Prerequisites

1. SSM Agent version 2.0.834.0 or later
2. Connectivity to the patch source (either WSUS or Microsoft Update Catalog URL)
3. S3 endpoint access for Patching log storage (**SSM Agent communications with AWS managed S3 buckets)**

Methods

There are 2 methods to perform the patch via AWS System Manager.

1. Run Command (one time execute process which we won’t use in this scenario)
2. Patch Manager

Requirements

Patch Policy

1. Scan

   show only a report of missing patches

2. Scan and install

   Patch Manager to automatically install all patches it find are missing from a managed node.

3. Patch Baselines (Details as follow**)**

4. Targets (Details as follow)

5. Rate control

   • Concurrency

     Provide the number or percentage of nodes to run the patch policy on at the same time.

   • Error threshold

     Provide the number or percentage of nodes to permit errors on before the patch policy fails.

Patch Baselines