Integrate EC2 Image Builder with SSM Patch Manager baseline
0
How can I integrate EC2 Image Builder receipts to use an existing patches baseline created in Systems Manager Patch Manager? CouldnΒ΄t find a native option to do that, so wonder if a script inside the receipt will do the job. Thank you
- Language
- English
asked 2 years ago1.3K views
1 Answer
- Newest
- Most votes
- Most comments
2
Accepted Answer
You can achieve it through the following:
- EC2 Image Builder provides two AWS-provided patching components, update-linux and update-windows, which install all pending operating system updates using the UpdateOS action module. These components can be added to your image build pipelines from the list of AWS-provided components. Additionally, you can create custom build components for selective patch installation or updates on supported AMIs using shell scripts or by using the UpdateOS action moduleββ.
- In Patch Manager, you can create custom patch baselines and specify various parameters for patch installation and exclusionββ.
- To link Patch Manager with EC2 Image Builder, you would need to create a maintenance window in Systems Manager. Then, you should register targets (your EC2 instances) to this maintenance window, specifying the patch group key-value tag you created earlier. After this, you assign tasks to the maintenance window, such as patch installation tasks, using the AWS-RunPatchBaselineWithHooks command document. This process allows you to schedule and automate patch installations in alignment with your custom patch baselineββ.
If this has resolved your issue or was helpful, accepting the answer would be greatly appreciated. Thank you!
Relevant content
asked 3 years ago
