Can aws SSM patch manager patch instances with state "Stopped"?

0

Hi,

The question same as in the title. Can/does "aws SSM patch manager" patch instances with state "Stopped"? Im curious, because it seems that sometimes, even thought the patch manager is being ran every day, i still see some instances have vulnerabilities.

Thank you.

1 Answer
3
Accepted Answer

AWS Systems Manager (SSM) Patch Manager does not patch instances that are in a "Stopped" state. Patch Manager can only manage and apply patches to instances that are running.

You can use an Automation document to start instances before the patch window and stop them afterward.

{
  "description": "Starts EC2 instances",
  "schemaVersion": "0.3",
  "assumeRole": "{{ AutomationAssumeRole }}",
  "parameters": {
    "InstanceIds": {
      "type": "StringList",
      "description": "List of EC2 Instance IDs to start"
    }
  },
  "mainSteps": [
    {
      "action": "aws:changeInstanceState",
      "name": "startInstances",
      "inputs": {
        "InstanceIds": "{{ InstanceIds }}",
        "State": "started"
      }
    }
  ]
}

{
  "description": "Stops EC2 instances",
  "schemaVersion": "0.3",
  "assumeRole": "{{ AutomationAssumeRole }}",
  "parameters": {
    "InstanceIds": {
      "type": "StringList",
      "description": "List of EC2 Instance IDs to stop"
    }
  },
  "mainSteps": [
    {
      "action": "aws:changeInstanceState",
      "name": "stopInstances",
      "inputs": {
        "InstanceIds": "{{ InstanceIds }}",
        "State": "stopped"
      }
    }
  ]
}

Configure Maintenance Window:

Task 1: Schedule the automation document to start instances.

Task 2: Run the SSM Patch Manager task to patch instances.

Task 3: Schedule the automation document to stop instances.

profile picture
EXPERT
answered 4 months ago
profile picture
EXPERT
reviewed 4 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions