Patching of Windows and Linux servers (EC2 Instances) using AWS SSM

resource: https://docs.aws.amazon.com/systems-manager/latest/userguide/what-is-systems-manager.html

Create an IAM Role for EC2

Search for IAM in AWS console and Click on “Create Role” as shown below:

2.Create an IAM Role, attach the AmazonEC2RoleforSSM Managed policy as shown below:

3. Attach IAM roles to all the servers you want patch

Go to fleet manager , check the managed instance there,

Add tags so that we can group them.

AWS Systems Manager Fleet Manager is a feature within AWS Systems Manager that provides a centralized view of your managed instances. It allows you to efficiently manage, monitor, and troubleshoot your fleet of instances across your AWS accounts and on-premises environments.

Nodes: In the context of AWS Systems Manager, a “node” typically refers to an individual managed instance. These instances can be EC2 instances, on-premises servers, or virtual machines running in your environment. Systems Manager helps you manage these nodes by providing a suite of tools for tasks like patch management, configuration management, automation, and more.

Tags: Tags are key-value pairs that you can assign to AWS resources, including EC2 instances and other managed resources. Tags are incredibly useful for organizing and categorizing your resources, allowing you to assign metadata to resources based on their purpose, environment, owner, or any other relevant attribute. In the case of managing instances with Systems Manager, tags can be used to group instances, apply policies, automate tasks, or simply provide additional context about the instances. For example, you might tag instances with values like “Environment: Production” or “Application: WebServer” to indicate their role or environment within your infrastructure. Tags provide flexibility and granularity in managing and organizing your resources effectively.

4. Patch Baseline creation

Either choose the recommended defaults

or custom patch baseline

5. Patching the instance

To verify the patch compliance a system scan has to be performed:

Go To navigation->Run Command and click “Run Command”

6.Below is the result of scanned EC2 instances:

outputs:

7. Conclusion

By implementing SSM Patch Manager, you can streamline the patching process, reduce manual intervention, and maintain the security and compliance of your infrastructure. With its centralized management capabilities and automation features, SSM Patch Manager helps you keep your servers protected against vulnerabilities and ensures the stability and reliability of your AWS environment.