Patching EC2 Instances without rebootig - nodes in "pending reboot" state

Question

Hi Team.
I'm working with Patch Manager and I need to patch some groups of EC2 instances (Windows in this case).
Instances got patched (or seems to) but remains in state "pendig reboot" and "non compliance".
I don't know how to change instance's state. I've tried rebooting the instances manually and rebooting them using Run Command (with AWS-InstanceRebootWithHooks document) but they are still in "pending reboot" state.
I also have a big doubt if patches are correctly installed.
Thanks in advance.

Answer

Hello,

Thank you for reaching out with this issue.

This issue occurs when the NoReboot feature is selected and the managed node is patched with a patch that is assigned a status of InstalledPendingReboot. The managed node/s is marked as Non-Compliant. After a reboot occurs and a scan operation is ran, then managed node status is then updated to Compliant status, the Pending Reboot should be cleared. You can refer to the link below for detailed information on this:

[+] https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-about-aws-runpatchbaseline.html#patch-manager-about-aws-runpatchbaseline-parameters-norebootoption

As mentioned above, the resolution to this issue is to run a scan against the nodes using the Patch Manager, below are the steps to accomplish this:

1. Open AWS System Manager. 
2. In the navigation pane, choose Patch Manager.
3. Choose Patch Now.
4. For Patching operation choose Scan.
5. For instances to patch ,choose  “Patch only the target instances I specify”: You specify which managed nodes to target in the next step and choose your target instances.
6. Choose Patch now.

After having performed the scan, you can then confirm if the nodes need are non-compliant and pending reboot.

I hope the information above helps. 
Thank you.

Patching EC2 Instances without rebootig - nodes in "pending reboot" state

관련 콘텐츠