Centralised patch management in and Organisation

Question

Is it possible to designate an account within and organisation that is not the management account as the centralised patching account?
Currently only the management account gives the option within patch manager to set the targets to be in different accounts.

Thanks

Accepted Answer

Hello Patrick.

You cannot delegate patch management to a different account. Patch Manager is part of node management, and according to the [documentation](https://docs.aws.amazon.com/systems-manager/latest/userguide/setting_up_delegated_admin.html):

> When you set up an organization in AWS Organizations, you assign a management account to perform all administrative tasks for all AWS services. The management account user can [assign a delegated administrator account](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_delegate_policies.html) only for Systems Manager to perform administrative tasks for **Change Manager**, **Explorer**, and **OpsCenter**. AWS Organizations is an account management service that you can use to create an organization and assign AWS accounts to manage these accounts centrally.

I hope this helps.

Centralised patch management in and Organisation

相关内容