get list of patches present on EC2 instance

get_patch_list.py

import csv
import boto3

ec2 = boto3.client('ec2', region_name='us-west-1')
ssm = boto3.client('ssm', region_name='us-west-1')

response = ec2.describe_instances(
    Filters=[
        {'Name':'tag:workload','Values':['somethin']},
        {'Name':'tag:environment','Values':['prod']}
    ]
)

instances = []
for reservation in response['Reservations']:
    for inst in reservation['Instances']:
        instances.append({
            'instance_id': inst['InstanceId'],
            'tags': inst['Tags']
        })

for instance in instances:
    print(f'Querying instance {instance["instance_id"]}')
    paginator = ssm.get_paginator('describe_instance_patches')
    instance['patches'] = []
    for result in paginator.paginate(
        InstanceId=instance['instance_id']
    ):
        instance['patches'].extend(result['Patches'])


for instance in instances:
    instance['patches'] = [p for p in instance['patches'] if p['State'] == 'Missing']

results = []
for instance in instances:
    for patch in instance['patches']:
        results.append([instance['instance_id'], patch['Title'], patch['KBId']])

with open('results.csv', 'w') as f:
    cw = csv.writer(f)
    cw.writerows(results)