Managing your EC2 Microsoft patch management

Managing Microsoft updates manually or through WSUS can be challenging in large environments.  AWS Systems Manager allows you to manage all your AWS EC2 infrastructure with a single pane of glass.

Within this single pane of glass, you can view your EC2 inventory, patch baselines, compliance against those baselines, and run ad hoc scans and patch installs.  Streamlining the update process with use of maintenance windows and automation will allow for repeatability and stability of the monthly Microsoft update process.

From a high level here are some of the steps to setup this service:

1.  Create an IAM role with the AmazonSSMFullAccess policy to allow Systems Manager to manage your EC2 instances.  The SSM agent is pre-installed on all Amazon created EC2 AMIs which System Manager uses to perform functions.

2.  Add the newly created IAM role to your EC2 instances.

3.  In a short time, you will begin to see the systems check into Inventory under Systems Manager.

4.  Create your Patch Management baseline. You can use the default, or create one and set it as the new default.

5.  Create a schedule so the machines are patched automatically. If you have different times you want to patch instances, consider using tags to setup different schedules.

After configuration, Patch Manager will use Run Command to call the RunPatchBaseline document to evaluate which patches should be installed on target instances according to each instance’s operating system type directly or during the defined schedule (Maintenance Window).

Have A Question?

Innovative Solutions is an Advanced Consulting Partner with expertise in Microsoft Workloads. Innovative is a service delivery partner for Windows on EC2 and part of the Service Delivery Program.

Learn more about our CLOUD services

Contact us to START THE conversation

Subscribe to Our Newsletter


  • This field is for validation purposes and should be left unchanged.