To manage Auto Scaling group instances that have OS vulnerabilities, the SysOps administrator needs an automated patching solution.
Options:
A.
Use AWS Systems Manager Patch Manager to patch the instances during a scheduled maintenance window. In the AWS-RunPatchBaseline document, ensure that the RebootOption parameter is set to RebootIfNeeded.
B.
Use EC2 Image Builder pipelines on a schedule to create new Amazon Machine Images (AMIs) and new launch templates that reference the new AMIs. Use the instance refresh feature for EC2 Auto Scaling to replace instances.
C.
Use AWS Config to scan for operating system vulnerabilities and to patch instances when the instance status changes to NON_COMPLIANT. Send an Amazon Simple Notification Service (Amazon SNS) notification to an operations team to reboot the instances during off-peak hours.
D.
In the Auto Scaling launch template, provide an Amazon Machine Image (AMI) ID for an AWS-provided base image. Update the user data with a shell script to download and install patches.
Using AWS Systems Manager Patch Manager with a maintenance window is a best practice for automating OS patch management across instances in an Auto Scaling group.
Patch Manager: Allows for scheduled patching according to maintenance windows, ensuring minimal impact on application uptime.
RebootOption parameter: Setting this to RebootIfNeeded ensures patches are applied fully when a reboot is required.
AWS-RunPatchBaseline: This document automates the patching process and can be customized based on compliance requirements.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit