AWS Systems Manager features support for automatically patching Amazon EC2 instances with security updates and other software updates. It supports Windows, Linux, and MacOS and does not require you to provision or operate the infrastructure required to apply patches in an automated fashion.
Learning how to use AWS SSM to apply patches will make you more effective at migrating and deploying secure workloads in the public AWS cloud.
In this hands-on lab, you will use AWS SSM Patch Manager to scan for patch updates to an Amazon EC2 instance running Debian Linux.
Learning objectives
Upon completion of this beginner-level lab, you will be able to:
- Attach a policy to an AWS IAM role
- Install the AWS SSM agent on a Linux instance
- Create a state manager association
- Run and observe a patching scan
Intended audience
- Candidates for AWS Certified Security Specialty certification
- Cloud Architects
- DevOps Engineers
Prerequisites
Familiarity with the following will be beneficial but is not required:
- AWS Systems Manager (SSM)
- AWS Identity and Access Management (IAM)
- Amazon Elastic Compute Cloud (EC2)
The following content can be used to fulfill the prerequisites:
- AWS Systems Manager Requirements and Building Blocks
- How AWS IAM is Used to Securely Manage Access
- Using Elastic Load Balancing & EC2 Auto Scaling to Support AWS Workloads
Updates
March 26th, 2024 - Updated the instructions and screenshots to reflect the latest UI
Environment before
Environment after
Andrew is a Labs Developer with previous experience in the Internet Service Provider, Audio Streaming, and CryptoCurrency industries. He has also been a DevOps Engineer and enjoys working with CI/CD and Kubernetes.
He holds multiple AWS certifications including Solutions Architect Associate and Professional.