Do I need to be in the Managerment account to use System Manager / Patch Manager to patch instances across an Organization


I see the blog posts about being able to patch across an AWS Organization; I'm just wondering if you need to do that from the Management account or can you do it from a different account? So far it seems like you need to do it from the Management account and it looks like you need to enable a few other services ( like Config ) which I can do; but I already have a delagated account for Config so I would need to move that back to the Management account if I have to patch from there.

asked 12 days ago15 views
1 Answer

Hi, thanks for your question.

At the time, AWS Systems Manager Patch Policy across Organization [1] should be deployed from the Management Account. There is no need of setup AWS Config service to create a Patch Policy for your organization. Here is blog post you can follow to complete this setup [2]. In order to monitor your patch compliance , you can use AWS Systems Manager Explorer, which can set up a Delegated Administrator account within your Organization [3].

[1] [2] [3]


answered 12 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions