Stop Worrying About EC2 Patching – Automate It Like a Pro!

Introduction

Let's be real—manually patching EC2 instances is about as fun as debugging a production outage on a Friday night. If you've ever had to SSH into dozens of instances just to run yum update -y or apt upgrade, you know the pain is real. But what if I told you there's a better way?

AWS Systems Manager (SSM) Quick Setup and Custom Documents can automate this process, ensuring your Linux EC2 instances stay up to date without manual intervention. In this blog, I’ll walk you through setting up automated OS patching using AWS SSM and a custom document for package updates. Let's dive in!

Step 1: Setting Up AWS SSM Quick Setup for OS Patching

AWS SSM Quick Setup provides a hassle-free way to manage patching at scale. Here’s how you can set it up:

1. Go to the AWS Console and navigate to Systems Manager > Quick Setup.
2. Click Create and choose Host Management.
3. Select AWS-DefaultPatchBaseline under Patch Manager.
4. Choose a schedule for automatic patching (e.g., weekly, daily).
5. Ensure that SSM Agent is installed and running on all instances (it’s pre-installed on Amazon Linux, Ubuntu, and Windows Server AMIs).
6. Click Create, and you're done! 🎉

With this setup, AWS will handle OS patching on a schedule, reducing the risk of security vulnerabilities without you lifting a finger.

Step 2: Creating a Custom SSM Document for Linux Package Updates

While AWS Patch Manager covers OS updates, you might also want to update all installed packages (think security patches, bug fixes, and new features). Let’s create a custom SSM document to handle this:

1. Create an SSM Document

Go to AWS Systems Manager > Documents and click Create Document.

Use the following JSON as the document content:

{
  "schemaVersion": "2.2",
  "description": "Update all packages on a Linux instance",
  "mainSteps": [
    {
      "action": "aws:runShellScript",
      "name": "updatePackages",
      "inputs": {
        "runCommand": [
          "sudo yum update -y || sudo apt update -y"
        ]
      }
    }
  ]
}

Save this document as Update-Linux-Packages.

2. Execute the Document on EC2 Instances

1. Navigate to AWS Systems Manager > Run Command.
2. Click Run a Command.
3. Select the newly created Update-Linux-Packages document.
4. Choose the target instances.
5. Click Run.

Boom! Your instances will now update all installed packages automatically.

Step 3: Scheduling the Custom Patching Document

Why run this manually when we can automate it? 🤖 Let’s schedule it using AWS Systems Manager State Manager:

1. Go to AWS Systems Manager > State Manager.
2. Click Create Association.
3. Choose the Update-Linux-Packages document.
4. Select target instances.
5. Set a schedule (e.g., every Sunday at midnight).
6. Click Create Association.

And that's it! You’ve now automated EC2 package updates without having to log in ever again. 🏆

Conclusion

With AWS SSM Quick Setup and a custom document, you can automate OS patching and package updates across your EC2 instances like a pro. No more SSHing into instances or dealing with outdated software vulnerabilities. Set it up once, sit back, and let AWS do the work for you!

Got any cool automation tricks for AWS EC2? Drop them in the comments below! 🚀