the characters in the ARN that precede the
-    #   name you specify, such as
+    #   <note markdown="1"> The reported maximum length of 2048 characters for a parameter name
+    #   includes 1037 characters that are reserved for internal use by Systems
+    #   Manager. The maximum length for a parameter name that you specify is
+    #   1011 characters.
+    #
+    #    This count of 1011 characters includes the characters in the ARN that
+    #   precede the name you specify. This ARN length will vary depending on
+    #   your partition and Region. For example, the following 45 characters
+    #   count toward the 1011 character maximum for a parameter created in the
+    #   US East (Ohio) Region:
     #   `arn:aws:ssm:us-east-2:111122223333:parameter/`.
     #
     #    </note>
@@ -13039,6 +13069,20 @@ module Aws::SSM
     #   including target operating systems and source repositories. Applies to
     #   Linux managed nodes only.
     #
+    # @option params [String] :available_security_updates_compliance_status
+    #   Indicates the status to be assigned to security patches that are
+    #   available but not approved because they don't meet the installation
+    #   criteria specified in the patch baseline.
+    #
+    #   Example scenario: Security patches that you might want installed can
+    #   be skipped if you have specified a long period to wait after a patch
+    #   is released before installation. If an update to the patch is released
+    #   during your specified waiting period, the waiting period for
+    #   installing the patch starts over. If the waiting period is too long,
+    #   multiple versions of the patch could be released but never installed.
+    #
+    #   Supported for Windows Server managed nodes only.
+    #
     # @option params [Boolean] :replace
     #   If True, then all fields that are required by the CreatePatchBaseline
     #   operation are also required for this API request. Optional fields that
@@ -13060,6 +13104,7 @@ module Aws::SSM
     #   * {Types::UpdatePatchBaselineResult#modified_date #modified_date} => Time
     #   * {Types::UpdatePatchBaselineResult#description #description} => String
     #   * {Types::UpdatePatchBaselineResult#sources #sources} => Array&lt;Types::PatchSource&gt;
+    #   * {Types::UpdatePatchBaselineResult#available_security_updates_compliance_status #available_security_updates_compliance_status} => String
     #
     # @example Request syntax with placeholder values
     #
@@ -13105,6 +13150,7 @@ module Aws::SSM
     #         configuration: "PatchSourceConfiguration", # required
     #       },
     #     ],
+    #     available_security_updates_compliance_status: "COMPLIANT", # accepts COMPLIANT, NON_COMPLIANT
     #     replace: false,
     #   })
     #
@@ -13141,6 +13187,7 @@ module Aws::SSM
     #   resp.sources[0].products #=> Array
     #   resp.sources[0].products[0] #=> String
     #   resp.sources[0].configuration #=> String
+    #   resp.available_security_updates_compliance_status #=> String, one of "COMPLIANT", "NON_COMPLIANT"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/UpdatePatchBaseline AWS API Documentation
     #
@@ -13324,7 +13371,7 @@ module Aws::SSM
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-ssm'
-      context[:gem_version] = '1.191.0'
+      context[:gem_version] = '1.192.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-ssm/client_api.rb

@@ -947,6 +947,7 @@ module Aws::SSM
     PatchAdvisoryId = Shapes::StringShape.new(name: 'PatchAdvisoryId')
     PatchAdvisoryIdList = Shapes::ListShape.new(name: 'PatchAdvisoryIdList')
     PatchArch = Shapes::StringShape.new(name: 'PatchArch')
+    PatchAvailableSecurityUpdateCount = Shapes::IntegerShape.new(name: 'PatchAvailableSecurityUpdateCount')
     PatchBaselineIdentity = Shapes::StructureShape.new(name: 'PatchBaselineIdentity')
     PatchBaselineIdentityList = Shapes::ListShape.new(name: 'PatchBaselineIdentityList')
     PatchBaselineMaxResults = Shapes::IntegerShape.new(name: 'PatchBaselineMaxResults')
@@ -961,6 +962,7 @@ module Aws::SSM
     PatchComplianceDataState = Shapes::StringShape.new(name: 'PatchComplianceDataState')
     PatchComplianceLevel = Shapes::StringShape.new(name: 'PatchComplianceLevel')
     PatchComplianceMaxResults = Shapes::IntegerShape.new(name: 'PatchComplianceMaxResults')
+    PatchComplianceStatus = Shapes::StringShape.new(name: 'PatchComplianceStatus')
     PatchContentUrl = Shapes::StringShape.new(name: 'PatchContentUrl')
     PatchCriticalNonCompliantCount = Shapes::IntegerShape.new(name: 'PatchCriticalNonCompliantCount')
     PatchDeploymentStatus = Shapes::StringShape.new(name: 'PatchDeploymentStatus')
@@ -1644,6 +1646,7 @@ module Aws::SSM
     BaselineOverride.add_member(:rejected_patches_action, Shapes::ShapeRef.new(shape: PatchAction, location_name: "RejectedPatchesAction"))
     BaselineOverride.add_member(:approved_patches_enable_non_security, Shapes::ShapeRef.new(shape: Boolean, location_name: "ApprovedPatchesEnableNonSecurity"))
     BaselineOverride.add_member(:sources, Shapes::ShapeRef.new(shape: PatchSourceList, location_name: "Sources"))
+    BaselineOverride.add_member(:available_security_updates_compliance_status, Shapes::ShapeRef.new(shape: PatchComplianceStatus, location_name: "AvailableSecurityUpdatesComplianceStatus"))
     BaselineOverride.struct_class = Types::BaselineOverride
 
     CalendarNameOrARNList.member = Shapes::ShapeRef.new(shape: CalendarNameOrARN)
@@ -1940,6 +1943,7 @@ module Aws::SSM
     CreatePatchBaselineRequest.add_member(:rejected_patches_action, Shapes::ShapeRef.new(shape: PatchAction, location_name: "RejectedPatchesAction"))
     CreatePatchBaselineRequest.add_member(:description, Shapes::ShapeRef.new(shape: BaselineDescription, location_name: "Description"))
     CreatePatchBaselineRequest.add_member(:sources, Shapes::ShapeRef.new(shape: PatchSourceList, location_name: "Sources"))
+    CreatePatchBaselineRequest.add_member(:available_security_updates_compliance_status, Shapes::ShapeRef.new(shape: PatchComplianceStatus, location_name: "AvailableSecurityUpdatesComplianceStatus"))
     CreatePatchBaselineRequest.add_member(:client_token, Shapes::ShapeRef.new(shape: ClientToken, location_name: "ClientToken", metadata: {"idempotencyToken"=>true}))
     CreatePatchBaselineRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, location_name: "Tags"))
     CreatePatchBaselineRequest.struct_class = Types::CreatePatchBaselineRequest
@@ -2370,6 +2374,7 @@ module Aws::SSM
     DescribePatchGroupStateResult.add_member(:instances_with_critical_non_compliant_patches, Shapes::ShapeRef.new(shape: InstancesCount, location_name: "InstancesWithCriticalNonCompliantPatches", metadata: {"box"=>true}))
     DescribePatchGroupStateResult.add_member(:instances_with_security_non_compliant_patches, Shapes::ShapeRef.new(shape: InstancesCount, location_name: "InstancesWithSecurityNonCompliantPatches", metadata: {"box"=>true}))
     DescribePatchGroupStateResult.add_member(:instances_with_other_non_compliant_patches, Shapes::ShapeRef.new(shape: InstancesCount, location_name: "InstancesWithOtherNonCompliantPatches", metadata: {"box"=>true}))
+    DescribePatchGroupStateResult.add_member(:instances_with_available_security_updates, Shapes::ShapeRef.new(shape: Integer, location_name: "InstancesWithAvailableSecurityUpdates", metadata: {"box"=>true}))
     DescribePatchGroupStateResult.struct_class = Types::DescribePatchGroupStateResult
 
     DescribePatchGroupsRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: PatchBaselineMaxResults, location_name: "MaxResults", metadata: {"box"=>true}))
@@ -2891,6 +2896,7 @@ module Aws::SSM
     GetPatchBaselineResult.add_member(:modified_date, Shapes::ShapeRef.new(shape: DateTime, location_name: "ModifiedDate"))
     GetPatchBaselineResult.add_member(:description, Shapes::ShapeRef.new(shape: BaselineDescription, location_name: "Description"))
     GetPatchBaselineResult.add_member(:sources, Shapes::ShapeRef.new(shape: PatchSourceList, location_name: "Sources"))
+    GetPatchBaselineResult.add_member(:available_security_updates_compliance_status, Shapes::ShapeRef.new(shape: PatchComplianceStatus, location_name: "AvailableSecurityUpdatesComplianceStatus"))
     GetPatchBaselineResult.struct_class = Types::GetPatchBaselineResult
 
     GetResourcePoliciesRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: ResourceArnString, required: true, location_name: "ResourceArn"))
@@ -3031,6 +3037,7 @@ module Aws::SSM
     InstancePatchState.add_member(:failed_count, Shapes::ShapeRef.new(shape: PatchFailedCount, location_name: "FailedCount"))
     InstancePatchState.add_member(:unreported_not_applicable_count, Shapes::ShapeRef.new(shape: PatchUnreportedNotApplicableCount, location_name: "UnreportedNotApplicableCount", metadata: {"box"=>true}))
     InstancePatchState.add_member(:not_applicable_count, Shapes::ShapeRef.new(shape: PatchNotApplicableCount, location_name: "NotApplicableCount"))
+    InstancePatchState.add_member(:available_security_update_count, Shapes::ShapeRef.new(shape: PatchAvailableSecurityUpdateCount, location_name: "AvailableSecurityUpdateCount", metadata: {"box"=>true}))
     InstancePatchState.add_member(:operation_start_time, Shapes::ShapeRef.new(shape: DateTime, required: true, location_name: "OperationStartTime"))
     InstancePatchState.add_member(:operation_end_time, Shapes::ShapeRef.new(shape: DateTime, required: true, location_name: "OperationEndTime"))
     InstancePatchState.add_member(:operation, Shapes::ShapeRef.new(shape: PatchOperationType, required: true, location_name: "Operation"))
@@ -4986,6 +4993,7 @@ module Aws::SSM
     UpdatePatchBaselineRequest.add_member(:rejected_patches_action, Shapes::ShapeRef.new(shape: PatchAction, location_name: "RejectedPatchesAction"))
     UpdatePatchBaselineRequest.add_member(:description, Shapes::ShapeRef.new(shape: BaselineDescription, location_name: "Description"))
     UpdatePatchBaselineRequest.add_member(:sources, Shapes::ShapeRef.new(shape: PatchSourceList, location_name: "Sources"))
+    UpdatePatchBaselineRequest.add_member(:available_security_updates_compliance_status, Shapes::ShapeRef.new(shape: PatchComplianceStatus, location_name: "AvailableSecurityUpdatesComplianceStatus"))
     UpdatePatchBaselineRequest.add_member(:replace, Shapes::ShapeRef.new(shape: Boolean, location_name: "Replace", metadata: {"box"=>true}))
     UpdatePatchBaselineRequest.struct_class = Types::UpdatePatchBaselineRequest
 
@@ -5003,6 +5011,7 @@ module Aws::SSM
     UpdatePatchBaselineResult.add_member(:modified_date, Shapes::ShapeRef.new(shape: DateTime, location_name: "ModifiedDate"))
     UpdatePatchBaselineResult.add_member(:description, Shapes::ShapeRef.new(shape: BaselineDescription, location_name: "Description"))
     UpdatePatchBaselineResult.add_member(:sources, Shapes::ShapeRef.new(shape: PatchSourceList, location_name: "Sources"))
+    UpdatePatchBaselineResult.add_member(:available_security_updates_compliance_status, Shapes::ShapeRef.new(shape: PatchComplianceStatus, location_name: "AvailableSecurityUpdatesComplianceStatus"))
     UpdatePatchBaselineResult.struct_class = Types::UpdatePatchBaselineResult
 
     UpdateResourceDataSyncRequest.add_member(:sync_name, Shapes::ShapeRef.new(shape: ResourceDataSyncName, required: true, location_name: "SyncName"))

data/lib/aws-sdk-ssm/types.rb

@@ -1829,6 +1829,16 @@ module Aws::SSM
     #   to Linux managed nodes only.
     #   @return [Array<Types::PatchSource>]
     #
+    # @!attribute [rw] available_security_updates_compliance_status
+    #   Indicates whether managed nodes for which there are available
+    #   security-related patches that have not been approved by the baseline
+    #   are being defined as `COMPLIANT` or `NON_COMPLIANT`. This option is
+    #   specified when the `CreatePatchBaseline` or `UpdatePatchBaseline`
+    #   commands are run.
+    #
+    #   Applies to Windows Server managed nodes only.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/BaselineOverride AWS API Documentation
     #
     class BaselineOverride < Struct.new(
@@ -1840,7 +1850,8 @@ module Aws::SSM
       :rejected_patches,
       :rejected_patches_action,
       :approved_patches_enable_non_security,
-      :sources)
+      :sources,
+      :available_security_updates_compliance_status)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4060,6 +4071,22 @@ module Aws::SSM
     #   to Linux managed nodes only.
     #   @return [Array<Types::PatchSource>]
     #
+    # @!attribute [rw] available_security_updates_compliance_status
+    #   Indicates the status you want to assign to security patches that are
+    #   available but not approved because they don't meet the installation
+    #   criteria specified in the patch baseline.
+    #
+    #   Example scenario: Security patches that you might want installed can
+    #   be skipped if you have specified a long period to wait after a patch
+    #   is released before installation. If an update to the patch is
+    #   released during your specified waiting period, the waiting period
+    #   for installing the patch starts over. If the waiting period is too
+    #   long, multiple versions of the patch could be released but never
+    #   installed.
+    #
+    #   Supported for Windows Server managed nodes only.
+    #   @return [String]
+    #
     # @!attribute [rw] client_token
     #   User-provided idempotency token.
     #
@@ -4099,6 +4126,7 @@ module Aws::SSM
       :rejected_patches_action,
       :description,
       :sources,
+      :available_security_updates_compliance_status,
       :client_token,
       :tags)
       SENSITIVE = []
@@ -6411,6 +6439,16 @@ module Aws::SSM
     #   is `NON_COMPLIANT`.
     #   @return [Integer]
     #
+    # @!attribute [rw] instances_with_available_security_updates
+    #   The number of managed nodes for which security-related patches are
+    #   available but not approved because because they didn't meet the
+    #   patch baseline requirements. For example, an updated version of a
+    #   patch might have been released before the specified auto-approval
+    #   period was over.
+    #
+    #   Applies to Windows Server managed nodes only.
+    #   @return [Integer]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/DescribePatchGroupStateResult AWS API Documentation
     #
     class DescribePatchGroupStateResult < Struct.new(
@@ -6425,7 +6463,8 @@ module Aws::SSM
       :instances_with_unreported_not_applicable_patches,
       :instances_with_critical_non_compliant_patches,
       :instances_with_security_non_compliant_patches,
-      :instances_with_other_non_compliant_patches)
+      :instances_with_other_non_compliant_patches,
+      :instances_with_available_security_updates)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9278,6 +9317,15 @@ module Aws::SSM
     #   to Linux managed nodes only.
     #   @return [Array<Types::PatchSource>]
     #
+    # @!attribute [rw] available_security_updates_compliance_status
+    #   Indicates the compliance status of managed nodes for which
+    #   security-related patches are available but were not approved. This
+    #   preference is specified when the `CreatePatchBaseline` or
+    #   `UpdatePatchBaseline` commands are run.
+    #
+    #   Applies to Windows Server managed nodes only.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/GetPatchBaselineResult AWS API Documentation
     #
     class GetPatchBaselineResult < Struct.new(
@@ -9295,7 +9343,8 @@ module Aws::SSM
       :created_date,
       :modified_date,
       :description,
-      :sources)
+      :sources,
+      :available_security_updates_compliance_status)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -10049,6 +10098,15 @@ module Aws::SSM
     #   `UnreportedNotApplicableCount`.
     #   @return [Integer]
     #
+    # @!attribute [rw] available_security_update_count
+    #   The number of security-related patches that are available but not
+    #   approved because they didn't meet the patch baseline requirements.
+    #   For example, an updated version of a patch might have been released
+    #   before the specified auto-approval period was over.
+    #
+    #   Applies to Windows Server managed nodes only.
+    #   @return [Integer]
+    #
     # @!attribute [rw] operation_start_time
     #   The time the most recent patching operation was started on the
     #   managed node.
@@ -10129,6 +10187,7 @@ module Aws::SSM
       :failed_count,
       :unreported_not_applicable_count,
       :not_applicable_count,
+      :available_security_update_count,
       :operation_start_time,
       :operation_end_time,
       :operation,
@@ -13382,7 +13441,8 @@ module Aws::SSM
     # @!attribute [rw] account_ids_to_add
     #   The Amazon Web Services users that should have access to the
     #   document. The account IDs can either be a group of account IDs or
-    #   *All*.
+    #   *All*. You must specify a value for this parameter or the
+    #   `AccountIdsToRemove` parameter.
     #   @return [Array<String>]
     #
     # @!attribute [rw] account_ids_to_remove
@@ -13390,7 +13450,8 @@ module Aws::SSM
     #   the document. The Amazon Web Services user can either be a group of
     #   account IDs or *All*. This action has a higher priority than
     #   `AccountIdsToAdd`. If you specify an ID to add and the same ID to
-    #   remove, the system removes access to the document.
+    #   remove, the system removes access to the document. You must specify
+    #   a value for this parameter or the `AccountIdsToAdd` parameter.
     #   @return [Array<String>]
     #
     # @!attribute [rw] shared_document_version
@@ -15808,11 +15869,16 @@ module Aws::SSM
     #   see [Creating Systems Manager parameters][1] in the *Amazon Web
     #   Services Systems Manager User Guide*.
     #
-    #   <note markdown="1"> The maximum length constraint of 2048 characters listed below
-    #   includes 1037 characters reserved for internal use by Systems
-    #   Manager. The maximum length for a parameter name that you create is
-    #   1011 characters. This includes the characters in the ARN that
-    #   precede the name you specify, such as
+    #   <note markdown="1"> The reported maximum length of 2048 characters for a parameter name
+    #   includes 1037 characters that are reserved for internal use by
+    #   Systems Manager. The maximum length for a parameter name that you
+    #   specify is 1011 characters.
+    #
+    #    This count of 1011 characters includes the characters in the ARN
+    #   that precede the name you specify. This ARN length will vary
+    #   depending on your partition and Region. For example, the following
+    #   45 characters count toward the 1011 character maximum for a
+    #   parameter created in the US East (Ohio) Region:
     #   `arn:aws:ssm:us-east-2:111122223333:parameter/`.
     #
     #    </note>
@@ -20478,6 +20544,22 @@ module Aws::SSM
     #   to Linux managed nodes only.
     #   @return [Array<Types::PatchSource>]
     #
+    # @!attribute [rw] available_security_updates_compliance_status
+    #   Indicates the status to be assigned to security patches that are
+    #   available but not approved because they don't meet the installation
+    #   criteria specified in the patch baseline.
+    #
+    #   Example scenario: Security patches that you might want installed can
+    #   be skipped if you have specified a long period to wait after a patch
+    #   is released before installation. If an update to the patch is
+    #   released during your specified waiting period, the waiting period
+    #   for installing the patch starts over. If the waiting period is too
+    #   long, multiple versions of the patch could be released but never
+    #   installed.
+    #
+    #   Supported for Windows Server managed nodes only.
+    #   @return [String]
+    #
     # @!attribute [rw] replace
     #   If True, then all fields that are required by the
     #   CreatePatchBaseline operation are also required for this API
@@ -20498,6 +20580,7 @@ module Aws::SSM
       :rejected_patches_action,
       :description,
       :sources,
+      :available_security_updates_compliance_status,
       :replace)
       SENSITIVE = []
       include Aws::Structure
@@ -20567,6 +20650,15 @@ module Aws::SSM
     #   to Linux managed nodes only.
     #   @return [Array<Types::PatchSource>]
     #
+    # @!attribute [rw] available_security_updates_compliance_status
+    #   Indicates the compliance status of managed nodes for which
+    #   security-related patches are available but were not approved. This
+    #   preference is specified when the `CreatePatchBaseline` or
+    #   `UpdatePatchBaseline` commands are run.
+    #
+    #   Applies to Windows Server managed nodes only.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/UpdatePatchBaselineResult AWS API Documentation
     #
     class UpdatePatchBaselineResult < Struct.new(
@@ -20583,7 +20675,8 @@ module Aws::SSM
       :created_date,
       :modified_date,
       :description,
-      :sources)
+      :sources,
+      :available_security_updates_compliance_status)
       SENSITIVE = []
       include Aws::Structure
     end

data/lib/aws-sdk-ssm.rb

@@ -55,7 +55,7 @@ module Aws::SSM
   autoload :EndpointProvider, 'aws-sdk-ssm/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-ssm/endpoints'
 
-  GEM_VERSION = '1.191.0'
+  GEM_VERSION = '1.192.0'
 
 end
 

data/sig/client.rbs

@@ -486,6 +486,7 @@ module Aws
                                        configuration: ::String
                                      },
                                    ],
+                                   ?available_security_updates_compliance_status: ("COMPLIANT" | "NON_COMPLIANT"),
                                    ?client_token: ::String,
                                    ?tags: Array[
                                      {
@@ -1245,6 +1246,7 @@ module Aws
         def instances_with_critical_non_compliant_patches: () -> ::Integer
         def instances_with_security_non_compliant_patches: () -> ::Integer
         def instances_with_other_non_compliant_patches: () -> ::Integer
+        def instances_with_available_security_updates: () -> ::Integer
       end
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/SSM/Client.html#describe_patch_group_state-instance_method
       def describe_patch_group_state: (
@@ -1437,7 +1439,8 @@ module Aws
                                                               products: Array[::String],
                                                               configuration: ::String
                                                             },
-                                                          ]?
+                                                          ]?,
+                                                          available_security_updates_compliance_status: ("COMPLIANT" | "NON_COMPLIANT")?
                                                         }
                                                       ) -> _GetDeployablePatchSnapshotForInstanceResponseSuccess
                                                     | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _GetDeployablePatchSnapshotForInstanceResponseSuccess
@@ -1793,6 +1796,7 @@ module Aws
         def modified_date: () -> ::Time
         def description: () -> ::String
         def sources: () -> ::Array[Types::PatchSource]
+        def available_security_updates_compliance_status: () -> ("COMPLIANT" | "NON_COMPLIANT")
       end
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/SSM/Client.html#get_patch_baseline-instance_method
       def get_patch_baseline: (
@@ -3121,6 +3125,7 @@ module Aws
         def modified_date: () -> ::Time
         def description: () -> ::String
         def sources: () -> ::Array[Types::PatchSource]
+        def available_security_updates_compliance_status: () -> ("COMPLIANT" | "NON_COMPLIANT")
       end
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/SSM/Client.html#update_patch_baseline-instance_method
       def update_patch_baseline: (
@@ -3165,6 +3170,7 @@ module Aws
                                        configuration: ::String
                                      },
                                    ],
+                                   ?available_security_updates_compliance_status: ("COMPLIANT" | "NON_COMPLIANT"),
                                    ?replace: bool
                                  ) -> _UpdatePatchBaselineResponseSuccess
                                | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _UpdatePatchBaselineResponseSuccess

data/sig/types.rbs

@@ -391,6 +391,7 @@ module Aws::SSM
       attr_accessor rejected_patches_action: ("ALLOW_AS_DEPENDENCY" | "BLOCK")
       attr_accessor approved_patches_enable_non_security: bool
       attr_accessor sources: ::Array[Types::PatchSource]
+      attr_accessor available_security_updates_compliance_status: ("COMPLIANT" | "NON_COMPLIANT")
       SENSITIVE: []
     end
 
@@ -717,6 +718,7 @@ module Aws::SSM
       attr_accessor rejected_patches_action: ("ALLOW_AS_DEPENDENCY" | "BLOCK")
       attr_accessor description: ::String
       attr_accessor sources: ::Array[Types::PatchSource]
+      attr_accessor available_security_updates_compliance_status: ("COMPLIANT" | "NON_COMPLIANT")
       attr_accessor client_token: ::String
       attr_accessor tags: ::Array[Types::Tag]
       SENSITIVE: []
@@ -1329,6 +1331,7 @@ module Aws::SSM
       attr_accessor instances_with_critical_non_compliant_patches: ::Integer
       attr_accessor instances_with_security_non_compliant_patches: ::Integer
       attr_accessor instances_with_other_non_compliant_patches: ::Integer
+      attr_accessor instances_with_available_security_updates: ::Integer
       SENSITIVE: []
     end
 
@@ -1994,6 +1997,7 @@ module Aws::SSM
       attr_accessor modified_date: ::Time
       attr_accessor description: ::String
       attr_accessor sources: ::Array[Types::PatchSource]
+      attr_accessor available_security_updates_compliance_status: ("COMPLIANT" | "NON_COMPLIANT")
       SENSITIVE: []
     end
 
@@ -2153,6 +2157,7 @@ module Aws::SSM
       attr_accessor failed_count: ::Integer
       attr_accessor unreported_not_applicable_count: ::Integer
       attr_accessor not_applicable_count: ::Integer
+      attr_accessor available_security_update_count: ::Integer
       attr_accessor operation_start_time: ::Time
       attr_accessor operation_end_time: ::Time
       attr_accessor operation: ("Scan" | "Install")
@@ -3448,7 +3453,7 @@ module Aws::SSM
       attr_accessor kb_id: ::String
       attr_accessor classification: ::String
       attr_accessor severity: ::String
-      attr_accessor state: ("INSTALLED" | "INSTALLED_OTHER" | "INSTALLED_PENDING_REBOOT" | "INSTALLED_REJECTED" | "MISSING" | "NOT_APPLICABLE" | "FAILED")
+      attr_accessor state: ("INSTALLED" | "INSTALLED_OTHER" | "INSTALLED_PENDING_REBOOT" | "INSTALLED_REJECTED" | "MISSING" | "NOT_APPLICABLE" | "FAILED" | "AVAILABLE_SECURITY_UPDATE")
       attr_accessor installed_time: ::Time
       attr_accessor cve_ids: ::String
       SENSITIVE: []
@@ -4438,6 +4443,7 @@ module Aws::SSM
       attr_accessor rejected_patches_action: ("ALLOW_AS_DEPENDENCY" | "BLOCK")
       attr_accessor description: ::String
       attr_accessor sources: ::Array[Types::PatchSource]
+      attr_accessor available_security_updates_compliance_status: ("COMPLIANT" | "NON_COMPLIANT")
       attr_accessor replace: bool
       SENSITIVE: []
     end
@@ -4457,6 +4463,7 @@ module Aws::SSM
       attr_accessor modified_date: ::Time
       attr_accessor description: ::String
       attr_accessor sources: ::Array[Types::PatchSource]
+      attr_accessor available_security_updates_compliance_status: ("COMPLIANT" | "NON_COMPLIANT")
       SENSITIVE: []
     end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-ssm
 version: !ruby/object:Gem::Version
-  version: 1.191.0
+  version: 1.192.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-02-28 00:00:00.000000000 Z
+date: 2025-03-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core