While playing with AWS Systems Manager, I set up a patch baseline to scan and install daily at 7 am with a one day auto-approval rule. The way I understand this is Systems Manager would scan every morning at 7 am for patches. However, the actual install would not occur until a day later (per auto-approval rule). When I checked "Manage Instances" today, under the "Patch" tab, it shows "last updated 8/28/2020 7:01 am". Does this last updated value indicate that a scan for patches was performed and completed? Does it include my install as well? I would think that any patch picked up would be reported somewhere and then actually installed in one day (per approval rule). Are the patches in queue to be installed displayed elsewhere in the console? Thank you.
Asked
Active
Viewed 70 times
0
John Rotenstein
- 241,921
- 22
- 380
- 470
TechNewbie
- 164
- 2
- 15
-
When did you set up these rules? According to the AWS docs, the auto approval rule you are talking about is just a delay that is based off of when the patch was released for the operating system. So if a patch was released today, Systems Manager would install it tomorrow rather than installing it a day after it first notices the patch. – Chris Aug 28 '20 at 21:57
-
@Chris I set this up the day prior (8/27/2020). But, I didn't think about how to truly test the patch baseline. So, I executed a manual scan and install on 8/27/2020. Then, I created one with a schedule immediately after to allow it to run daily at 7 am with an auto approval rule of 1 day. When I checked on 8/28/2020, I saw last updated date of 8/28/2020 7:01 am. Likely, I did not pick up any patches since I just installed the day before. But, I am curious where I would be informed of new patches and that a delay would occur for the install. – TechNewbie Aug 31 '20 at 14:02
-
In a production environment, I would set auto approval at around 7 days. So, the hope is that I would be notified of new patches available and in queue for install somewhere? – TechNewbie Aug 31 '20 at 14:13