DescribeInstancePatches - Amazon Systems Manager
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).


Retrieves information about the patches on the specified managed node and their state relative to the patch baseline being used for the node.

Request Syntax

{ "Filters": [ { "Key": "string", "Values": [ "string" ] } ], "InstanceId": "string", "MaxResults": number, "NextToken": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.


Each element in the array is a structure containing a key-value pair.

Supported keys for DescribeInstancePatchesinclude the following:

  • Classification

    Sample values: Security | SecurityUpdates

  • KBId

    Sample values: KB4480056 | java-1.7.0-openjdk.x86_64

  • Severity

    Sample values: Important | Medium | Low

  • State

    Sample values: Installed | InstalledOther | InstalledPendingReboot

    For lists of all State values, see Understanding patch compliance state values in the Amazon Systems Manager User Guide.

Type: Array of PatchOrchestratorFilter objects

Array Members: Minimum number of 0 items. Maximum number of 5 items.

Required: No


The ID of the managed node whose patch state information should be retrieved.

Type: String

Pattern: (^i-(\w{8}|\w{17})$)|(^mi-\w{17}$)

Required: Yes


The maximum number of patches to return (per page).

Type: Integer

Valid Range: Minimum value of 10. Maximum value of 100.

Required: No


The token for the next set of items to return. (You received this token from a previous call.)

Type: String

Required: No

Response Syntax

{ "NextToken": "string", "Patches": [ { "Classification": "string", "CVEIds": "string", "InstalledTime": number, "KBId": "string", "Severity": "string", "State": "string", "Title": "string" } ] }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.


The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

Type: String


Each entry in the array is a structure containing:

  • Title (string)

  • KBId (string)

  • Classification (string)

  • Severity (string)

  • State (string, such as "INSTALLED" or "FAILED")

  • InstalledTime (DateTime)

  • InstalledBy (string)

Type: Array of PatchComplianceData objects


For information about the errors that are common to all actions, see Common Errors.


An error occurred on the server side.

HTTP Status Code: 500


The filter name isn't valid. Verify the you entered the correct name and try again.

HTTP Status Code: 400


The following problems can cause this exception:

  • You don't have permission to access the managed node.

  • Amazon Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.

  • SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.

  • The managed node isn't in a valid state. Valid states are: Running, Pending, Stopped, and Stopping. Invalid states are: Shutting-down and Terminated.

HTTP Status Code: 400


The specified token isn't valid.

HTTP Status Code: 400



This example illustrates one usage of DescribeInstancePatches.

Sample Request

POST / HTTP/1.1 Host: Accept-Encoding: identity Content-Length: 37 X-Amz-Target: AmazonSSM.DescribeInstancePatches X-Amz-Date: 20180308T205131Z User-Agent: aws-cli/1.11.180 Python/2.7.9 Windows/8 botocore/1.7.38 Content-Type: application/x-amz-json-1.1 Authorization: AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20180308/us-east-2/ssm/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-target, Signature=39c3b3042cd2aEXAMPLE { "InstanceId": "i-02573cafcfEXAMPLE" }

Sample Response

{ "Patches": [ { "Title": "NetworkManager.x86_64:1:1.30.0-7.el8", "KBId": "NetworkManager.x86_64", "Classification": "Security", "Severity": "Moderate", "State": "Installed", "InstalledTime": "2021-05-19T10:03:07-07:00" }, { "Title": "bash.x86_64:0:4.4.19-14.el8", "KBId": "bash.x86_64", "Classification": "Security", "Severity": "Low", "State": "Installed", "InstalledTime": "2021-05-19T10:03:25-07:00" }, { "Title": "kernel-modules.x86_64:0:4.18.0-305.10.2.el8_4", "KBId": "kernel-modules.x86_64", "Classification": "Security", "Severity": "Important", "State": "Installed", "InstalledTime": "2021-08-04T10:45:42-07:00" } // There may be more content here ] }

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: