Does Systems Manager Patch Manager allow patching across multiple accounts and regions?


Customer is wondering how to patch their servers across their AWS organization. They saw the following blog that explains how to do this with security hub, but they were wondering if there is a simpler way to define patch groups across accounts and regions?

asked 3 years ago1600 views
1 Answer
Accepted Answer

This blog shows how to manage patch compliance reports across the AWS organization accounts. If you're looking at how to do/install patching across accounts in the Organization, you can review this blog below.

AWS Systems Manager Automation now supports multi-account and multi-Region actions enabling you to centrally manage your AWS resources. You're right that it will give you abilities to patch by resource groups to logically group your managed instances across the Organization.

You will need to create the required IAM service roles used by Automation in the management and target accounts. After you created your IAM roles, create a custom Automation Document for executing patch baseline operations. Then you can execute Automation Documents that targeted your managed instances via resource groups in target accounts.

You can also customize your workflow further by creating your own Automation Document based on the document AWS-PatchInstanceWithRollback, across the fleets/groups in the Organization.

profile pictureAWS
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions