SSM Patch Manager default patch baseline updates?

The Default Patch Baselines in SSM Patch Manager are updated by AWS on a regular basis, typically on a monthly basis. The updates are released as new versions of the Amazon Linux and Windows Server AMIs are published.

When you run a patch scan, the latest available patch data is retrieved from the SSM Patch Manager service, which pulls the patch data from the S3 bucket. The patch data includes the latest patches for each supported operating system, as well as information about patch severity, installation priority, and other metadata.

AWS recommends that you regularly update your Default Patch Baselines to ensure that you are applying the latest security patches and updates to your instances. You can also create custom patch baselines to specify your own patching criteria and schedules, if needed.