Does Systems Manager Patch Manager allow patching across multiple accounts and regions?

0

Customer is wondering how to patch their servers across their AWS organization. They saw the following blog that explains how to do this with security hub, but they were wondering if there is a simpler way to define patch groups across accounts and regions?

https://aws.amazon.com/blogs/mt/multi-account-patch-compliance-with-patch-manager-and-security-hub/

AWS
モデレーター
質問済み 3年前1616ビュー
1回答
0
承認された回答

This blog shows how to manage patch compliance reports across the AWS organization accounts. If you're looking at how to do/install patching across accounts in the Organization, you can review this blog below.

AWS Systems Manager Automation now supports multi-account and multi-Region actions enabling you to centrally manage your AWS resources. You're right that it will give you abilities to patch by resource groups to logically group your managed instances across the Organization.

You will need to create the required IAM service roles used by Automation in the management and target accounts. After you created your IAM roles, create a custom Automation Document for executing patch baseline operations. Then you can execute Automation Documents that targeted your managed instances via resource groups in target accounts.

You can also customize your workflow further by creating your own Automation Document based on the document AWS-PatchInstanceWithRollback, across the fleets/groups in the Organization.

https://aws.amazon.com/blogs/mt/centralized-multi-account-and-multi-region-patching-with-aws-systems-manager-automation/

profile pictureAWS
エキスパート
回答済み 3年前

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ