AWS Config Rule: EC2 Managed Instance Patch Compliance Status


Fernando Honig

Last Update há 3 dias

Description: Checks whether the compliance status of the AWS Systems Manager patch compliance is COMPLIANT or NON_COMPLIANT after the patch installation on the instance. The rule is compliant if the field status is COMPLIANT.

Trigger type: Configuration changes

AWS Region: All supported AWS regions except Middle East (Bahrain), Asia Pacific (Jakarta), Africa (Cape Town), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), Israel (Tel Aviv), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region

How to Resolve Manually

To resolve this manually, you can run an AWS Systems Manager Command.

Go to Systems Manager in your AWS Management Console, and select Run Command in your left menu under Node Management.

Search for AWS-RunPatchBaselineAssociation and indicate if you want to Scan or Install the patches and the Instances you want to make it Patch compliant. Writing the command output to an Amazon S3 bucket is optional. When done, click Run.

How to Resolve with StackZone

You can resolve this with StackZone by enabling the Patch Management Solution. Find this under Provisioning -> Baseline Services -> SSM Patch Management.

Select the Schedule and the TagKey you want for each target. You can configure up to 2 groups.

Once enabled, all your current and new instances, with the specific TagKey created in every account in all enabled regions will be checked and patched automatically according to your desired schedule.

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

1 out of 1 liked this article

Still need help? Message Us