hands-on lab

Automating Patch Management With AWS Systems Manager

Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.
Lab description

AWS Systems Manager features support for automatically patching Amazon EC2 instances with security updates and other software updates. It supports Windows, Linux, and MacOS and does not require you to provision or operate the infrastructure required to apply patches in an automated fashion.

Learning how to use AWS SSM to apply patches will make you more effective at migrating and deploying secure workloads in the public AWS cloud.

In this hands-on lab, you will use AWS SSM Patch Manager to scan for patch updates to an Amazon EC2 instance running Debian Linux.

Learning objectives

Upon completion of this beginner-level lab, you will be able to:

  • Attach a policy to an AWS IAM role
  • Install the AWS SSM agent on a Linux instance
  • Create a state manager association
  • Run and observe a patching scan

Intended audience

  • Candidates for AWS Certified Security Specialty certification
  • Cloud Architects
  • DevOps Engineers


Familiarity with the following will be beneficial but is not required:

  • AWS Systems Manager (SSM)
  • AWS Identity and Access Management (IAM)
  • Amazon Elastic Compute Cloud (EC2)

The following content can be used to fulfill the prerequisites:


March 26th, 2024 - Updated the instructions and screenshots to reflect the latest UI

Environment before
Environment after
About the author
Andrew Burchill
Labs Developer
Learning paths

Andrew is a Labs Developer with previous experience in the Internet Service Provider, Audio Streaming, and CryptoCurrency industries. He has also been a DevOps Engineer and enjoys working with CI/CD and Kubernetes.

He holds multiple AWS certifications including Solutions Architect Associate and Professional.

Covered topics
Lab steps
Logging In to the Amazon Web Services Console
Attaching the SSM Policy to an IAM Role
Connecting to the Virtual Machine using EC2 Instance Connect
Installing the AWS Systems Manager Agent
Running a Patch Scan