Patching noncompliant managed nodes - Amazon Systems Manager
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Patching noncompliant managed nodes

Many of the same Amazon Systems Manager tools and processes you can use to check managed nodes for patch compliance can be used to bring nodes into compliance with the patch rules that currently apply to them. To bring managed nodes into patch compliance, Patch Manager, a capability of Amazon Systems Manager, must run a Scan and install operation. (If your goal is only to identify noncompliant managed nodes and not remediate them, run a Scan operation instead. For more information, see Identifying noncompliant managed nodes.)

Install patches using Systems Manager

You can choose from several tools to run a Scan and install operation: