How can we do patch compliance reporting for Patching using SSM AWS-PatchAsgInstance document in Patch manager solution.

Question

How can we do patch compliance reporting LIKE storing the reports to S3 bucket for Patching using SSM AWS-PatchAsgInstance document. Could you please help me the approach.

We do have compliance reporting in AWS-PatchInstanceWithRollback in SSM document, SO looking for similar approach in ASG Patch group patching.
   {
      "name": "SaveComplianceReportToS3",
      "action": "aws:invokeLambdaFunction",
      "inputs": {
        "FunctionName": "SaveRptToS3Lambda-{{automation:EXECUTION_ID}}",
        "Payload": "{\"S3Bucket\": \"{{ReportS3Bucket}}\", \"CheckCompliance\": {{CheckCompliance.Payload}}}"
      }

Answer

The AWS-PatchAsgInstance document currently does not support compliance reporting. In order to achieve this, I think you will need to create a custom runbook off the AWS-PatchAsgInstance document and add custom steps to achieve the complicance reporting.

How can we do patch compliance reporting for Patching using SSM AWS-PatchAsgInstance document in Patch manager solution.

관련 콘텐츠