Systems Manager Maintenance
Utilizing the Systems Manager Maintenance Windows Feature
An important aspect of automation through AWS Systems Manager is utilizing the Maintenance Windows feature so that disruptive actions don’t impact your availability. AWS explains, “Each maintenance window has a schedule, a maximum duration, a set of registered targets, and a set of registered tasks…You can also specify dates that a maintenance window should not run before or after, and you can specify the international time zone on which to base the maintenance window schedule.” These maintenance windows can also be for other AWS services like S3 or KMS.
For more information, visit the AWS documentation on the AWS Systems Manager Maintenance Windows feature.
AWS Systems Manager allows you to execute automations such as patching of your EC2 instances. If you’re using AWS Systems Manager for patching of your EC2 instances, you should ensure that you have a maintenance window configured. This maintenance window will allow you to ensure you are applying patches on a defined period. This period should be no longer than 30 days to ensure critically-identified vulnerabilities are patched within an appropriate time frame. Systems Manager maintenance window should have a start time, it should have a time zone, and it should ensure that all instances that are in scope are patched appropriately.