Systems Manager Patching

  1. Navigate to Systems Manager Patch Manager

    • Click here or:
      • Navigate to the AWS Console
      • Start typing Systems Manager in the AWS Services search box
      • Select Systems Manager
      • Select Patch Manager from the navigation menu

  2. Scan for Patching Compliance

    • Click the Configure patching button
    • Specify instances by selecting Enter instance tags
    • Enter Name for Tag key
    • Enter Lab App host for Tag Value - Case Sensitive
    • Click Add - If you don’t click add, this won’t work
    • Select Skip scheduling and patch instances now
    • Select Scan only under Patching operation
    • Click Configure patching button
    • Click View details button at the top

    You should now see two instances being scanned for patches. If you don’t see any targets, repeat the previous steps and ensure the tags match your instances.

    • Click on the refresh icon in the menu near the top
    • Wait until the Command status changes to Success

  3. Check Compliance Status

    • Select Compliance from the navigation menu
    • You should see that you have two Non-Compliant resources
    • Click on the 2 to apply a filter to the Resource list below
    • Click on an instance ID in the Resource list
    • Search for State : Missing

You will see information displayed about the missing patches aligned to the default patching baselines for Amazon Linux 2. For the default baseline, all instances should have Critical and Important Security fixes and all Bugfixes older than 7 days. You now have information to apply patches via Patch Manager if required. You now have awareness of your workload’s patching status and the ability to resolve an issues.

Compliance Dashboard

  1. Install Missing Patches
    • Return to the Patch Manager screen
    • Click the Patch Now button at the top
    • Select the Scan and install radio button in the Patching Operation section
    • Select the Patch only the target instances I specify radio button in the Instances to patch section
    • Specify instances by selecting Specify instance tags in the Target selection section
    • Enter Name for Tag key
    • Enter Lab App host for Tag Value and click Add
    • Choose Do not store logs for Patching log storage
    • The next screen will show the progress. This will take up to 10 minutes to complete.
    • You can also view the progress in the Run Command screen.
    • Once complete, return to the Compliance screen to see that the instances are back in compliance with Patching.

Compliance Dashboard