@aws-sdk/client-ssm 3.759.0 → 3.774.0

package/dist-es/models/models_0.js

@@ -658,6 +658,10 @@ export const PatchFilterKey = {
     Severity: "SEVERITY",
     Version: "VERSION",
 };
+export const PatchComplianceStatus = {
+    Compliant: "COMPLIANT",
+    NonCompliant: "NON_COMPLIANT",
+};
 export const OperatingSystem = {
     AlmaLinux: "ALMA_LINUX",
     AmazonLinux: "AMAZON_LINUX",
@@ -1241,6 +1245,7 @@ export class InvalidInstanceInformationFilterValue extends __BaseException {
     }
 }
 export const PatchComplianceDataState = {
+    AvailableSecurityUpdate: "AVAILABLE_SECURITY_UPDATE",
     Failed: "FAILED",
     Installed: "INSTALLED",
     InstalledOther: "INSTALLED_OTHER",

package/dist-es/protocols/Aws_json1_1.js

@@ -4446,6 +4446,7 @@ const se_CreatePatchBaselineRequest = (input, context) => {
         ApprovedPatches: _json,
         ApprovedPatchesComplianceLevel: [],
         ApprovedPatchesEnableNonSecurity: [],
+        AvailableSecurityUpdatesComplianceStatus: [],
         ClientToken: [true, (_) => _ ?? generateIdempotencyToken()],
         Description: [],
         GlobalFilters: _json,
@@ -5443,6 +5444,7 @@ const de_GetPatchBaselineResult = (output, context) => {
         ApprovedPatches: _json,
         ApprovedPatchesComplianceLevel: __expectString,
         ApprovedPatchesEnableNonSecurity: __expectBoolean,
+        AvailableSecurityUpdatesComplianceStatus: __expectString,
         BaselineId: __expectString,
         CreatedDate: (_) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))),
         Description: __expectString,
@@ -5520,6 +5522,7 @@ const de_InstanceInformationList = (output, context) => {
 };
 const de_InstancePatchState = (output, context) => {
     return take(output, {
+        AvailableSecurityUpdateCount: __expectInt32,
         BaselineId: __expectString,
         CriticalNonCompliantCount: __expectInt32,
         FailedCount: __expectInt32,
@@ -6219,6 +6222,7 @@ const de_UpdatePatchBaselineResult = (output, context) => {
         ApprovedPatches: _json,
         ApprovedPatchesComplianceLevel: __expectString,
         ApprovedPatchesEnableNonSecurity: __expectBoolean,
+        AvailableSecurityUpdatesComplianceStatus: __expectString,
         BaselineId: __expectString,
         CreatedDate: (_) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))),
         Description: __expectString,

package/dist-types/commands/CreatePatchBaselineCommand.d.ts

@@ -90,6 +90,7 @@ declare const CreatePatchBaselineCommand_base: {
  *       Configuration: "STRING_VALUE", // required
  *     },
  *   ],
+ *   AvailableSecurityUpdatesComplianceStatus: "COMPLIANT" || "NON_COMPLIANT",
  *   ClientToken: "STRING_VALUE",
  *   Tags: [ // TagList
  *     { // Tag

package/dist-types/commands/DescribeInstancePatchStatesCommand.d.ts

@@ -60,6 +60,7 @@ declare const DescribeInstancePatchStatesCommand_base: {
  * //       FailedCount: Number("int"),
  * //       UnreportedNotApplicableCount: Number("int"),
  * //       NotApplicableCount: Number("int"),
+ * //       AvailableSecurityUpdateCount: Number("int"),
  * //       OperationStartTime: new Date("TIMESTAMP"), // required
  * //       OperationEndTime: new Date("TIMESTAMP"), // required
  * //       Operation: "Scan" || "Install", // required

package/dist-types/commands/DescribeInstancePatchStatesForPatchGroupCommand.d.ts

@@ -68,6 +68,7 @@ declare const DescribeInstancePatchStatesForPatchGroupCommand_base: {
  * //       FailedCount: Number("int"),
  * //       UnreportedNotApplicableCount: Number("int"),
  * //       NotApplicableCount: Number("int"),
+ * //       AvailableSecurityUpdateCount: Number("int"),
  * //       OperationStartTime: new Date("TIMESTAMP"), // required
  * //       OperationEndTime: new Date("TIMESTAMP"), // required
  * //       Operation: "Scan" || "Install", // required

package/dist-types/commands/DescribeInstancePatchesCommand.d.ts

@@ -57,7 +57,7 @@ declare const DescribeInstancePatchesCommand_base: {
  * //       KBId: "STRING_VALUE", // required
  * //       Classification: "STRING_VALUE", // required
  * //       Severity: "STRING_VALUE", // required
- * //       State: "INSTALLED" || "INSTALLED_OTHER" || "INSTALLED_PENDING_REBOOT" || "INSTALLED_REJECTED" || "MISSING" || "NOT_APPLICABLE" || "FAILED", // required
+ * //       State: "INSTALLED" || "INSTALLED_OTHER" || "INSTALLED_PENDING_REBOOT" || "INSTALLED_REJECTED" || "MISSING" || "NOT_APPLICABLE" || "FAILED" || "AVAILABLE_SECURITY_UPDATE", // required
  * //       InstalledTime: new Date("TIMESTAMP"), // required
  * //       CVEIds: "STRING_VALUE",
  * //     },

package/dist-types/commands/DescribePatchGroupStateCommand.d.ts

@@ -52,6 +52,7 @@ declare const DescribePatchGroupStateCommand_base: {
  * //   InstancesWithCriticalNonCompliantPatches: Number("int"),
  * //   InstancesWithSecurityNonCompliantPatches: Number("int"),
  * //   InstancesWithOtherNonCompliantPatches: Number("int"),
+ * //   InstancesWithAvailableSecurityUpdates: Number("int"),
  * // };
  *
  * ```

package/dist-types/commands/GetDeployablePatchSnapshotForInstanceCommand.d.ts

@@ -95,6 +95,7 @@ declare const GetDeployablePatchSnapshotForInstanceCommand_base: {
  *         Configuration: "STRING_VALUE", // required
  *       },
  *     ],
+ *     AvailableSecurityUpdatesComplianceStatus: "COMPLIANT" || "NON_COMPLIANT",
  *   },
  * };
  * const command = new GetDeployablePatchSnapshotForInstanceCommand(input);

package/dist-types/commands/GetPatchBaselineCommand.d.ts

@@ -97,6 +97,7 @@ declare const GetPatchBaselineCommand_base: {
  * //       Configuration: "STRING_VALUE", // required
  * //     },
  * //   ],
+ * //   AvailableSecurityUpdatesComplianceStatus: "COMPLIANT" || "NON_COMPLIANT",
  * // };
  *
  * ```

package/dist-types/commands/ResetServiceSettingCommand.d.ts

@@ -1,7 +1,6 @@
 import { Command as $Command } from "@smithy/smithy-client";
 import { MetadataBearer as __MetadataBearer } from "@smithy/types";
-import { ResetServiceSettingRequest } from "../models/models_1";
-import { ResetServiceSettingResult } from "../models/models_2";
+import { ResetServiceSettingRequest, ResetServiceSettingResult } from "../models/models_2";
 import { ServiceInputTypes, ServiceOutputTypes, SSMClientResolvedConfig } from "../SSMClient";
 /**
  * @public

package/dist-types/commands/UpdatePatchBaselineCommand.d.ts

@@ -91,6 +91,7 @@ declare const UpdatePatchBaselineCommand_base: {
  *       Configuration: "STRING_VALUE", // required
  *     },
  *   ],
+ *   AvailableSecurityUpdatesComplianceStatus: "COMPLIANT" || "NON_COMPLIANT",
  *   Replace: true || false,
  * };
  * const command = new UpdatePatchBaselineCommand(input);
@@ -150,6 +151,7 @@ declare const UpdatePatchBaselineCommand_base: {
  * //       Configuration: "STRING_VALUE", // required
  * //     },
  * //   ],
+ * //   AvailableSecurityUpdatesComplianceStatus: "COMPLIANT" || "NON_COMPLIANT",
  * // };
  *
  * ```

package/dist-types/models/models_0.d.ts

@@ -3130,6 +3130,18 @@ export interface PatchRuleGroup {
      */
     PatchRules: PatchRule[] | undefined;
 }
+/**
+ * @public
+ * @enum
+ */
+export declare const PatchComplianceStatus: {
+    readonly Compliant: "COMPLIANT";
+    readonly NonCompliant: "NON_COMPLIANT";
+};
+/**
+ * @public
+ */
+export type PatchComplianceStatus = (typeof PatchComplianceStatus)[keyof typeof PatchComplianceStatus];
 /**
  * @public
  * @enum
@@ -3308,6 +3320,19 @@ export interface CreatePatchBaselineRequest {
      * @public
      */
     Sources?: PatchSource[] | undefined;
+    /**
+     * <p>Indicates the status you want to assign to security patches that are available but not
+     *    approved because they don't meet the installation criteria specified in the patch
+     *    baseline.</p>
+     *          <p>Example scenario: Security patches that you might want installed can be skipped if you have
+     *    specified a long period to wait after a patch is released before installation. If an update to
+     *    the patch is released during your specified waiting period, the waiting period for installing the
+     *    patch starts over. If the waiting period is too long, multiple versions of the patch could be
+     *    released but never installed.</p>
+     *          <p>Supported for Windows Server managed nodes only.</p>
+     * @public
+     */
+    AvailableSecurityUpdatesComplianceStatus?: PatchComplianceStatus | undefined;
     /**
      * <p>User-provided idempotency token.</p>
      * @public
@@ -6677,6 +6702,7 @@ export interface DescribeInstancePatchesRequest {
  * @enum
  */
 export declare const PatchComplianceDataState: {
+    readonly AvailableSecurityUpdate: "AVAILABLE_SECURITY_UPDATE";
     readonly Failed: "FAILED";
     readonly Installed: "INSTALLED";
     readonly InstalledOther: "INSTALLED_OTHER";
@@ -6927,6 +6953,14 @@ export interface InstancePatchState {
      * @public
      */
     NotApplicableCount?: number | undefined;
+    /**
+     * <p>The number of security-related patches that are available but not approved because they
+     *    didn't meet the patch baseline requirements. For example, an updated version of a patch might
+     *    have been released before the specified auto-approval period was over.</p>
+     *          <p>Applies to Windows Server managed nodes only.</p>
+     * @public
+     */
+    AvailableSecurityUpdateCount?: number | undefined;
     /**
      * <p>The time the most recent patching operation was started on the managed node.</p>
      * @public
@@ -8109,28 +8143,6 @@ export interface DescribeMaintenanceWindowScheduleRequest {
      */
     NextToken?: string | undefined;
 }
-/**
- * <p>Information about a scheduled execution for a maintenance window.</p>
- * @public
- */
-export interface ScheduledWindowExecution {
-    /**
-     * <p>The ID of the maintenance window to be run.</p>
-     * @public
-     */
-    WindowId?: string | undefined;
-    /**
-     * <p>The name of the maintenance window to be run.</p>
-     * @public
-     */
-    Name?: string | undefined;
-    /**
-     * <p>The time, in ISO-8601 Extended format, that the maintenance window is scheduled to be
-     *    run.</p>
-     * @public
-     */
-    ExecutionTime?: string | undefined;
-}
 /**
  * @internal
  */

package/dist-types/models/models_1.d.ts

@@ -1,6 +1,28 @@
 import { ExceptionOptionType as __ExceptionOptionType } from "@smithy/smithy-client";
-import { AlarmConfiguration, AlarmStateInformation, AssociationComplianceSeverity, AssociationOverview, AssociationSyncCompliance, AutomationExecutionStatus, AutomationSubtype, DocumentFormat, DocumentHashType, DocumentPermissionType, DocumentRequires, DocumentStatus, DocumentType, ExecutionMode, InstanceAssociationOutputLocation, MaintenanceWindowExecutionStatus, MaintenanceWindowFilter, MaintenanceWindowResourceType, MaintenanceWindowTaskType, MetadataValue, OperatingSystem, OpsItemDataValue, OpsItemNotification, PatchAction, PatchComplianceLevel, PatchFilterGroup, PatchOrchestratorFilter, PatchRuleGroup, PatchSource, PlatformType, RelatedOpsItem, ResolvedTargets, ResourceDataSyncAwsOrganizationsSource, ResourceDataSyncS3Destination, ResourceType, ResourceTypeForTagging, ReviewStatus, Runbook, ScheduledWindowExecution, StepExecution, Tag, Target, TargetLocation } from "./models_0";
+import { AlarmConfiguration, AlarmStateInformation, AssociationComplianceSeverity, AssociationOverview, AssociationSyncCompliance, AutomationExecutionStatus, AutomationSubtype, DocumentFormat, DocumentHashType, DocumentPermissionType, DocumentRequires, DocumentStatus, DocumentType, ExecutionMode, InstanceAssociationOutputLocation, MaintenanceWindowExecutionStatus, MaintenanceWindowFilter, MaintenanceWindowResourceType, MaintenanceWindowTaskType, MetadataValue, OperatingSystem, OpsItemDataValue, OpsItemNotification, PatchAction, PatchComplianceLevel, PatchComplianceStatus, PatchFilterGroup, PatchOrchestratorFilter, PatchRuleGroup, PatchSource, PlatformType, RelatedOpsItem, ResolvedTargets, ResourceDataSyncAwsOrganizationsSource, ResourceDataSyncS3Destination, ResourceType, ResourceTypeForTagging, ReviewStatus, Runbook, StepExecution, Tag, Target, TargetLocation } from "./models_0";
 import { SSMServiceException as __BaseException } from "./SSMServiceException";
+/**
+ * <p>Information about a scheduled execution for a maintenance window.</p>
+ * @public
+ */
+export interface ScheduledWindowExecution {
+    /**
+     * <p>The ID of the maintenance window to be run.</p>
+     * @public
+     */
+    WindowId?: string | undefined;
+    /**
+     * <p>The name of the maintenance window to be run.</p>
+     * @public
+     */
+    Name?: string | undefined;
+    /**
+     * <p>The time, in ISO-8601 Extended format, that the maintenance window is scheduled to be
+     *    run.</p>
+     * @public
+     */
+    ExecutionTime?: string | undefined;
+}
 /**
  * @public
  */
@@ -1257,6 +1279,15 @@ export interface DescribePatchGroupStateResult {
      * @public
      */
     InstancesWithOtherNonCompliantPatches?: number | undefined;
+    /**
+     * <p>The number of managed nodes for which security-related patches are available but not
+     *    approved because because they didn't meet the patch baseline requirements. For example, an
+     *    updated version of a patch might have been released before the specified auto-approval period was
+     *    over.</p>
+     *          <p>Applies to Windows Server managed nodes only.</p>
+     * @public
+     */
+    InstancesWithAvailableSecurityUpdates?: number | undefined;
 }
 /**
  * @public
@@ -2315,6 +2346,15 @@ export interface BaselineOverride {
      * @public
      */
     Sources?: PatchSource[] | undefined;
+    /**
+     * <p>Indicates whether managed nodes for which there are available security-related patches that
+     *    have not been approved by the baseline are being defined as <code>COMPLIANT</code> or
+     *     <code>NON_COMPLIANT</code>. This option is specified when the <code>CreatePatchBaseline</code>
+     *    or <code>UpdatePatchBaseline</code> commands are run.</p>
+     *          <p>Applies to Windows Server managed nodes only.</p>
+     * @public
+     */
+    AvailableSecurityUpdatesComplianceStatus?: PatchComplianceStatus | undefined;
 }
 /**
  * @public
@@ -4573,6 +4613,14 @@ export interface GetPatchBaselineResult {
      * @public
      */
     Sources?: PatchSource[] | undefined;
+    /**
+     * <p>Indicates the compliance status of managed nodes for which security-related patches are
+     *    available but were not approved. This preference is specified when the
+     *     <code>CreatePatchBaseline</code> or <code>UpdatePatchBaseline</code> commands are run.</p>
+     *          <p>Applies to Windows Server managed nodes only.</p>
+     * @public
+     */
+    AvailableSecurityUpdatesComplianceStatus?: PatchComplianceStatus | undefined;
 }
 /**
  * @public
@@ -8081,7 +8129,8 @@ export interface ModifyDocumentPermissionRequest {
     PermissionType: DocumentPermissionType | undefined;
     /**
      * <p>The Amazon Web Services users that should have access to the document. The account IDs can either be a
-     *    group of account IDs or <i>All</i>. </p>
+     *    group of account IDs or <i>All</i>. You must specify a value for this parameter or
+     *    the <code>AccountIdsToRemove</code> parameter.</p>
      * @public
      */
     AccountIdsToAdd?: string[] | undefined;
@@ -8089,7 +8138,8 @@ export interface ModifyDocumentPermissionRequest {
      * <p>The Amazon Web Services users that should no longer have access to the document. The Amazon Web Services user
      *    can either be a group of account IDs or <i>All</i>. This action has a higher
      *    priority than <code>AccountIdsToAdd</code>. If you specify an ID to add and the same ID to
-     *    remove, the system removes access to the document. </p>
+     *    remove, the system removes access to the document. You must specify a value for this parameter or
+     *    the <code>AccountIdsToAdd</code> parameter.</p>
      * @public
      */
     AccountIdsToRemove?: string[] | undefined;
@@ -8621,10 +8671,13 @@ export interface PutParameterRequest {
      *          </ul>
      *          <p>For additional information about valid values for parameter names, see <a href="https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-su-create.html">Creating Systems Manager parameters</a> in the <i>Amazon Web Services Systems Manager User Guide</i>.</p>
      *          <note>
-     *             <p>The maximum length constraint of 2048 characters listed below includes 1037 characters
-     *     reserved for internal use by Systems Manager. The maximum length for a parameter name that you create is
-     *     1011 characters. This includes the characters in the ARN that precede the name you specify, such
-     *     as <code>arn:aws:ssm:us-east-2:111122223333:parameter/</code>.</p>
+     *             <p>The reported maximum length of 2048 characters for a parameter name includes 1037
+     *     characters that are reserved for internal use by Systems Manager. The maximum length for a parameter name
+     *     that you specify is 1011 characters.</p>
+     *             <p>This count of 1011 characters includes the characters in the ARN that precede the name you
+     *     specify. This ARN length will vary depending on your partition and Region. For example, the
+     *     following 45 characters count toward the 1011 character maximum for a parameter created in the
+     *     US East (Ohio) Region: <code>arn:aws:ssm:us-east-2:111122223333:parameter/</code>.</p>
      *          </note>
      * @public
      */
@@ -9326,68 +9379,6 @@ export interface RemoveTagsFromResourceRequest {
  */
 export interface RemoveTagsFromResourceResult {
 }
-/**
- * <p>The request body of the ResetServiceSetting API operation.</p>
- * @public
- */
-export interface ResetServiceSettingRequest {
-    /**
-     * <p>The Amazon Resource Name (ARN) of the service setting to reset. The setting ID can be one of
-     *    the following.</p>
-     *          <ul>
-     *             <li>
-     *                <p>
-     *                   <code>/ssm/appmanager/appmanager-enabled</code>
-     *                </p>
-     *             </li>
-     *             <li>
-     *                <p>
-     *                   <code>/ssm/automation/customer-script-log-destination</code>
-     *                </p>
-     *             </li>
-     *             <li>
-     *                <p>
-     *                   <code>/ssm/automation/customer-script-log-group-name</code>
-     *                </p>
-     *             </li>
-     *             <li>
-     *                <p>/ssm/automation/enable-adaptive-concurrency</p>
-     *             </li>
-     *             <li>
-     *                <p>
-     *                   <code>/ssm/documents/console/public-sharing-permission</code>
-     *                </p>
-     *             </li>
-     *             <li>
-     *                <p>
-     *                   <code>/ssm/managed-instance/activation-tier</code>
-     *                </p>
-     *             </li>
-     *             <li>
-     *                <p>
-     *                   <code>/ssm/managed-instance/default-ec2-instance-management-role</code>
-     *                </p>
-     *             </li>
-     *             <li>
-     *                <p>
-     *                   <code>/ssm/opsinsights/opscenter</code>
-     *                </p>
-     *             </li>
-     *             <li>
-     *                <p>
-     *                   <code>/ssm/parameter-store/default-parameter-tier</code>
-     *                </p>
-     *             </li>
-     *             <li>
-     *                <p>
-     *                   <code>/ssm/parameter-store/high-throughput-enabled</code>
-     *                </p>
-     *             </li>
-     *          </ul>
-     * @public
-     */
-    SettingId: string | undefined;
-}
 /**
  * @internal
  */

package/dist-types/models/models_2.d.ts

@@ -1,7 +1,69 @@
 import { ExceptionOptionType as __ExceptionOptionType } from "@smithy/smithy-client";
-import { AlarmConfiguration, AssociationComplianceSeverity, AssociationDescription, AssociationStatus, AssociationSyncCompliance, AttachmentsSource, DocumentDescription, DocumentFormat, DocumentHashType, ExecutionMode, InstanceAssociationOutputLocation, MetadataValue, OperatingSystem, OpsItemDataValue, OpsItemNotification, PatchAction, PatchComplianceLevel, PatchFilterGroup, PatchRuleGroup, PatchSource, RelatedOpsItem, ResourceDataSyncSource, Runbook, Tag, Target, TargetLocation } from "./models_0";
+import { AlarmConfiguration, AssociationComplianceSeverity, AssociationDescription, AssociationStatus, AssociationSyncCompliance, AttachmentsSource, DocumentDescription, DocumentFormat, DocumentHashType, ExecutionMode, InstanceAssociationOutputLocation, MetadataValue, OperatingSystem, OpsItemDataValue, OpsItemNotification, PatchAction, PatchComplianceLevel, PatchComplianceStatus, PatchFilterGroup, PatchRuleGroup, PatchSource, RelatedOpsItem, ResourceDataSyncSource, Runbook, Tag, Target, TargetLocation } from "./models_0";
 import { CloudWatchOutputConfig, Command, DocumentReviewCommentSource, InventoryFilter, InventoryGroup, LoggingInfo, MaintenanceWindowTaskCutoffBehavior, MaintenanceWindowTaskInvocationParameters, MaintenanceWindowTaskParameterValueExpression, NodeAggregatorType, NodeAttributeName, NodeFilter, NodeTypeName, NotificationConfig, OpsFilter, OpsItemStatus, OpsResultAttribute, ResultAttribute, ServiceSetting } from "./models_1";
 import { SSMServiceException as __BaseException } from "./SSMServiceException";
+/**
+ * <p>The request body of the ResetServiceSetting API operation.</p>
+ * @public
+ */
+export interface ResetServiceSettingRequest {
+    /**
+     * <p>The Amazon Resource Name (ARN) of the service setting to reset. The setting ID can be one of
+     *    the following.</p>
+     *          <ul>
+     *             <li>
+     *                <p>
+     *                   <code>/ssm/appmanager/appmanager-enabled</code>
+     *                </p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>/ssm/automation/customer-script-log-destination</code>
+     *                </p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>/ssm/automation/customer-script-log-group-name</code>
+     *                </p>
+     *             </li>
+     *             <li>
+     *                <p>/ssm/automation/enable-adaptive-concurrency</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>/ssm/documents/console/public-sharing-permission</code>
+     *                </p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>/ssm/managed-instance/activation-tier</code>
+     *                </p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>/ssm/managed-instance/default-ec2-instance-management-role</code>
+     *                </p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>/ssm/opsinsights/opscenter</code>
+     *                </p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>/ssm/parameter-store/default-parameter-tier</code>
+     *                </p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>/ssm/parameter-store/high-throughput-enabled</code>
+     *                </p>
+     *             </li>
+     *          </ul>
+     * @public
+     */
+    SettingId: string | undefined;
+}
 /**
  * <p>The result body of the ResetServiceSetting API operation.</p>
  * @public
@@ -2311,6 +2373,18 @@ export interface UpdatePatchBaselineRequest {
      * @public
      */
     Sources?: PatchSource[] | undefined;
+    /**
+     * <p>Indicates the status to be assigned to security patches that are available but not approved
+     *    because they don't meet the installation criteria specified in the patch baseline.</p>
+     *          <p>Example scenario: Security patches that you might want installed can be skipped if you have
+     *    specified a long period to wait after a patch is released before installation. If an update to
+     *    the patch is released during your specified waiting period, the waiting period for installing the
+     *    patch starts over. If the waiting period is too long, multiple versions of the patch could be
+     *    released but never installed.</p>
+     *          <p>Supported for Windows Server managed nodes only.</p>
+     * @public
+     */
+    AvailableSecurityUpdatesComplianceStatus?: PatchComplianceStatus | undefined;
     /**
      * <p>If True, then all fields that are required by the <a>CreatePatchBaseline</a>
      *    operation are also required for this API request. Optional fields that aren't specified are set
@@ -2399,6 +2473,14 @@ export interface UpdatePatchBaselineResult {
      * @public
      */
     Sources?: PatchSource[] | undefined;
+    /**
+     * <p>Indicates the compliance status of managed nodes for which security-related patches are
+     *    available but were not approved. This preference is specified when the
+     *     <code>CreatePatchBaseline</code> or <code>UpdatePatchBaseline</code> commands are run.</p>
+     *          <p>Applies to Windows Server managed nodes only.</p>
+     * @public
+     */
+    AvailableSecurityUpdatesComplianceStatus?: PatchComplianceStatus | undefined;
 }
 /**
  * <p>Another <code>UpdateResourceDataSync</code> request is being processed. Wait a few minutes

package/dist-types/ts3.4/commands/ResetServiceSettingCommand.d.ts

@@ -1,7 +1,9 @@
 import { Command as $Command } from "@smithy/smithy-client";
 import { MetadataBearer as __MetadataBearer } from "@smithy/types";
-import { ResetServiceSettingRequest } from "../models/models_1";
-import { ResetServiceSettingResult } from "../models/models_2";
+import {
+  ResetServiceSettingRequest,
+  ResetServiceSettingResult,
+} from "../models/models_2";
 import {
   ServiceInputTypes,
   ServiceOutputTypes,

package/dist-types/ts3.4/models/models_0.d.ts

@@ -805,6 +805,12 @@ export interface PatchRule {
 export interface PatchRuleGroup {
   PatchRules: PatchRule[] | undefined;
 }
+export declare const PatchComplianceStatus: {
+  readonly Compliant: "COMPLIANT";
+  readonly NonCompliant: "NON_COMPLIANT";
+};
+export type PatchComplianceStatus =
+  (typeof PatchComplianceStatus)[keyof typeof PatchComplianceStatus];
 export declare const OperatingSystem: {
   readonly AlmaLinux: "ALMA_LINUX";
   readonly AmazonLinux: "AMAZON_LINUX";
@@ -846,6 +852,7 @@ export interface CreatePatchBaselineRequest {
   RejectedPatchesAction?: PatchAction | undefined;
   Description?: string | undefined;
   Sources?: PatchSource[] | undefined;
+  AvailableSecurityUpdatesComplianceStatus?: PatchComplianceStatus | undefined;
   ClientToken?: string | undefined;
   Tags?: Tag[] | undefined;
 }
@@ -1787,6 +1794,7 @@ export interface DescribeInstancePatchesRequest {
   MaxResults?: number | undefined;
 }
 export declare const PatchComplianceDataState: {
+  readonly AvailableSecurityUpdate: "AVAILABLE_SECURITY_UPDATE";
   readonly Failed: "FAILED";
   readonly Installed: "INSTALLED";
   readonly InstalledOther: "INSTALLED_OTHER";
@@ -1841,6 +1849,7 @@ export interface InstancePatchState {
   FailedCount?: number | undefined;
   UnreportedNotApplicableCount?: number | undefined;
   NotApplicableCount?: number | undefined;
+  AvailableSecurityUpdateCount?: number | undefined;
   OperationStartTime: Date | undefined;
   OperationEndTime: Date | undefined;
   Operation: PatchOperationType | undefined;
@@ -2118,11 +2127,6 @@ export interface DescribeMaintenanceWindowScheduleRequest {
   MaxResults?: number | undefined;
   NextToken?: string | undefined;
 }
-export interface ScheduledWindowExecution {
-  WindowId?: string | undefined;
-  Name?: string | undefined;
-  ExecutionTime?: string | undefined;
-}
 export declare const CreateAssociationRequestFilterSensitiveLog: (
   obj: CreateAssociationRequest
 ) => any;

package/dist-types/ts3.4/models/models_1.d.ts

@@ -25,6 +25,7 @@ import {
   OpsItemNotification,
   PatchAction,
   PatchComplianceLevel,
+  PatchComplianceStatus,
   PatchFilterGroup,
   PatchOrchestratorFilter,
   PatchRuleGroup,
@@ -38,13 +39,17 @@ import {
   ResourceTypeForTagging,
   ReviewStatus,
   Runbook,
-  ScheduledWindowExecution,
   StepExecution,
   Tag,
   Target,
   TargetLocation,
 } from "./models_0";
 import { SSMServiceException as __BaseException } from "./SSMServiceException";
+export interface ScheduledWindowExecution {
+  WindowId?: string | undefined;
+  Name?: string | undefined;
+  ExecutionTime?: string | undefined;
+}
 export interface DescribeMaintenanceWindowScheduleResult {
   ScheduledWindowExecutions?: ScheduledWindowExecution[] | undefined;
   NextToken?: string | undefined;
@@ -330,6 +335,7 @@ export interface DescribePatchGroupStateResult {
   InstancesWithCriticalNonCompliantPatches?: number | undefined;
   InstancesWithSecurityNonCompliantPatches?: number | undefined;
   InstancesWithOtherNonCompliantPatches?: number | undefined;
+  InstancesWithAvailableSecurityUpdates?: number | undefined;
 }
 export declare const PatchSet: {
   readonly Application: "APPLICATION";
@@ -589,6 +595,7 @@ export interface BaselineOverride {
   RejectedPatchesAction?: PatchAction | undefined;
   ApprovedPatchesEnableNonSecurity?: boolean | undefined;
   Sources?: PatchSource[] | undefined;
+  AvailableSecurityUpdatesComplianceStatus?: PatchComplianceStatus | undefined;
 }
 export interface GetDeployablePatchSnapshotForInstanceRequest {
   InstanceId: string | undefined;
@@ -1105,6 +1112,7 @@ export interface GetPatchBaselineResult {
   ModifiedDate?: Date | undefined;
   Description?: string | undefined;
   Sources?: PatchSource[] | undefined;
+  AvailableSecurityUpdatesComplianceStatus?: PatchComplianceStatus | undefined;
 }
 export interface GetPatchBaselineForPatchGroupRequest {
   PatchGroup: string | undefined;
@@ -2194,9 +2202,6 @@ export interface RemoveTagsFromResourceRequest {
   TagKeys: string[] | undefined;
 }
 export interface RemoveTagsFromResourceResult {}
-export interface ResetServiceSettingRequest {
-  SettingId: string | undefined;
-}
 export declare const MaintenanceWindowTargetFilterSensitiveLog: (
   obj: MaintenanceWindowTarget
 ) => any;