Applying kernel live patches using Run Command
To apply kernel live patches, you can either run yum
commands on your
managed nodes or use Run Command and the SSM document
AWS-RunPatchBaseline
.
For information about applying kernel live patches by running yum
commands directly on the managed node, see Apply kernel live patches in the
Amazon EC2 User Guide.
To apply kernel live patches using Run Command (console)
Open the AWS Systems Manager console at https://console.aws.amazon.com/systems-manager/
. In the navigation pane, choose Run Command.
-
Choose Run command.
-
In the Command document list, choose the SSM document
AWS-RunPatchBaseline
. -
In the Command parameters section, do one of the following:
-
If you're checking whether new kernel live patches are available, for Operation, choose
Scan
. For Reboot Option, if don't want your managed nodes to reboot after this operation, chooseNoReboot
. After the operation is complete, you can check for new patches and compliance status in Compliance. -
If you checked patch compliance already and are ready to apply available kernel live patches, for Operation, choose
Install
. For Reboot Option, if you don't want your managed nodes to reboot after this operation, chooseNoReboot
.
-
-
For information about working with the remaining controls on this page, see Running commands from the console.
-
Choose Run.
To apply kernel live patches using Run Command (AWS CLI)
-
To perform a
Scan
operation before checking your results in Compliance, run the following command from your local machine.For information about other options you can use in the command, see send-command in the AWS CLI Command Reference.
-
To perform an
Install
operation after checking your results in Compliance, run the following command from your local machine.
In both of the preceding commands, replace instance-id
with the ID of the Amazon Linux 2 managed node on which you want to apply kernel live
patches, such as i-02573cafcfEXAMPLE. To turn on the feature on multiple managed nodes,
you can use either of the following formats.
-
--targets "Key=instanceids,Values=
instance-id1
,instance-id2
" -
--targets "Key=tag:
tag-key
,Values=tag-value
"
For information about other options you can use in these commands, see send-command in the AWS CLI Command Reference.