Auto-sync: 2026-04-28 20:03
This commit is contained in:
26
wiki/concepts/SSM-Patching.md
Normal file
26
wiki/concepts/SSM-Patching.md
Normal file
@@ -0,0 +1,26 @@
|
||||
---
|
||||
title: "SSM Patching"
|
||||
type: concept
|
||||
tags: ["AWS", "Patch-Management", "SSM", "Security"]
|
||||
sources: ["learning-sessions-standard-amis-updates-20231205-160324-meeting-recording-2"]
|
||||
last_updated: 2026-05-08
|
||||
---
|
||||
|
||||
## Definition
|
||||
SSM Patching(SSM 补丁管理)是 AWS Systems Manager 提供的自动化补丁管理功能,通过补丁基准(Patch Baseline)和维护窗口(Maintenance Window)为长期运行的 EC2 实例按需打补丁,作为 AMI 刷新策略的补充方案。
|
||||
|
||||
## Problem Solved
|
||||
- **长期运行实例**:无法频繁重建和刷新 AMI
|
||||
- **安全合规**:需要持续应用安全补丁
|
||||
- **手动打补丁**:耗时且易出错
|
||||
|
||||
## Key Components
|
||||
- **Patch Baseline**:定义补丁审批规则(批准/拒绝)
|
||||
- **Patch Group**:按标签分组的实例集合
|
||||
- **Maintenance Window**:定义打补丁的时间窗口
|
||||
- **SSM Automation Document**:自动化补丁安装流程
|
||||
|
||||
## Connections
|
||||
- [[AWS-SSM]] — SSM Patching 是 AWS Systems Manager 的功能之一
|
||||
- [[Amazon-Machine-Image]] — SSM Patching 补充而非替代 AMI 刷新
|
||||
- [[AWS-Landing-Zone]] — SSM Patching 是 LZ 运维自动化的组成部分
|
||||
Reference in New Issue
Block a user