Does elastic beanstalk managed updates replace the need for patch manager (Windows)?

Question

With version 2 of the Elastic Beanstalk platform for Windows, managed platform updates are enabled in immutable update scenarios (https://aws.amazon.com/about-aws/whats-new/2019/02/aws-elastic-beanstalk-now-offers-windows-server-platform-v2-With-new-features/). I cannot seem to get confirmation on whether or not this replaces the need for SSM Patch manager to apply Windows updates, specifically security updates?

Can anyone confirm if the managed platform updates are sufficient to keep my Windows E2C instances secure? This post seems to be dated with the latest beanstalk updates: Does beanstalk automatically update and patch the windows image it uses? .

Answer 1

The official information I received from AWS is as follows:

"In general we release one Windows platform update per month, which includes Microsoft’s monthly roll-up of patches. We’ve got a release in process right now, which should be available later this week. You can keep an eye on our release notes pages for the announcement”"

Long story short for critical updates SSM Patch Manager is recommended, otherwise you will get everything monthly. Hope this helps someone it was a long road to get this answer.