1 Answer
- Newest
- Most votes
- Most comments
3
AWS Systems Manager (SSM) Patch Manager does not patch instances that are in a "Stopped" state. Patch Manager can only manage and apply patches to instances that are running.
You can use an Automation document to start instances before the patch window and stop them afterward.
{
"description": "Starts EC2 instances",
"schemaVersion": "0.3",
"assumeRole": "{{ AutomationAssumeRole }}",
"parameters": {
"InstanceIds": {
"type": "StringList",
"description": "List of EC2 Instance IDs to start"
}
},
"mainSteps": [
{
"action": "aws:changeInstanceState",
"name": "startInstances",
"inputs": {
"InstanceIds": "{{ InstanceIds }}",
"State": "started"
}
}
]
}
{
"description": "Stops EC2 instances",
"schemaVersion": "0.3",
"assumeRole": "{{ AutomationAssumeRole }}",
"parameters": {
"InstanceIds": {
"type": "StringList",
"description": "List of EC2 Instance IDs to stop"
}
},
"mainSteps": [
{
"action": "aws:changeInstanceState",
"name": "stopInstances",
"inputs": {
"InstanceIds": "{{ InstanceIds }}",
"State": "stopped"
}
}
]
}
Configure Maintenance Window:
Task 1: Schedule the automation document to start instances.
Task 2: Run the SSM Patch Manager task to patch instances.
Task 3: Schedule the automation document to stop instances.
Relevant content
- asked 2 years ago
- Accepted Answerasked a year ago
- asked 3 years ago
- AWS OFFICIALUpdated 3 years ago
- How do I use the Microsoft KB number in Patch Manager to install a specific patch or set of patches?AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- published a year ago