How to switch back after applying a patch in Patch Manager
Share Everywhere
Action plan:
1. Install patches using the AWS-RunPatchBaseline SSM document. If you encounter any issues, manually uninstall the patch from the OS.
2. Prior to patching, create an EBS snapshot[2] of the instance’s root volume. After patching, if any issues occur you can swap to the snapshot
taken prior to patching.
3. Automate the process using the AWS-PatchInstanceWithRollback[3] SSM document which will create an EBS snapshot before patching, apply patches, and then rollback to the snapshot if any errors occur or compliance check fails.(fully automated process for your use case)
4. Automate EBS snapshot and AMI management using Amazon Data Lifecycle Manager[4] to ensure you always have a snapshot and AMI available to rollback to if an issue arises after patching.
References:
[1] — About the AWS-RunPatchBaseline SSM document: https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-about-aws-runpatchbaseline.html
[2] — Amazon EBS snapshots: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html
[3] — AWS-PatchInstanceWithRollback: https://docs.aws.amazon.com/systems-manager-automation-runbooks/latest/userguide/automation-aws-patchinstancewithrollback.html
[4] — Automating Amazon EBS snapshot and AMI management using Amazon DLM: https://aws.amazon.com/blogs/storage/automating-amazon-ebs-snapshot-and-ami-management-using-amazon-dlm/
