AWS Systems Manager features support for automatically patching Amazon EC2 instances with security updates and other software updates. It supports Windows, Linux, and MacOS and does not require you to provision or operate the infrastructure required to apply patches in an automated fashion.

Learning how to use AWS SSM to apply patches will make you more effective at migrating and deploying secure workloads in the public AWS cloud.

In this hands-on lab, you will use AWS SSM Patch Manager to scan for patch updates to an Amazon EC2 instance running Debian Linux.

Learning objectives

Upon completion of this beginner-level lab, you will be able to:

• Attach a policy to an AWS IAM role
• Install the AWS SSM agent on a Linux instance
• Create a state manager association
• Run and observe a patching scan

Intended audience

• Candidates for AWS Certified Security Specialty certification
• Cloud Architects
• DevOps Engineers

Prerequisites

Familiarity with the following will be beneficial but is not required:

• AWS Systems Manager (SSM)
• AWS Identity and Access Management (IAM)
• Amazon Elastic Compute Cloud (EC2)

The following content can be used to fulfill the prerequisites:

• AWS Systems Manager Requirements and Building Blocks
• How AWS IAM is Used to Securely Manage Access
• Using Elastic Load Balancing & EC2 Auto Scaling to Support AWS Workloads

Updates

March 26th, 2024 - Updated the instructions and screenshots to reflect the latest UI