AWS SSM patch management

The AWS SSM patch management feature leverages Amazon’s systems manager to build a scalable, reliable patch implementation process. Here you define two different schedules and then tag your EC2 instances with either the first schedule’s tag, or the second.

When the first schedule’s time arrives, SSM will automatically patch all EC2 instances with the corresponding tag. We will then do the same when the second schedule’s time arrives. This means you can auto-patch all UAT and Dev Instances on one day, review the results, and have the production level instances patched in the same way at a later time in the week. A great way to automate compliance and mitigate software vulnerabilities.