Patching instances using automation

In this section, we will be manually invoking the AWS-UpdateLinuxAmi automation document for patching our Linux instance and later creating a new AMI out of it:

1. To do this, first select the Automations option present under the Systems Manager Services section.
2. From the Automations dashboard, select the Run automation document option.
3. From the Document name field, select the AWS-UpdateLinuxAmi document and populate the required fields in the Input parameters section as described here:
   • SourceAmiId: Provide the source Amazon Machine Image ID from which the new instance will be deployed.
   • InstanceIamRole: Provide the IAM role name that enables Systems Manager to manage the instance. We created this role earlier during the start of this chapter as a part of SSM's prerequisites.
   • AutomationAssumeRole: Provide the ARN of the IAM role that allows automation to perform the actions on your behalf.
   • TargetAmiName: This will be the name of the new AMI created as a part of this automation document. The default is a system-generated string including the source AMI ID and the creation time and date.
   • InstanceType: Specify the instance type of instance to launch for the AMI creation process. By default, the t2.micro instance type is selected.
   • PreUpdateScript: You can additionally provide the URL of a script to run before any updates are applied. This is an optional field.
   • PostUpdateScript: Provide an optional post update script URL of a script to run after package updates are applied.
   • IncludePackages: Include specific packages to be updated. By default, all available updates are applied.
   • ExcludePackages: Provide names of specific packages that you wish to exclude from the updates list.

1. With the fields populated, simply select the Run automation option as shown in the following screenshot:

1. The automation document takes a couple of minutes to completely execute. You can verify the output of the execution using the Automations dashboard as well.
2. Simply select your automation job Execution ID to view the progress of each individual step as shown in the following screenshot. Optionally, you can verify the output of each step by selecting the adjoining View Outputs link as well:

With this completed, you can now run similar automation tasks by creating your own automation documents and executing them using the steps mentioned herein. But what if you wanted to trigger these steps based on some events or schedules? Well, that's exactly what we will look into in the next section, Triggering automation using CloudWatch schedules and events.