SSM Patch Manager default patch baseline updates?


I have looked around and I can’t seem to find how often/if the Default Patch Baselines in SSM Patch Manager are updated. It seems to me they are pulled from an S3 bucket each time you run a scan but I can’t seem to find how often AWS is updating them and outside of going through the code myself I don’t see anything about which changes have been made.

1 Answer

The Default Patch Baselines in SSM Patch Manager are updated by AWS on a regular basis, typically on a monthly basis. The updates are released as new versions of the Amazon Linux and Windows Server AMIs are published.

When you run a patch scan, the latest available patch data is retrieved from the SSM Patch Manager service, which pulls the patch data from the S3 bucket. The patch data includes the latest patches for each supported operating system, as well as information about patch severity, installation priority, and other metadata.

AWS recommends that you regularly update your Default Patch Baselines to ensure that you are applying the latest security patches and updates to your instances. You can also create custom patch baselines to specify your own patching criteria and schedules, if needed.

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions