Update management in Amazon EC2 - Amazon Elastic Compute Cloud
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Update management in Amazon EC2

We recommend that you regularly patch, update, and secure the operating system and applications on your EC2 instances. You can use Amazon Systems Manager Patch Manager to automate the process of installing security-related updates for both the operating system and applications.

For EC2 instances in an Auto Scaling group, you can use the AWS-PatchAsgInstance runbook to help avoid instances that are undergoing patching from being replaced. Alternatively, you can use any automatic update services or recommended processes for installing updates that are provided by the application vendor.

You should configure Windows Update on your Amazon EC2 instances running Windows Server. By default, you will not receive Windows updates on AMIs provided by Amazon. For more information, see Best practices for Windows on Amazon EC2.

For a list of the latest Amazon EC2 AMIs running Windows Server, see Details About Amazon Windows AMI Versions.