AWS Config Rule: EC2 Managed Instance Patch Compliance Status

EC2_MANAGEDINSTANCE_PATCH_COMPLIANCE_STATUS_CHECK

Fernando Honig

Last Update vor 7 Monaten

Description: Checks whether the compliance status of the AWS Systems Manager patch compliance is COMPLIANT or NON_COMPLIANT after the patch installation on the instance. The rule is compliant if the field status is COMPLIANT.


Trigger type: Configuration changes


AWS Region: All supported AWS regions except Middle East (Bahrain), Asia Pacific (Jakarta), Africa (Cape Town), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), Israel (Tel Aviv), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region


How to Resolve Manually

To resolve this manually, you can run an AWS Systems Manager Command.


Go to Systems Manager in your AWS Management Console, and select Run Command in your left menu under Node Management.


Search for AWS-RunPatchBaselineAssociation and indicate if you want to Scan or Install the patches and the Instances you want to make it Patch compliant. Writing the command output to an Amazon S3 bucket is optional. When done, click Run.


How to Resolve with StackZone

You can resolve this with StackZone by enabling the Patch Management Solution. Find this under Provisioning -> Baseline Services -> SSM Patch Management.


Select the Schedule and the TagKey you want for each target. You can configure up to 2 groups.


Once enabled, all your current and new instances, with the specific TagKey created in every account in all enabled regions will be checked and patched automatically according to your desired schedule.


Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

1 out of 1 liked this article

Still need help? Message Us