Patch Manager is an automated tool that helps you simplify your operating system patching process, including selecting the patches you want to deploy, the timing for patch roll-outs, controlling instance reboots, and many other tasks. You can define auto-approval rules for patches with an added ability to black-list or white-list specific patches, control how the patches are deployed on the target instances (e.g. stop services before applying the patch), and schedule the automatic roll out through maintenance windows. These capabilities help you automate your patch maintenance process to save you time and reduce the risk of non-compliance.
Amazon EC2 Systems Manager is now generally available
Try Amazon EC2 Systems Manager for FreePatch Baselines let you define the set of patches you have approved or blocked for deployment to your instances. In a Patch Baseline, you can select patches by the products (Windows Server 2008, Windows Server 2012, etc.), categories (Critical Updates, Security Updates, etc.) and severities for which you would like to review patches for deployment. For each category selected, you can then define a schedule on which the contained patches will be automatically approved for distribution (e.g. wait for 7 days before applying a non-critical patch, but all security vulnerabilities are installed on day 1). In addition to the rules, you can also specify a whitelist and blacklist of patches which indicate patches which are to be installed or blocked respectively. At the time of patching, Patch Manager will assess targeted instances for only the patches that have been approved prior to that point in time.
You can use Patch Manager to scan your existing fleet of instances and determine the current patch level of your software. You can use Patch Manager to examine for each instance the patch levels currently installed, any patches missing, patches most recently applied, and other important information to determine your overall patch compliance.
