Posted On: Jan 17, 2023

Now deploy patch policies across AWS accounts and AWS Regions using AWS Systems Manager Patch Manager and AWS Organizations.

Today, we introduce Patch Policies, a new capability of AWS Systems Manager Patch Manager. Patch Policies provide a user experience in a single console to easily define and enforce patch compliance across accounts and Regions with a few clicks. With this launch, you can now make sure all instances in your AWS Organization scan and install patches based on centrally defined patch rules from an AWS Organization management account. You can create and manage multiple Patch Policies at once, enabling you to control patching operations for different sets of instances across accounts and Regions. 

To get started, navigate to Patch Manager in the Systems Manager console and create a Patch Policy. Patch Policies automate the process of scanning and installing patches and can be deployed across the entire AWS organization or for specific organizational units (OUs) and nodes. You can define Patch Policies based on AWS recommended configuration and patch rules or customize them to suit your requirements. You can view instance patch compliance by navigating to AWS Systems Manager Explorer.

This feature is available in all public AWS Regions where AWS Systems Manager is offered, except Amazon Web Services China (Beijing, operated by Sinnet), Amazon Web Services China (Ningxia, operated by NWCD), and AWS GovCloud (US) Regions. For more details about Patch Manager, visit the AWS Systems Manager User Guide or read our Blog Post on Patch Policies. To learn more about Systems Manager features, see AWS Systems Manager.