AWS Cloud infrastructure management can be defined as setup, optimization of components, monitoring and configurations under the cloud infrastructure. It works through a web-based interface. Mainly cloud infrastructure management provides an enterprise with some level of consolidated IT resources and scalability. The users can share the exact infrastructure without compromising the data of each other.
What is an AWS System Manager(SSM)?
AWS System Manager which is also known as SSM is an operational section of the AWS platform. It is a service used to view and control the infrastructure in AWS. The System Manager console helps to get the details from various AWS services and can automate the operational tasks all across the AWS resources and also maintain the security and complaints by scanning the managed instances and providing the reports if it detects any policy violations.
A managed instance is a machine in which it is configured for using a system manager. The system manager helps to configure and maintain the managed instance. For example, the supported machine types include Amazon EC2 instance, virtual machine (VMs), including VMs on other cloud environments, and on-premises servers. Windows, macOS, Raspbian, and multiple distributions of Linux.
This AWS System Manage is included with multiple operations as per listed below,
- Patch Manager
- State Manager
- RUN command
- Maintenance Window
- Ops Center
- Parameter Store
AWS Patch Manager:
AWS Patch Manager is considered as one of the major components of AWS System Manager in which it automates the process of applying patches to the Managed instances in both case of updates as well as security patches. With the help of the AWS Patch Manager, we can scan the instance and find out the missing patches and also install the patches which were missing to individual instances or a large group of instances using the EC2 tags method. It is also used with System Manager Maintenance Windows, so that we can create a document to schedule and process the patch operation on the instances on a particular customized maintenance window. We can use the patch manager for applying patches on both the running applications and Operating systems under instances.
This is used to install service packs on windows and VMs as per the OS type. The supported versions are as per mentioned below,
- Amazon Linux
- Amazon Linux 2
- Debian Server
- Oracle Linux
- Red Hat Enterprise
- SUSE Linux Enterprise Server(SLES)
- Ubuntu Server
- Windows Server.
We have the option to scan the corresponding instances to get the report of missing patches or else, can scan and perform the automatic install for all the missing patches.
The Patching Process:
The patching process consist of 5 main steps while processing,
- Define the default Patch Baseline
Patch baselines depend on the OS, which will be having its own default patch baselines. It will define what needs to be installed which includes rules for auto approval patches with respect to the days of its release, and also the list of rejected and approved patches.
- Creating the Patch Groups
This will define the group of resources and act as a target parching task.
- Creating a Maintenance Window
This is considered as the important agent in the complete patching process. It defines schedule,targets,duration and tasks.
- Executing the Patch RUN command
This will execute the command(build in Run command) to the target(s).
- Compliance check
This process is done after the patches are executed and will check for compliance issues.
Patch Manager Prerequisites:
Before using the Patch Manager we may need to check and make sure to meet the required prerequisites before proceeding with the Patch Manager.
SSM Agent version:
Version 2.0.834.0 or later
Connectivity to the patch source:
Need to confirm that the instance is having direct connection to the internet.
S3 endpoint access:
The instance should also have access to the Amazon Simple Storage Service(Amazon S3) buckets, otherwise the patching process will fail.
Supported operating systems:
All the OS versions are not supported by the Patch manager which are supported by Systems Manager capabilities. Also the supported OS details have been already listed above with details.