1

I am working on automatic patching using AWS Systems Manager Patch Management, using AWS console. There are parameter setting I do not understand. the AWS document does not explain them clearly, so I am seeking help here:

when creating patch baseline, I see "product", which has ubuntu 14 and 16 for me to choose. what does product mean here? does it mean it will patch my EC2 to ubuntu 16, or it means my ubuntu to be patched is 14? BTW, my EC2 currently is ubuntu14.

when creating Maintenance windows, it shows duration, and cutoff. what is duration and cutoff? (AWS document says: Duration field, type the number of hours you want the Maintenance Window to be active. I do not understand what it means)

Mark B
  • 183,023
  • 24
  • 297
  • 295
user389955
  • 9,605
  • 14
  • 56
  • 98

1 Answers1

1

Sorry for the delay in responding.

The Product field in a patch baseline rule serves to scope the rule to a particular version of the operating system (in this case Ubuntu 14 or Ubuntu 16). If, for instance, you add a rule and set the Product field to Ubuntu 14, that rule only applies to instances that are running Ubuntu 14 (i.e. if you were to patch a Ubuntu 16 instance, that particular rule wouldn't be used).

If you want a rule to be applied to all versions of Ubuntu you can leave the Product field as "All".

In a Maintenance Window, the duration controls for how long tasks are started in the maintenance window. For instance, if you specify a duration of 4 hours, and the maintenance window starts running at 1pm, tasks can be started from 1pm all the way through 5pm. This has the greatest impact if you have a lot of tasks in your maintenance window or if there are a lot of instances the tasks will be run for.

The cutoff works with the duration. Since the maintenance window won't forcibly stop any tasks when it closes (e.g. at 5pm in the example above), the cutoff value can be used to provide a "buffer" so the maintenance window stops scheduling tasks before the window closes. Keeping with the example above, a cutoff value of 1 hour would cause the maintenance window to stop scheduling new tasks at 4pm instead of 5pm (if the cutoff value was 0 hours).

Mats Lannér
  • 1,236
  • 7
  • 6
  • Thanks Mats. I think AWS should hire you to write their document :-). so, 1) product = ubuntu 14 means only ubuntu 14 will be patched. 2) for duration, I do not understand what it is useful, nobody knows how long it will take for all tasks to be finished and obviously we want to have all of them executed. maybe it is useful when we do not want to run patching during day time when others are running EC2. – user389955 Dec 24 '17 at 00:56
  • In the interest of full disclosure I work on the service at AWS, so it's more my fault the documentation isn't better ;-) (1) Setting the product to Ubuntu 14 means patches will only be matched for Ubuntu 14, nothing will match for Ubuntu 16. (2) The duration comes into play when you have lots of tasks in the maintenance window, especially if you have them with different priorities. The duration value helps ensure that lower priority tasks aren't started after the high priority tasks if the maintenance window is no longer open. – Mats Lannér Dec 26 '17 at 21:40