Amazon Systems Manager Maintenance Windows - Amazon Systems Manager
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon Systems Manager Maintenance Windows

Maintenance Windows, a capability of Amazon Systems Manager, helps you define a schedule for when to perform potentially disruptive actions on your nodes such as patching an operating system, updating drivers, or installing software or patches. With Maintenance Windows, you can schedule actions on numerous other Amazon resource types, such as Amazon Simple Storage Service (Amazon S3) buckets, Amazon Simple Queue Service (Amazon SQS) queues, Amazon Key Management Service (Amazon KMS) keys, and many more. For a full list of supported resource types that you can include in a maintenance window target, see Resources you can use with Amazon Resource Groups and Tag Editor in the Amazon Resource Groups User Guide. To get started with Maintenance Windows, open the Systems Manager console. In the navigation pane, choose Maintenance Windows.

Note

State Manager and Maintenance Windows can perform some similar types of updates on your managed nodes. Which one you choose depends on whether you need to automate system compliance or perform high-priority, time-sensitive tasks during periods you specify.

For more information, see Choosing between State Manager and Maintenance Windows.

Each maintenance window has a schedule, a maximum duration, a set of registered targets (the nodes or other Amazon resources that are acted upon), and a set of registered tasks. You can add tags to your maintenance windows when you create or update them. (Tags are keys that help identify and sort your resources within your organization.) You can also specify dates that a maintenance window shouldn't run before or after, and you can specify the international time zone on which to base the maintenance window schedule.

For an explanation of how the various schedule-related options for maintenance windows relate to one another, see Maintenance window scheduling and active period options.

For more information about working with the --schedule option, see Reference: Cron and rate expressions for Systems Manager.

Supported task types

Maintenance windows support running four types of tasks:

Note

One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Amazon Lambda, and Amazon Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets.

This means you can use maintenance windows to perform tasks like the following on your selected targets.

  • Install or update applications.

  • Apply patches.

  • Install or update SSM Agent.

  • Run PowerShell commands and Linux shell scripts by using a Systems Manager Run Command task.

  • Build Amazon Machine Images (AMIs), boot-strap software, and configure nodes by using a Systems Manager Automation task.

  • Run Amazon Lambda functions that invokes additional actions, such as scanning your nodes for patch updates.

  • Run Amazon Step Functions state machines to perform tasks such as removing a node from an Elastic Load Balancing environment, patching the node, and then adding the node back to the Elastic Load Balancing environment.

  • Target nodes that are offline by specifying an Amazon resource group as the target.

EventBridge support

This Systems Manager capability is supported as an event type in Amazon EventBridge rules. For information, see Monitoring Systems Manager events with Amazon EventBridge and Reference: Amazon EventBridge event patterns and types for Systems Manager.