Terraform-provider-aws: Add support for setting default SSM patch baseline

Hi,
I'm facing the same issue, do you have an idea when this setting will be implemented ?
Many thanks in advance.

We need this as well

Is there any update on this issue?

For the presentation, this could be implemented with a boolean.

resource "aws_ssm_patch_baseline" "production" {
  name             = "patch-baseline"
  description      = "Patch Baseline Description"
  default          = true

  ...

}

A possible issue with adding this as an option on the aws_ssm_patch_baseline resource is that you can't delete the resource or change that value after setting it to true, first you would have to set a different baseline as the default.

As a workaround, I used a local-exec provisioner on the resource to make an AWS CLI call to register my baseline as the default.

A possible issue with adding this as an option on the aws_ssm_patch_baseline resource is that you can't delete the resource or change that value after setting it to true, first you would have to set a different baseline as the default.

As a workaround, I used a local-exec provisioner on the resource to make an AWS CLI call to register my baseline as the default.

Yes, changing the patch baseline as default and then making a change would require a new resource to be made which could cascade down into patch group assignment. It would make sense to create a resource that assigns the default patch baseline, but like you said a local exec execution would also accomplish this.

One option here would be to use the AWS-provided baselines as the 'safe' default as they exist, can't be deleted and can be filtered out by owner == AWS. Resource destruction or a change in the attribute to false could just revert to the AWS default for the specified OS (AWS-DefaultPatchBaseline for Windows, AWS-${OS}DefaultPatchBaseline for everything else)