Automating patch updates for Windows instances through AWS System Manager
Aws System Manager have patch manger that automates the process of patching managed instances with security related and other type of updates.
- we can use patch manager to apply patches for both OS amd Apps.
- Patch Manager uses patch baselines which includes rules for auto approving patches,
- SSM Agent must be installed on the instances that which you want to manage with patch Manager.
To do Patch updates we need instances to be Running .Lets Launch two windows instances.
We need a Role for Accessing AWS System Manager.
Lets create a Role with the following Permision and attach it to the running instance.
Patching can be done in 2 ways .
Using Default Patch baseLine:
Procedure:
step1:
Go to Patch Manager — — — — -> Patch BaseLine
step2:
On Demand patching:
The second way of doing patching is on Demand patching.
> Amazon system Manager uses Run command in Background.
> It creates Snapshots in BackGround which has all the patches installed on it
if we need to patch instances instantly we can click on PATCHNOW
in our case we are patching 2 instances .
Configuring our Own Patch BaseLines:
step1:
Go to AWS system Manager — → Patch Manager — → Create Patch BAseLine
Conclusion:
Aws System Manager with the help of Path Manager Automation helps us to Create our own patch BaseLine and also for creating Default Patch BaseLines and on Demand Patch BaseLines.
