About patching applications on Windows Server
For Windows Server, two predefined patch baselines are provided. The patch baseline
AWS-WindowsPredefinedPatchBaseline-OS
supports only operating
system updates on the Windows operating system itself. It is used as the default patch
baseline for Windows Server instances unless you specify a different patch baseline. The other
predefined Windows patch baseline,
AWS-WindowsPredefinedPatchBaseline-OS-Applications
, can be used to
apply patches to both the Windows Server operating system and supported Microsoft applications.
Microsoft application patching is only available on EC2 instances and in the advanced-instances tier. To patch Microsoft applications on on-premises servers and VMs, you must enable the advanced-instances tier. For more information, see Enabling the advanced-instances tier.
You can also create a custom patch baseline to update Microsoft applications on Windows Server machines.
To include Microsoft applications in your custom patch baseline, you must, at a minimum, specify the product that you want to patch. The following AWS CLI command demonstrates the minimal requirements to patch a product, such as Office 2016:
If you specify the Microsoft application product family, each product you specify must be a supported member of the selected product family. For example, to patch the product "Active Directory Rights Management Services Client 2.0," you must specify its product family as "Active Directory" and not, for example, "Office" or "SQL Server." The following AWS CLI command demonstrates a matched pairing of product family and product:
If you receive an error message about a mismatched product and family pairing, see Troubleshooting Mismatched Product Family/Product Pairs for help resolving the issue.