Meeting Your Baseline with Patch Manager

Using AWS Systems Manager Patch Manager
Patch management is an integral component of vulnerability management. To ensure your EC2 instances are compliant with patching standards, you must use AWS Systems Manager to apply patch baselines to instances. To associate a specific patch baseline with your instances, you will add EC2 instances to a patch group, then adding a patch group to a patch baseline. 

For more information, visit the AWS documentation on creating a patch group

If your organization is using AWS Systems Manager to apply patches, it’s important to ensure and to monitor that systems that are being controlled by Patch Manager are meeting the organization’s baseline. The baseline defines what patches are approved to be applied to each system. The organization should, at regular intervals, check that the compliance level of each system under the System Manager’s management is meeting the compliance requirements that are defined by the Patch Manager baseline. You can log into Systems Manager to see the compliance level of each system that is being managed for patches.

Related Videos