27 lines
1.1 KiB
Markdown
27 lines
1.1 KiB
Markdown
---
|
||
title: "SSM Patching"
|
||
type: concept
|
||
tags: ["AWS", "Patch-Management", "SSM", "Security"]
|
||
sources: ["learning-sessions-standard-amis-updates-20231205-160324-meeting-recording-2"]
|
||
last_updated: 2026-05-08
|
||
---
|
||
|
||
## Definition
|
||
SSM Patching(SSM 补丁管理)是 AWS Systems Manager 提供的自动化补丁管理功能,通过补丁基准(Patch Baseline)和维护窗口(Maintenance Window)为长期运行的 EC2 实例按需打补丁,作为 AMI 刷新策略的补充方案。
|
||
|
||
## Problem Solved
|
||
- **长期运行实例**:无法频繁重建和刷新 AMI
|
||
- **安全合规**:需要持续应用安全补丁
|
||
- **手动打补丁**:耗时且易出错
|
||
|
||
## Key Components
|
||
- **Patch Baseline**:定义补丁审批规则(批准/拒绝)
|
||
- **Patch Group**:按标签分组的实例集合
|
||
- **Maintenance Window**:定义打补丁的时间窗口
|
||
- **SSM Automation Document**:自动化补丁安装流程
|
||
|
||
## Connections
|
||
- [[AWS-SSM]] — SSM Patching 是 AWS Systems Manager 的功能之一
|
||
- [[Amazon-Machine-Image]] — SSM Patching 补充而非替代 AMI 刷新
|
||
- [[AWS-Landing-Zone]] — SSM Patching 是 LZ 运维自动化的组成部分
|