Automating ongoing OS patching
Legacy applications in on-premises data centers often rely on manual operational processes for ongoing OS patching and software updates. During your replatforming journey, we recommend that you automate OS patching by using Systems Manager Patch Manager or other automated patching processes. Patch Manager provides a centralized and consistent process to gather operational insights and implement routine operational tasks on both the AWS Cloud and on-premises resources.
We recommend patching development environments earlier than the patching time window used for production environments. For more information about this, see the Patch Manager runbook for automating OS patching. You should also deploy canary testing to periodically test key application functionalities in pre-production or production environments, and alert support teams if the testing fails. This helps avoid unplanned outages for your application.
Using automation tools and infrastructure as a code (IaC)
As part of your application's replatforming journey, you should automate platform builds by
using configuration management tools such as Chef
We recommend that you provision your infrastructure by using IaC best practices. There are
several options available for this, including AWS Cloud Development Kit (AWS CDK), AWS CloudFormation and Terraform
Repeatable builds that use IaC and configuration management code help you test infrastructure without the overhead and risk of rebuilding those resources. Patching and updating an existing instance can cause a state that makes it difficult to reproduce and identify issues.
If a COTS application doesn't support automated installation, we recommend consulting the
AWS Partner Network (APN)
