Working with Patch Manager resources and compliance using the console

To use Patch Manager, a tool in Amazon Systems Manager, complete the following tasks. These tasks are described in more detail in this section.

Verify that the Amazon predefined patch baseline for each operating system type that you use meets your needs. If it doesn't, create a patch baseline that defines a standard set of patches for that managed node type and set it as the default instead.
Organize managed nodes into patch groups by using Amazon Elastic Compute Cloud (Amazon EC2) tags (optional, but recommended).
Do one of the following:
- (Recommended) Configure a patch policy in Quick Setup, a tool in Systems Manager, that lets you install missing patches on a schedule for an entire organization, a subset of organizational units, or a single Amazon Web Services account. For more information, see Configure patching for instances in an organization using a Quick Setup patch policy.
- Create a maintenance window that uses the Systems Manager document (SSM document) AWS-RunPatchBaseline in a Run Command task type. For more information, see Tutorial: Create a maintenance window for patching using the console.
- Manually run AWS-RunPatchBaseline in a Run Command operation. For more information, see Running commands from the console.
- Manually patch nodes on demand using the Patch now feature. For more information, see Patching managed nodes on demand.
Monitor patching to verify compliance and investigate failures.

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Turning off Kernel Live Patching

Creating a patch policy