Skip to main content
Room Banner
Back to all walkthroughs
Room Icon

The Unpatched Instance

Max room.

Patch debt accumulates silently. Learn to find, fix, and prevent it using Systems Manager.

medium

45 min

1

User profile photo.
User profile photo.

To access material, start machines and answer questions login.

An engineer launches an instance from a two-year-old . It runs fine, serves its purpose, and nobody thinks about it again. No maintenance window is configured. No patching schedule is in place.

In , patching problems are rarely due to tooling issues. Systems Manager Patch Manager, Run Command, and the ability to create golden AMIs exist precisely so patching can be repeatable, auditable, and baked into every deployment. The catch is that someone has to build the process, and in many environments, nobody does.

Learning Objectives

By the end of this room, you will be able to:

  • Understand how patch debt accumulates on long-running instances
  • Identify an instance's current patch state using Systems Manager Patch Manager
  • Run a patch install operation using the -RunPatchBaseline document
  • Verify that the patch workflow completed successfully
  • Create a custom patch baseline to codify a repeatable patching policy
  • Build a patched golden as a hardened baseline for future deployments

Prerequisites

Answer the questions below

The known vulnerability has a published fix.