AWS CDK 补丁基准

【问题标题】:AWS CDK PatchBaselineAWS CDK 补丁基准
【发布时间】:2021-02-01 14:24:53
【问题描述】:

我正在尝试为修补 Linux 主机创建一个补丁基准,但是我一次又一次地遇到相同的错误。求大神帮忙,我就是没看出问题,查了一些TS里有人用过的代码,还没有进展。

检测到 PatchBaselineLinux 1 验证错误:“approvalRules.patchRules”处的值为 null 未能满足约束:成员不得为 null。 (服务:AmazonSSM;状态代码:400;错误代码:ValidationException;

    baseline1 = CfnPatchBaseline(self, "PatchBaselineLinux",
                                 name="TestPatchBaseline_Linux",
                                 operating_system="AMAZON_LINUX_2",
                                 description="TestPatchBaseline for Linux updates, Amazon_Linux_2 distr.",
                                 approved_patches_enable_non_security=True,
                                 approval_rules={"patch_rules": [
                                     {
                                         "enable_non_security": True,
                                         "approve_after_days": 1,
                                         "approve_until_date": "2021-02-09",
                                         "compliance_level": "CRITICAL",
                                         "patch_filter_group": {"patch_filters": [
                                             {"key": "PRODUCT", "values": ['AmazonLinux2', 'AmazonLinux2.0']},
                                             {"key": "CLASSIFICATION",
                                              "values": ["Security", "Bugfix", "Enhancement", "Recommended"]},
                                             {"key": "SEVERITY",
                                              "values": ["Critical", "Important", "Medium", "Low"]}]}
                                     }
                                 ]
                                 },
                                 patch_groups=["AWS-Linux-2-Test"])

【问题讨论】:

    标签: python aws-cdk


    【解决方案1】:

    我建议拆分您的审批规则。批准规则需要 RuleGroupProperty。你有一个 json 字符串。详情请查看以下链接:

    https://docs.aws.amazon.com/cdk/api/latest/python/aws_cdk.aws_ssm/CfnPatchBaseline.html#aws_cdk.aws_ssm.CfnPatchBaseline.RuleGroupProperty

    以下应该有效。确保检查所有属性,我没有包括您拥有的所有属性。

    def __init__(self, scope: cdk.Construct, construct_id: str, **kwargs) -> None:
    super().__init__(scope, construct_id, **kwargs)

    amazon_linux2_product_patch_filter = ssm.CfnPatchBaseline.PatchFilterProperty(key='PRODUCT',
                                                                                  values=['AmazonLinux2',
                                                                                          'AmazonLinux2.0'])

    amazon_linux2_classification_patch_filter = ssm.CfnPatchBaseline.PatchFilterProperty(key='CLASSIFICATION',
                                                                                         values=['Security',
                                                                                                 'Bugfix',
                                                                                                 'Enhancement',
                                                                                                 'Recommended'])

    amazon_linux2_severity_patch_filter = ssm.CfnPatchBaseline.PatchFilterProperty(key='SEVERITY',
                                                                                   values=['Critical',
                                                                                           'Important',
                                                                                           'Medium',
                                                                                           'Low'])

    patch_baseline_patch_filter_group = ssm.CfnPatchBaseline.PatchFilterGroupProperty(
        patch_filters=[amazon_linux2_product_patch_filter,
                       amazon_linux2_classification_patch_filter,
                       amazon_linux2_severity_patch_filter])

    patch_baseline_rule = ssm.CfnPatchBaseline.RuleProperty(approve_after_days=0,
                                                            compliance_level='CRITICAL',
                                                            enable_non_security=True,
                                                            patch_filter_group=patch_baseline_patch_filter_group
                                                            )

    patch_baseline_rule_group = ssm.CfnPatchBaseline.RuleGroupProperty(patch_rules=[patch_baseline_rule])

    patch_baseline = ssm.CfnPatchBaseline(self, 'rPatchBaseline',
                                          name=f'TestPatchBaseline_Linux',
                                          description='TestPatchBaseline for Linux updates, Amazon_Linux_2 distr.',
                                          operating_system='AMAZON_LINUX_2',
                                          approved_patches_enable_non_security=True,
                                          patch_groups=['AWS-Linux-2-Test'],
                                          approval_rules=patch_baseline_rule_group,
                                          )

    【讨论】:

      猜你喜欢
      • 2015-09-26
      • 2018-04-21
      • 2015-05-21
      • 2020-11-03
      • 1970-01-01
      • 2012-02-02
      • 2012-05-10
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode