AWS SSM Patch Manager

Question

I have question around AWS SSM Patch manger custom Patch baseline. I create a custom patch baseline for Windows servers and add to Patch group, so far good. I tried to use this custom patch baseline in Maintenance Window task, Couldn't find anything. Only option for Run_Command is AWS-RunPatchBaseline which is default, not the custom that I create.

Answer

Hello, you are correct -- when you use the document `AWS-RunPatchBaseline`, you target managed nodes using instance IDs, resource tags, or resource groups. The SSM Agent on each instance makes it's own determination for which baseline it should use based on tags added to itself.

You can either set the baseline as default for the OS or you would want to add `Patch Group` tags to the instance and the appropriate baseline.

More information can be found in this documentation topic:

https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-patch-patchgroups.html

Answer

Yes I did. Looks like answer is -- When you run AWS-RunPatchBaseline, you can target managed nodes using their ID or tags. SSM Agent and Patch Manager then evaluate which patch baseline to use based on the patch group value that you added to the managed node. If this is true, I am good with this set up.

Answer

Hello

Did you Set the patch baseline as default https://docs.aws.amazon.com/systems-manager/latest/userguide/set-default-patch-baseline.html

Thank You
GK

AWS SSM Patch Manager

Contenido relevante