1 Answer
- Newest
- Most votes
- Most comments
0
To export a SSM Patch Manager compliance report to an S3 bucket, you need to have the following permissions:
- S3 bucket permissions: You need to have write permissions to the S3 bucket where you want to export the patch report. Make sure that the bucket policy allows the AWS account that owns the instance to write to the bucket.
- IAM permissions: You need to have IAM permissions to run the following AWS Systems Manager Automation document: "AWS-ExportPatchReportToS3". The required IAM permissions for this document are:
ssm:UpdateAssociationStatus
ssm:UpdateInstanceInformation
ssm:SendCommand
s3:PutObject
To create an IAM role with these permissions, you can use the AWS Systems Manager console, AWS CLI, or AWS SDKs. The role must have an inline policy with the above mentioned permissions. If you already have a role that has these permissions, then make sure that the role is assigned to the EC2 instances that you want to export the patch report from.
- Patch Manager permissions: You must also have permissions to create a patch baseline and associate it with instances. This can be done by attaching the "AmazonSSMManagedInstanceCore" policy to the instance or by creating a custom policy that allows the required permissions.
Make sure that you have all of the above permissions in order to successfully export the patch report to S3.
answered a year ago
Relevant content
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated 3 years ago
- How do I use the Microsoft KB number in Patch Manager to install a specific patch or set of patches?AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago