How to manage SSM Quick Setup configuration managers via aws cli

0

Hi there!

We are currently using patch policies via the Quick Setup configuration managers. I have been recently tasked with updating some of the cron schedules for scan and install settings. We have quite a few of these setup, so going through the UI would be quite tedious. I did stumble upon the CLI Reference for ssm-quicksetup, specifically update-configuration-manager, but there seems to be no way to update the actual parameters within the configuration manager patch policy.

For example, below is a payload that I would like to send to a particular patch policy:

{ "Parameters": { "ConfigurationOptionsScanValue": "cron(15 7 ? * WED#2 *)", "ConfigurationOptionsInstallValue": "cron(30 7 ? * WED#2 *)", "ConfigurationOptionsScanNextInterval": "false", "ConfigurationOptionsInstallNextInterval": "false", "ConfigurationOptionsPatchOperation": "ScanAndInstall", "RateControlConcurrency": "100%", "RateControlErrorThreshold": "25%", "RebootOption": "NoReboot", "PatchBaselineUseDefault": "custom", "PatchPolicyName": "ca1-pre" } }

Is anyone aware of a method to do this operation in bulk, whether through the UI or maybe even some API function?

已提問 2 個月前檢視次數 196 次
2 個答案
0

Yes, you can manage SSM Quick Setup configuration managers via the AWS CLI, including updating patch policy parameters. While the update-configuration-manager command doesn't directly allow updating the specific parameters within a patch policy, you can use a combination of commands to achieve this.

Here's a general approach you can take:

  1. First, use the get-configuration-manager command to retrieve the current configuration of the patch policy you want to update.

  2. Modify the retrieved configuration JSON, updating the parameters you want to change (like the cron schedules for scan and install settings).

  3. Use the update-configuration-manager command with the modified configuration to update the patch policy.

Here's an example of how you might do this:

  1. Get the current configuration:

    aws ssm-quicksetup get-configuration-manager --name "your-config-manager-name"
    
  2. Save the output to a file, modify the necessary parameters in the JSON (like the ones in your example payload).

  3. Update the configuration manager with the modified JSON:

    aws ssm-quicksetup update-configuration-manager --name "your-config-manager-name" --configuration-definitions file://path-to-your-modified-json-file
    

To perform this operation in bulk, you could create a script that iterates through your list of configuration managers, retrieves their configurations, modifies the necessary parameters, and then updates each one.

Keep in mind that changes to custom patch baselines are synchronized with Quick Setup once an hour. Also, if a custom patch baseline referenced in a patch policy is deleted, you'll need to select a new patch baseline for the affected operating system.

While this method requires some scripting, it allows you to update multiple patch policies programmatically, which is more efficient than using the UI for numerous updates.
Sources
Using the Quick Setup API to manage configurations and deployments - AWS Systems Manager
ssm-quicksetup — AWS CLI 2.21.0 Command Reference
Configure patching for instances in an organization using Quick Setup - AWS Systems Manager

profile picture
已回答 2 個月前
profile picture
專家
已審閱 2 個月前
0

Patch manager GuI isn’t very intuitive imho

profile picture
專家
已回答 2 個月前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南