Posted On: Feb 3, 2021

Patch Manager, a capability of AWS Systems Manager, now enables you to configure actions to be performed on a managed instance before and after installing patches. Using this feature, you can configure actions to perform pre-installation checks such as ensuring that “Windows Update Service” is running before patching instances. Furthermore, you can configure actions that perform post-installation health checks to ensure that your instances are healthy after being patched.  

To get started, from the Systems Manager console, navigate to Patch Manager, choose ‘Patch now’ and configure scripts that run before and after patching under ‘Advanced Options’. You can also configure scripts to run before and after your scheduled patch installations using the AWS-RunPatchBaselineWithHooks document. Furthermore, the configured scripts can easily be shared across AWS accounts using Systems Manager document sharing. These feature are only available for Systems Manager Agent (SSM Agent) version 3.0.502 and higher.  

This feature is available in all AWS Regions where Patch Manager is supported, excluding AWS China (Beijing and Ningxia) Regions. For more details about the feature and Patch Manager, visit the AWS Systems Manager product page and documentation.