Patch Manager vs Maintenance Window

Patch Manager

• Patch Manager, where you create Patch Policies, which will allow SSM to scan and install patches to managed instances [1], Patch Manager can automate this process with both security related updates and other type of updates.
• Please check this document on how to use Patch Manager [2]
• You can use Patch Manager to apply patches for both operating systems and applications. (On Windows Server, application support is limited to updates for applications released by Microsoft.) You can use Patch Manager to install Service Packs on Windows nodes and perform minor version upgrades on Linux nodes.

Maintenance Window

• Maintenance window helps you define the schedule in SSM for when to perform a task on your managed node such as patching an OS, install drivers or software [3]
• Please check this document and video on how to create a Maintenance Window [4] [5]
• you can schedule actions on numerous other AWS resource types, such as Amazon Simple Storage Service (Amazon S3) buckets, Amazon Simple Queue Service (Amazon SQS) queues, AWS Key Management Service (AWS KMS) keys, and many more.
• Each maintenance window has a schedule, a maximum duration, a set of registered targets, and a set of registered tasks. You can add tags to your maintenance windows when you create or update them.

To conclude, Patch manager automate the task of scanning and installing an update on the nodes while Maintenance window help you to create a schedule for when to perform action.

References:

1. https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager.html
2. https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-console.html
3. https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-maintenance.html
4. https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-maintenance-working.html
5. https://www.youtube.com/watch?v=1r3YU2KoK5s