• AWS Systems Manager Change Manager is no longer open to new customers. Existing customers can continue to use the service as normal. For more information, see AWS Systems Manager Change Manager availability change.
• The AWS Systems Manager CloudWatch Dashboard will no longer be available after April 30, 2026. Customers can continue to use Amazon CloudWatch console to view, create, and manage their Amazon CloudWatch dashboards, just as they do today. For more information, see Amazon CloudWatch Dashboard documentation.
Working with Patch Manager resources and compliance using the console
To use Patch Manager, a tool in AWS Systems Manager, complete the following tasks. These tasks are described in more detail in this section.
-
Verify that the AWS predefined patch baseline for each operating system type that you use meets your needs. If it doesn't, create a patch baseline that defines a standard set of patches for that managed node type and set it as the default instead.
-
Organize managed nodes into patch groups by using Amazon Elastic Compute Cloud (Amazon EC2) tags (optional, but recommended).
-
Do one of the following:
-
(Recommended) Configure a patch policy in Quick Setup, a tool in Systems Manager, that lets you install missing patches on a schedule for an entire organization, a subset of organizational units, or a single AWS account. For more information, see Configure patching for instances in an organization using a Quick Setup patch policy.
-
Create a maintenance window that uses the Systems Manager document (SSM document)
AWS-RunPatchBaselinein a Run Command task type. For more information, see Tutorial: Create a maintenance window for patching using the console. -
Manually run
AWS-RunPatchBaselinein a Run Command operation. For more information, see Running commands from the console. -
Manually patch nodes on demand using the Patch now feature. For more information, see Patching managed nodes on demand.
-
-
Monitor patching to verify compliance and investigate failures.
Topics
