- 최신
- 최다 투표
- 가장 많은 댓글
Good question!
From AWS's Patch Manager Documentation: https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-prerequisites.html
The managed nodes must have access to the source patch repositories. On Linux, these are typically from the remote repos confirmed on the node unless a alternative patch source repo is specified.
As for who kicks off the patches, patch baselines include rules for auto-approving patches. Otherwise, you could either schedule patches in a maintenance window or use tags.
Additionally, the instance needs access to S3 buckets that SSM uses. More information here https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent-minimum-s3-permissions.html
In this case, the private instances must have access to your private Repos (ex: private WSUS server or internal RedHat Satellite server). SSM patching in the end will call the "Windows Update" or "yum update" commands as usual - and they should be working.
관련 콘텐츠
- AWS 공식업데이트됨 일 년 전
- AWS 공식업데이트됨 6달 전
The instance must be able to connect to the source patch repositories when patching through SSM.
https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-prerequisites.html