How do I use Patch Manager to manage multi-account or multi-Region patching in Systems Manager?
I want to use Patch Manager, a capability of AWS Systems Manager, to patch managed nodes in my environment that has multiple AWS accounts and AWS Regions.
Resolution
Create a patch policy
Use Quick Setup, a capability of AWS Systems Manager, to create a patch policy for Patch Manager.
Note: Quick Setup simplifies AWS service configuration. If your organization has service control policies (SCPs), then Quick Setup might not work.
Verify your patch policy deployment
Complete the following steps:
- Open the Systems Manager console.
- In the navigation pane, choose Quick Setup.
- Under Configuration managers, select your patch policy, and then choose View details.
- Verify that Configuration deployment status and Configuration association status list only Success metrics.
Note: If either Configuration deployment status or Configuration association status lists Failed metrics, then choose Edit to review and change your patch policy. After you edit your patch policy, choose Update. - Verify that patches installed on your target Amazon Elastic Compute Cloud (Amazon EC2) instances.
To troubleshoot Quick Setup deployment failures because of SCP explicit deny errors, see How do I troubleshoot explicit deny in a service control policy errors?
Delete a patch policy
Complete the following steps:
- Open the Systems Manager console.
- In the navigation pane, choose Quick Setup.
- Under Configuration managers, select your patch policy.
- On the Actions dropdown list, choose Delete configuration.
- In the Delete configuration window, enter delete, and then choose Delete.
Note: Quick Setup automatically removes resources.
Related Information
Patch policy configurations in Quick Setup
Centrally deploy patching operations across your AWS Organization using Systems Manager Quick Setup
- Language
- English
Relevant content
- asked 2 years ago
- asked 3 years ago
- AWS OFFICIALUpdated a year ago
