4

我目前正在玩弄 AWS,目的是拥有一个自动缩放的 Windows 系统。我有一个脚本,可以从 GIT 存储库中获取最新代码 - 但是我想知道人们如何处理 Windows 更新,因为 AMI 肯定必须定期更新最新的 Windows 更新(这是正确的吗? ?) 所以我很好奇人们如何升级 Windows,创建一个新的 AMI 以及多久创建一次?

谢谢

4

2 回答 2

1

您多久接受一次 Windows 更新以及此后进行多少测试是一个需要仔细考虑的问题,以考虑您的服务器的暴露程度和严重性。您对执行 Windows 更新风险的估计也相当可观。

您不必使用最新的软件更新预烘焙 AMI,包括系统 (OS) 软件。这是使用 PowerShell 模块运行 Windows 更新的一个很好解释的方法。

于 2014-09-03T13:18:28.327 回答
0

对文档使用 Systems Manager RunCommand 功能AWS-InstallWindowsUpdates。在下载、安装、重新启动并再次检查所有 Windows 更新之前,此循环不会完成。有关它包含的操作类型,请参见下面的日志

$InstanceId=?????
$runPSCommand=Send-SSMCommand -InstanceId @($instanceid) -DocumentName AWS-InstallWindowsUpdates -Comment 'Run Windows Updates whilst baking an AMI' -Parameter @{'Action'='Install'}

Write-Host "Waiting for Windows Updates to complete..."
do {
   Sleep -Seconds 10
   $CmdStatus = Get-SSMCommandInvocation -InstanceId $instanceid -CommandId $runPSCommand.CommandId
} Until ($CmdStatus.Status -eq "Success")
Write-Host "Windows Updates complete"

这是一些显示重新启动并重新检查是否有更多更新要安装的示例输出

04/10/2017 06:24:51 UTC | Info | Start of Install-AwsUwiWindowsUpdates
04/10/2017 06:24:51 UTC | Info | Searching for Windows Updates.
04/10/2017 06:27:10 UTC | Info | Found 4 available Windows Updates.
04/10/2017 06:27:10 UTC | Info | Update for Windows Server 2012 R2 (KB3052480)
04/10/2017 06:27:10 UTC | Info | Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2, 2016 x64 Edition - March 2017 (KB890830)
04/10/2017 06:27:10 UTC | Info | March, 2017 Security Monthly Quality Rollup for Windows Server 2012 R2 (KB4012216)
04/10/2017 06:27:10 UTC | Info | March, 2017 Preview of Monthly Quality Rollup for Windows Server 2012 R2 (KB4012219)
04/10/2017 06:27:10 UTC | Info | Downloading Windows Updates.
04/10/2017 06:27:35 UTC | Info | Successfully Downloaded: Update for Windows Server 2012 R2 (KB3052480)
04/10/2017 06:27:36 UTC | Info | Successfully Downloaded: Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2, 2016 x64 Edition - March 2017 (KB890830)
04/10/2017 06:28:32 UTC | Info | Successfully Downloaded: March, 2017 Security Monthly Quality Rollup for Windows Server 2012 R2 (KB4012216)
04/10/2017 06:29:34 UTC | Info | Successfully Downloaded: March, 2017 Preview of Monthly Quality Rollup for Windows Server 2012 R2 (KB4012219)
04/10/2017 06:29:34 UTC | Info | 4 Windows Updates will be installed.
04/10/2017 06:29:34 UTC | Info | Installed: Update for Windows Server 2012 R2 (KB3052480)
04/10/2017 06:30:15 UTC | Info | Installed: Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2, 2016 x64 Edition - March 2017 (KB890830)
04/10/2017 06:30:29 UTC | Info | Installed: March, 2017 Security Monthly Quality Rollup for Windows Server 2012 R2 (KB4012216)
04/10/2017 06:30:44 UTC | Info | Installed: March, 2017 Preview of Monthly Quality Rollup for Windows Server 2012 R2 (KB4012219)
04/10/2017 06:30:44 UTC | Info | Windows requires a reboot.  Sending reboot request to SSM Agent.
04/10/2017 06:33:44 UTC | Info | Start of Install-AwsUwiWindowsUpdates
04/10/2017 06:33:44 UTC | Info | Searching for Windows Updates.
04/10/2017 06:36:29 UTC | Info | Found 0 available Windows Updates.

您可以将其用作脚本的一部分来烘焙 AMI,或重新烘焙 AMI。

您也可以使用 -Target 而不是 -InstanceId,并使用标签指定过滤器以更新与过滤器匹配的所有实例。

于 2017-04-10T06:46:46.443 回答