This prescriptive guide describes an automated patching solution that uses Amazon Web Services (AWS) Systems Manager. You can use this solution to patch both your mutable (long-running) Amazon Elastic Compute Cloud (Amazon EC2) instances that span multiple AWS accounts and AWS Regions, and your on-premises instances.
This guide is for users who are involved in designing and building operational capabilities in a hybrid cloud environment to enable application teams to comply with their enterprise’s patch policies. It provides you with a self-service mechanism to deploy pre-approved patches to your application servers.
This guide assumes a good understanding of the following AWS services and concepts:
Systems Manager – Provides a unified user interface for viewing operational data from multiple AWS services and automating operational tasks across your AWS resources.
Systems Manager Inventory – Provides visibility into your Amazon EC2 and on-premises computing environment. You can use Inventory to collect metadata from your managed instances.
Systems Manager Patch Manager – Automates the process of patching managed instances with security-related and other types of updates.
Systems Manager Maintenance Windows – Let you define a schedule for performing potentially disruptive actions on your instances, such as patching an operating system, updating drivers, or installing software or patches.
AWS Lambda – Le
https://docs.aws.amazon.com/prescriptive-guidance/latest/patch-management-hybrid-cloud/welcome.htmlts you run code without provisioning or managing servers.
Amazon QuickSight – Lets you easily create and publish interactive dashboards, including machine learning (ML) Insights. You can access dashboards from any device and embed them into your applications, portals, and websites.
Tagging – Lets you assign metadata to your AWS resources in the form of tags. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.
