Automated patching for mutable instances in the hybrid cloud using AWS Systems Manager - AWS Prescriptive Guidance

Automated patching for mutable instances in the hybrid cloud using AWS Systems Manager

Chandra Allaka, Senior Consultant, Operations Integration, AWS Professional Services

June 2020

This prescriptive guide describes an automated patching solution that uses Amazon Web Services (AWS) Systems Manager. You can use this solution to patch both your mutable (long-running) Amazon Elastic Compute Cloud (Amazon EC2) instances that span multiple AWS accounts and AWS Regions, and your on-premises instances.

This guide is for users who are involved in designing and building operational capabilities in a hybrid cloud environment to enable application teams to comply with their enterprise’s patch policies. It provides you with a self-service mechanism to deploy pre-approved patches to your application servers.

This guide assumes a good understanding of the following AWS services and concepts:

  • Systems Manager – Provides a unified user interface for viewing operational data from multiple AWS services and automating operational tasks across your AWS resources.

  • Systems Manager Inventory – Provides visibility into your Amazon EC2 and on-premises computing environment. You can use Inventory to collect metadata from your managed instances.

  • Systems Manager Patch Manager – Automates the process of patching managed instances with security-related and other types of updates.

  • Systems Manager Maintenance Windows – Let you define a schedule for performing potentially disruptive actions on your instances, such as patching an operating system, updating drivers, or installing software or patches.

  • AWS Lambda – Lets you run code without provisioning or managing servers.

  • Amazon QuickSight – Lets you easily create and publish interactive dashboards, including machine learning (ML) Insights. You can access dashboards from any device and embed them into your applications, portals, and websites.

  • Tagging – Lets you assign metadata to your AWS resources in the form of tags. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.