BabuDEVUDU Posted November 6, 2024 Report Posted November 6, 2024 Anyone implemented Patching Automation of servers on AWS & On-prem (preferrably) or just AWS, I'm thinking to do a POC and want to take inputs from someone who gone this route before I start working on it. We are migrating from On-Prem to cloud (some portion will still remain in on-prem). Archi wants to use Hashicorp Packer, creating pipelines for AMIs creations etc, I'm looking into Systems Manager as with this, we can simply handle the entire Org's Patch Management with ease (at least from what I learnt so far). Else they wanted to use Packer for creating base AMIs that includes basic stuff like SSM agent, crowdstrike etc and share the Golden AMIs and patching of those AMIs to what ever teams that uses them to create AMIs in their respective AWS accounts (each team has their seperate AWS accounts). I want to see if instead of giving the teams the responsibility to create AMIs and patching, what if our team can take the entire responsibility of AMI provision and Patching (for configuration I'm looking at asnible playbooks document to integrate with SSM for app configurations and other complex deployments. Please help with providing your valuable insights Quote
kevinUsa Posted November 6, 2024 Report Posted November 6, 2024 HashiCorp Packer and Golden AMI Pipeline Quote
Kalam_Youtheman Posted November 6, 2024 Report Posted November 6, 2024 I did this 3 years ago using AWS SSM.. it was easy because all our machines were in AWS its simple run commands, schedules and all. AWS has pretty good documentation on it. Quote
Khali_ista Posted November 6, 2024 Report Posted November 6, 2024 @AWSCloudArchitect @aws_help @AWS Quote
maverick19 Posted November 6, 2024 Report Posted November 6, 2024 8 hours ago, BabuDEVUDU said: Anyone implemented Patching Automation of servers on AWS & On-prem (preferrably) or just AWS, I'm thinking to do a POC and want to take inputs from someone who gone this route before I start working on it. We are migrating from On-Prem to cloud (some portion will still remain in on-prem). Archi wants to use Hashicorp Packer, creating pipelines for AMIs creations etc, I'm looking into Systems Manager as with this, we can simply handle the entire Org's Patch Management with ease (at least from what I learnt so far). Else they wanted to use Packer for creating base AMIs that includes basic stuff like SSM agent, crowdstrike etc and share the Golden AMIs and patching of those AMIs to what ever teams that uses them to create AMIs in their respective AWS accounts (each team has their seperate AWS accounts). I want to see if instead of giving the teams the responsibility to create AMIs and patching, what if our team can take the entire responsibility of AMI provision and Patching (for configuration I'm looking at asnible playbooks document to integrate with SSM for app configurations and other complex deployments. Please help with providing your valuable insights I would say it is best to use packer to create base AMI and use that ami to create application images and deploy on regular basis. this is one time setup if the applications are immutable in nature. If applications are not immutable and hosts are static you have to do in place patching through SSM. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.