Jump to content

AWS Systems Manager for Patching Automation on Hybrid Cloud


BabuDEVUDU

Recommended Posts

Anyone implemented Patching Automation of servers on AWS & On-prem (preferrably) or just AWS, I'm thinking to do a POC and want to take inputs from someone who gone this route before I start working on it. We are migrating from On-Prem to cloud (some portion will still remain in on-prem). Archi wants to use Hashicorp Packer, creating pipelines for AMIs creations etc, I'm looking into Systems Manager as with this, we can simply handle the entire Org's Patch Management with ease (at least from what I learnt so far). Else they wanted to use Packer for creating base AMIs that includes basic stuff like SSM agent, crowdstrike etc and share the Golden AMIs and patching of those AMIs to what ever teams that uses them to create AMIs in their respective AWS accounts (each team has their seperate AWS accounts). I want to see if instead of giving the teams the responsibility to create AMIs and patching, what if our team can take the entire responsibility of AMI provision and Patching (for configuration I'm looking at asnible playbooks document to integrate with SSM for app configurations and other complex deployments. Please help with providing your valuable insights

Link to comment
Share on other sites

I did this 3 years ago using AWS SSM.. it was easy because all our machines were in AWS
its simple run commands, schedules and all. AWS has pretty good documentation on it. 

Link to comment
Share on other sites

8 hours ago, BabuDEVUDU said:

Anyone implemented Patching Automation of servers on AWS & On-prem (preferrably) or just AWS, I'm thinking to do a POC and want to take inputs from someone who gone this route before I start working on it. We are migrating from On-Prem to cloud (some portion will still remain in on-prem). Archi wants to use Hashicorp Packer, creating pipelines for AMIs creations etc, I'm looking into Systems Manager as with this, we can simply handle the entire Org's Patch Management with ease (at least from what I learnt so far). Else they wanted to use Packer for creating base AMIs that includes basic stuff like SSM agent, crowdstrike etc and share the Golden AMIs and patching of those AMIs to what ever teams that uses them to create AMIs in their respective AWS accounts (each team has their seperate AWS accounts). I want to see if instead of giving the teams the responsibility to create AMIs and patching, what if our team can take the entire responsibility of AMI provision and Patching (for configuration I'm looking at asnible playbooks document to integrate with SSM for app configurations and other complex deployments. Please help with providing your valuable insights

I would say it is best to use packer to create  base AMI and use that ami to create application images and deploy on  regular basis. this is one time setup if the applications are immutable in nature. If applications are not immutable and hosts are static you have to do in place patching through SSM. 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...