AWS Systems Manager | Patch Manager Flashcards
Can I control who can execute a command?
Patch Manager
AWS Systems Manager | Management Tools
Yes. Using the published AWS Identity and Access Management (IAM) permissions and policies, you can use tag-based permissions to control who has access to execute commands or documents on specific instances. For example, you can specify an IAM user who can run PowerShell commands, but not join an instance to a domain. Another IAM user can only be given access to run a very specific command, like restarting services, giving you the flexibility to specify how much access any given user can have.
What is AWS Systems Manager patch manager?
Patch Manager
AWS Systems Manager | Management Tools
AWS Systems Manager helps you select and deploy operating system and software patches automatically across large groups of Amazon EC2 or on-premises instances. Through patch baselines, you can set rules to auto-approve select categories of patches to be installed, such as operating system or high severity patches, and you can specify a list of patches that override these rules and are automatically approved or rejected. You can also schedule maintenance windows for your patches so that they are only applied during preset times. Systems Manager helps ensure that your software is up-to-date and meets your compliance policies.
How do I specify when I want to patch an instance?
Patch Manager
AWS Systems Manager | Management Tools
You can use an AWS Systems Manager maintenance window to define when patching occurs. AWS Systems Manager provides you the ability to define one or more recurring windows of time during which it is acceptable for your own maintenance to occur. By defining these windows and associating your instances with them, it is easier for you to ensure that any maintenance activities you perform on your instances which may affect the availability of a workload is done so during a well-defined window of time.
How do I customize the patching process?
Patch Manager
AWS Systems Manager | Management Tools
AWS Systems Manager provides a fully automated patching process. You can easily customize the patching process by writing your own AWS Systems Manager command or automation document.
What types of patches can I install?
Patch Manager
AWS Systems Manager | Management Tools
AWS Systems Manager supports the patching of Windows- and Linux-based instances. Please visit our documentation to see the versions currently supported.
How do I pick the patches I want to install?
Patch Manager
AWS Systems Manager | Management Tools
Patch baselines define the set of patches you have approved or blocked for deployment to your instances. In a patch baseline, you can select patches by the products (e.g., Windows Server 2008, Windows Server 2012, etc.), categories (e.g., critical updates, security updates, etc.), and severities for which you want to review patches for deployment. For each category selected, you can then define a schedule on which the contained patches will be automatically approved for deployment. In addition to the rules, you can also specify a whitelist and blacklist of patches that indicate patches that are to be installed or blocked respectively. At the time of patching, AWS Systems Manager will assess targeted instances for only the patches that have been approved prior to that point in time.
