By using AWS re:Post, you agree to the AWS re:Post Terms of Use

Do I need to be in the Managerment account to use System Manager / Patch Manager to patch instances across an Organization

0

I see the blog posts about being able to patch across an AWS Organization; I'm just wondering if you need to do that from the Management account or can you do it from a different account? So far it seems like you need to do it from the Management account and it looks like you need to enable a few other services ( like Config ) which I can do; but I already have a delagated account for Config so I would need to move that back to the Management account if I have to patch from there.

1 Answer
0

Hi, thanks for your question.

At the time, AWS Systems Manager Patch Policy across Organization [1] should be deployed from the Management Account. There is no need of setup AWS Config service to create a Patch Policy for your organization. Here is blog post you can follow to complete this setup [2]. In order to monitor your patch compliance , you can use AWS Systems Manager Explorer, which can set up a Delegated Administrator account within your Organization [3].

[1]https://aws.amazon.com/about-aws/whats-new/2023/01/aws-systems-manager-patch-policies-cross-account-region-patching/ [2]https://aws.amazon.com/blogs/mt/centrally-deploy-patching-operations-across-your-aws-organization-using-systems-manager-quick-setup/ [3]https://docs.aws.amazon.com/systems-manager/latest/userguide/Explorer-setup-delegated-administrator.html

Regards,

AWS
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions