image
Patch Manager

Contents

DOP-C02 Introduction
1
Management and Governance (DOP-C02) - Introduction
PREVIEW2m 53s
Amazon CloudWatch
2
What is Amazon CloudWatch?
PREVIEW11m
3
CloudWatch Dashboards
PREVIEW8m 32s
4
Anomaly Detection
PREVIEW14m 35s
5
CloudWatch Subscriptions
PREVIEW7m 25s
Advanced CloudFormation Skills
14
State Machines
PREVIEW8m 54s
15
Data Flow
19m 36s
16
Lifecycle Demos
41m 43s
17
Nested Stacks
5m 54s
18
Nested Stacks Demos
12m 54s
19
Custom Resources
11m 28s
20
Custom Resource Demos
15m 12s
AWS OpsWorks
21
AWS OpsWorks
1m 40s
Parameter Store vs. Secrets Manager
40
Parameters and Secrets
PREVIEW10m 16s
AWS Service Catalog
41
AWS Service Catalog
PREVIEW10m 34s
42
DEMO: AWS Service Catalog
5m 51s
AWS Control Tower
47
AWS Control Tower
PREVIEW19m 56s
Managing Product Licenses
50
AWS License Manager
2m 55s
Amazon Managed Grafana
51
Amazon Managed Grafana
1m 51s
Amazon Managed Service for Prometheus
52
Amazon Managed Service for Prometheus
1m 26s
AWS Proton
57
AWS Proton
1m 27s
AWS Resilience Hub
58
AWS Resilience Hub
1m 42s

The course is part of this learning path

AWS DevOps Engineer – Professional (DOP-C02) Certification Preparation
13
14
28
3
Start course
Overview
Difficulty
Intermediate
Duration
7h 24m
Students
80
Ratings
4.3/5
starstarstarstarstar-half
Description

This course provides detail on the AWS Management & Governance services relevant to the AWS Certified DevOps Engineer - Professional exam.

Want more? Try a lab playground or do a Lab Challenge!

Learning Objectives

  • Learn how AWS AppConfig can reduce errors in configuration changes and prevent application downtime
  • Understand how the AWS Cloud Development Kit (CDK) can be used to model and provision application resources using common programming languages
  • Get a high-level understanding of Amazon CloudWatch
  • Learn about the features and use cases of the service
  • Create your own CloudWatch dashboard to monitor the items that are important to you
  • Understand how CloudWatch dashboards can be shared across accounts
  • Understand the cost structure of CloudWatch dashboards and the limitations of the service
  • Review how monitored metrics go into an ALARM state
  • Learn about the challenges of creating CloudWatch Alarms and the benefits of using machine learning in alarm management
  • Know how to create a CloudWatch Alarm using Anomaly Detection
  • Learn what types of metrics are suitable for use with Anomaly Detection
  • Create your own CloudWatch log subscription
  • Learn how AWS CloudTrail enables auditing and governance of your AWS account
  • Understand how Amazon CloudWatch Logs enables you to monitor and store your system, application, and custom log files
  • Explain what AWS CloudFormation is and what it’s used for
  • Determine the benefits of AWS CloudFormation
  • Understand what the core components are and what they are used for
  • Create a CloudFormation Stack using an existing AWS template
  • Learn what VPC flow logs are and what they are used for
  • Determine options for operating programmatically with AWS, including the AWS CLI, APIs, and SDKs
  • Learn about the capabilities of AWS Systems Manager for managing applications and infrastructure
  • Understand how AWS Secrets Manager can be used to securely encrypt application secrets
Transcript

Patch Manager is the secure and scalable management service feature of Systems Manager that allows you to automate the process of patching managed instances with both security and reliability patches. You can use Patch Manager to apply updates to both the operating system and applications running on managed instances, you can patch fleets of managed instances by operating system types, including Amazon Linux, Amazon Linux 2, Ubuntu Server, and Windows Server among others.

Managed instances can be scanned for a report of missing patches, or they can be scanned and automatically have the missing patches installed. You can also generate patch compliance report. Patch Manager integrates with AWS CloudTrail, Amazon Event Bridge, Amazon S3, AWS Config, and AWS Identity and Access Management, this will permit you to gather any patch data and send it to other AWS services when necessary.

So where are these patches defined? Patch Manager uses what's called patch baselines. AWS Systems Manager provides predefined patch baselines for each operating system supported by AWS. You can use the baselines as is or you can create your own custom patch baselines. Custom patch baselines allow you greater control and flexibility to manage your fleet patch strategy. The predefined patch baselines usually include vendor patches classified as Security or Bugfix, and have a severity of critical or important.

Consider having a large fleet of instances that need patching. There are a few details important to keep in mind for patch deployment. You can use a patch group to designate groups of instances that are to be patched with a specific baseline. Patch groups can help you organize your patch deployment strategy across environments like development and production or application tiers like web servers, application servers, or data servers. You can create a patch group using resource packs.

A patch group resource tag must be defined using the tag key of Patch Group, this is a specific key, two words, the word patch capital P, the word group capital G, one space between, so they're two separate words with the proper capitalization. The key is case sensitive and it is a requirement. You can assign any value like web servers and app servers to the Patch Group key. So there are five systems manager documents available to help patching your instance with the latest security related updates. They provide a full range of patching options for Windows updates and Linux patch baselines.

Last but not least, keep in mind that you can also define maintenance windows for your patches, so that they are only applied during preset times. Patch Manager ensures that your software is up to date and meet your compliance policies. The five SSM documents include AWS-ConfigureWindowsUpdate, AWS-InstallWindowsUdate, AWS-RunPatchBaseline, AWS-RunPatchBaselineAssociation, and AWS-RunPatchBaselinewithHooks.

About the Author
Avatar
Stuart Scott
AWS Content Director
Students
229443
Labs
1
Courses
216
Learning Paths
173

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.

Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.