Patching for your Amazon EC2 Instances

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] [Applause] [Music] in this video you'll see how to use AWS Systems Manager to automate patching of your windows and linux service create patch groups for different environments and roles and setup patching schedules to install patches on a regular basis we'll start in the AWS management console before you can patch your windows and linux servers you'll need to first ensure that your instances are being managed by AWS Systems Manager to do this let's create a role having specific permissions in Identity and Access Management or I am the service that will use this role is Amazon Elastic cloud compute or ec2 next let's search for the appropriate policy to attach to the role in this case we want to give systems manager permission to manage our ec2 instances next enter a roll name when you're ready click the button to create the roll once you've created a role that ensures your instances will be managed by Systems Manager you can assign the role to existing instances or create new instances in this case let's create some new ec2 instances starting with Linux next let's choose an Amazon machine image for Linux choose an instance type and then configure the instance details in this case let's create five instances next let's assign the role we just created to these instances accept the terms and then launch the instances scroll down to view the instances next let's name the linux instances now that we've launched some Linux instances let's launch some Windows instances in a similar fashion let's verify that both the Amazon ec2 Linux and Windows servers have been properly configured for Systems Manager so we can begin patching them as you can see the new machines now appear in our managed instances before diving into the native AWS systems manager patch manager let's look at the default patch baselines a patch baseline defines which patches are approved for installation on your instances you can use the predefined baselines or you can create your own base lines if you want greater control let's select a default patch baseline for Amazon Linux two machines and then add a patch group to it a patch group is a way to organize instances for patching you can create different patch groups for different operating systems environments or server functions by using Amazon ec2 tags in this case the patch group will be used for a Linux to production environment next let's add the windows instances to the patch group you now that we've created the patch group let's take a look at the approval rules an approval rule specifies that certain types of patches such as critical updates should be automatically approved and installed for instance this approval rule indicates that the system will be updated within seven days next let's go back to the ec2 management console and see how to apply tags to the Linux and Windows instances we created select the instances you want to tag each tag is a simple label consisting of a defined key and the optional value that you define this key value pair makes it easy to manage search for and filter your resources when you configure patching for the patch group it will pull all the instances having this key value pair now that we've set that up we're ready to configure patching for the patch group first specify a patching schedule in this case we'll schedule a new machine maintenance window you can specify a maintenance window schedule by using a cron schedule builder or rate schedule builder or you can enter a cron rate expression let's use a cron schedule builder next indicate how often to run the maintenance window let's run it every day at the specified time next and a rename for the maintenance window now click configure patching if you want to patch instances on-demand that's easy too let's see how in this case we'll skip scheduling and patch the instances now behind the scenes patch manager is using a run command to patch the instances let's take a look at the details as you can see some instances have already successfully been patched while others are still in progress let's view the output for one of the instances that's completed patching you can see that there are two commands one for patching windows and one for patching Linux if the instance is a Windows machine the Linux command will get skipped and vice-versa let's drill down into the output for the windows command this output offers information on the patch group baseline ID start an endtime of the operation the number of patches installed and more in this case we patched our instances by using a default patch baseline let's take a quick look at how you can create a custom patch baseline if you want you can search for available patches by product or severity to help define your own patch baseline creating a new patch baseline takes just a few steps first andr name for the baseline next create Auto approval rules if you want you you can also add any exceptions to automatically approve or reject individual patches if needed now your custom bass line can be used to patch your managed instances you've just seen how to use AWS Systems Manager to automate patching of your windows and linux servers create patch groups for different environments and roles and set up patching schedules to install patches on a regular basis thanks for watching now it's your turn to try

Info

Channel: Amazon Web Services

Views: 35,416

Rating: undefined out of 5

Keywords: AWS, Amazon Web Services, Cloud, cloud computing, AWS Cloud, Systems Manager, Patch Manager, Patch Group

Id: ABtwRb9BFY4

Channel Id: undefined

Length: 8min 20sec (500 seconds)

Published: Fri Jul 05 2019