Menu
Amazon EC2 Systems Manager
User Guide

Enabling or Disabling Windows Updates Using Systems Manager Run Command

You can use the AWS-ConfigureWindowsUpdate document to enable or disable automatic Windows updates on your instances. This command configures the Windows update agent to download and install Windows updates on the day and hour that you specify. If an update requires a reboot, the computer reboots automatically 15 minutes after updates have been installed. With this command you can also configure Windows update to check for updates but not install them. The AWS-ConfigureWindowsUpdate document is compatible with Windows Server 2008, 2008 R2, 2012, and 2012 R2.

Note

This procedure does not include information about how to configure Run Command for Amazon SNS notifications. To learn more about how to execute commands that return notifications, see Configuring Amazon SNS Notifications for Run Command.

To enable or disable Windows Updates using Run Command

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the navigation pane, choose Run Command.

  3. Choose Run a command.

  4. For Command document, choose AWS-ConfigureWindowsUpdate.

  5. For Target instances, choose the instances where you want the command to run. If you do not see an instance in this list, it might not be configured properly for Run Command. For more information, see Systems Manager Prerequisites.

  6. For Update Level, choose InstallUpdatesAutomatically to have Windows automatically download and install updates. If an update requires a reboot, the computer is automatically rebooted 15 minutes after updates have been installed. Alternatively, choose NeverCheckForUpdates and Windows never checks for or downloads updates.

    Important

    If you choose NeverCheckForUpdates be aware that your system could become vulnerable to malicious attacks if you do not manually install important updates, such as security updates.

  7. For Scheduled Install Day, choose the day of the week when you want Windows to download and install updates. This applies only if you selected the InstallUpdatesAutomatically option.

  8. For Scheduled Install Time, choose the time of day when you want Windows to download and install updates. This applies only if you selected the InstallUpdatesAutomatically option.

    Note

    Scheduled Install Time is the time where the instance is located. For example, if the instance is located in the US East (N. Virginia) region, the Scheduled Install Time would be Eastern time.

  9. For Comment, we recommend providing information that will help you identify this command in your list of commands.

  10. (Optional) For Execution Timeout, type the number of seconds the EC2Config service or SSM agent will attempt to run the command before it times out and fails.

  11. (Optional) For Day, choose the day of the week when you want to have the system download and install updates.

  12. For Timeout (seconds), type the number of seconds that Run Command should attempt to reach an instance before it is considered unreachable and the command execution fails. The minimum is 30 seconds, the maximum is 30 days, and the default is 10 minutes.

  13. For S3 bucket, type the name of the S3 bucket for command output.

    Important

    The Run Command Output page in the Amazon EC2 console truncates output after 2500 characters. Configure an Amazon S3 bucket before executing commands using Run Command. If your command output was longer than 2500 characters, you can view the full output in your Amazon S3 bucket. For more information, see Create a Bucket.

  14. For S3 key prefix, type the name of a subfolder in the S3 bucket. A subfolder can help you organize Run Command output if you execute multiple commands against multiple instances.

For information about how to run commands using Windows PowerShell, see Systems Manager Run Command Walkthrough Using the AWS Tools for Windows PowerShell or the AWS Tools for Windows PowerShell Reference. For information about how to run commands using the AWS CLI, see the SSM CLI Reference.

Canceling a Command

You can attempt to cancel a command as long as the service shows that it is in either a Pending or Executing state. However, even if a command is still in one of these states, we cannot guarantee that the command will be terminated and the underlying process stopped.

To cancel a command using the console

  1. In the navigation pane, choose Run Command.

  2. Select the command invocation that you want to cancel.

  3. Choose Actions, Cancel Command.

To cancel a command using the AWS CLI

Use the following command.

Copy
aws ssm cancel-command --command-id "command ID" --instance-ids "instance ID"

For information about the status of a cancelled command, see Setting Up Events and Notifications.

View Command Output

Use the following procedure to view the results of command execution in the EC2 console.

To view command output

  1. In the Amazon EC2 console, select a command in the list.

  2. Choose the Output tab.

  3. Choose View Output.

  4. The command output page shows the results of your command execution.