AWSEC2-PatchLoadBalancerInstance - Amazon Systems Manager Automation runbook reference
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).



Upgrade and patch minor version of an Amazon EC2 instance (Windows or Linux) attached to any load balancer (classic, ALB, or NLB). The default connection draining time is applied before the instance is patched. You can override the wait time by entering your custom draining time in minutes (1-59) for the ConnectionDrainTime parameter.

The automation workflow is as follows:

  1. The load balancer or target group to which the instance is attached is determined, and the instance is verified as healthy.

  2. The instance is removed from the load balancer or target group.

  3. The automation waits for the period of time specified for the connection draining time.

  4. The AWS-RunPatchBaseline automation is called to patch the instance.

  5. The instance is reattached to the load balancer or target group.

Run this Automation (console)

Document Type






  • InstanceId

    Type: String

    Description: (Required) ID of the instance to patch that is associated with a load balancer (classic, ALB, or NLB).

  • ConnectionDrainTime

    Type: String

    Description: (Optional) The connection draining time of the load balancer, in minutes (1-59).