You must be logged in to view saved presets
Custom Patch Baseline
Configure an AWS Systems Manager Custom Patch Baseline and Patch Groups. Custom Patch Baselines allow custom rules for selecting which patches are applied to instances and operating systems.
Patches to be installed are defined based on rules (up to 10), which include the following options:
- Operating System: Windows, Amazon Linux, Ubuntu Server, and so on.
- Product: For example, RHEL 6.5, Amazon Linux 2014.09, Windows Server 2012, Windows Server 2012 R2, and so on.
- Classification: For example, critical updates, security updates, and so on.
- Severity: For example, critical, important, and so on.
- Auto-approval delay: The number of days to wait after the patch was released, before the patch is automatically approved for patching
Patch groups are Tags assigned to Instances, but must have the key Patch Group. The values can be anything. (Default configuration has the value custom-patch-group)
Optionally, enable Set as Default Patch Baseline to make the new Patch Baseline the default one for all instances. It is recommended to review the patch rules carefully before selecting this option. (A CloudFormation custom resource is included to enable this option)
Items
1
Size
0.7 KB
Missing Parameters
AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
PatchBasline:
Type: 'AWS::SSM::PatchBaseline'
Properties:
Name: custom-patch-baseline
Description: Custom patch baseline
OperatingSystem: WINDOWS
PatchGroups:
- custom-patch-group
ApprovalRules:
PatchRules:
- ApproveAfterDays: '7'
PatchFilterGroup:
PatchFilters:
- Key: PRODUCT
Values:
- '*'
- Key: CLASSIFICATION
Values: []
- Key: MSRC_SEVERITY
Values: []
- Key: PATCH_SET
Values:
- OS
Parameters: {}
Metadata: {}
Conditions: {}
Actions
Customize Template
* Required field
© 2024 asecurecloud. All rights reserved.