Help us improve the AWS re:Post Knowledge Center by sharing your feedback in a brief survey. Your input can influence how we create and update our content to better support your AWS journey.
How do I use Patch Manager patch policies to automate Linux updates on my EC2 instance?
I want to automate my operating system (OS) package and security updates on my Amazon Elastic Compute Cloud (Amazon EC2) Linux instances.
Short description
Use Patch Manager, a capability of AWS Systems Manager, to automatically scan and install patches to your EC2 instances.
By default, Patch Manager uses predefined patch policies to update the packages in your EC2 instance. For more granular control, use custom baselines.
Resolution
Prerequisites: Make sure that you adhere to the Patch Manager prerequisites. Also, make sure that you're in a supported AWS Region.
Create a patch policy. If you configure a custom CRON expression, then use the following format for your expression:
Minute | Hour | Day of the month | Month | Day of the week | Year
For example, to update on the first Monday of every month at midnight, use cron(0 0 ? * MON#1 *). Or, to update on the last Friday of every month at midnight, use cron(0 0 ? * FRIL *).
Note: Patch Manager uses associations from State Manager, a capability of AWS Systems Manager, to schedule. Make sure that your custom CRON expressions adhere to the State Manager requirements.
Related information
Configure patching for instances in an organization using a Quick Setup patch policy
How do I troubleshoot a failed Patch Manager (Linux) operation?
- Language
- English
Relevant content
asked 2 years ago- asked 3 years ago
