I want to enable a simple patch policy for across all our accounts. I followed the instructions on this blog post: https://aws.amazon.com/blogs/mt/centrally-deploy-patching-operations-across-your-aws-organization-using-systems-manager-quick-setup/
After completing all the steps, in the main account the patch manager overview looks like this:
What I don't understand about this: Why has Compliance not been reported for the 1 instance in the last 7 days, even though the policy has been live a couple of days.
And for other accounts Patch Manager actually greets me with the landing page as if nothing has been set up at all. When I then click on "Start with an overview" the Dashboard looks like this:
It says compliance was never reported, even though the EC2 instance is listed and has SSM Agent installed.
I feel like I'm missing a step. I don't see error messages anywhere, I don't see any logs in the S3 bucket configured in the initial Quick Setup form.
In the blog post I read that there are resources deployed for this setup via StackSets. I looked into the list of StackSets and found two StackSets that start with the prefix AWS-QuickSetup-PatchPolicy-
. One of them has only one stack instance -> in the main account. The other one doesn't have any stack instances. I found that weird. I would've expected stack instances for all accounts of the organization for at least one of the StackSets, since I chose "Entire organization" as the target in the Quick Setup form.
I would very much appreciate any ideas on how to further debug what's wrong. I will gladly provide more info, but at the moment I just don't know what's important and what's not.
Thank you so much.
Thanks for the response. "All Features" is enabled as far as I can tell. When I go to AWS Organizations -> Settings it says:
Feature set Your organization has all features enabled. [...]