0

我正在 CloudFormation 中创建 Systems Manager 补丁基准,以自动为我的 Windows EC2 实例应用操作系统更新:

  Windows2016PatchBaseline:
    Type: AWS::SSM::PatchBaseline
    Properties:
      Name: Windows2016PatchBaseline
      Description: Baseline containing all updates approved for Windows 2016 instances
      OperatingSystem: WINDOWS
      PatchGroups:
      - Windows Server 2016 Base   
      ApprovalRules:
        PatchRules:
        - PatchFilterGroup:
            PatchFilters:
            - Values:
              - Critical
              - Important
              - Moderate
              Key: MSRC_SEVERITY
            - Values:
              - SecurityUpdates
              - CriticalUpdates
              Key: CLASSIFICATION
            - Values:
              - WindowsServer2016
              Key: PRODUCT
          ApproveAfterDays: 7
          ComplianceLevel: CRITICAL

但是,我可以看到有一个预定义的基线可以完成大部分配置。我想使用这个预定义的基线而不是创建自己的基线,但我在 CloudFormation 的AWS::SSM::PatchBaseline.

以前有没有人这样做过,或者它可能只能通过控制台获得?

4

1 回答 1

1

这是您要查找的内容:

  MaintenanceWindowRunCommandTask:
    Type: 'AWS::SSM::MaintenanceWindowTask'
    Properties:
      WindowId: !Ref MaintenanceWindow
      Targets:
        - Key: WindowTargetIds
          Values:
            - !Ref MaintenanceWindowTarget
      TaskArn: AWS-RunPatchBaseline
      TaskType: RUN_COMMAND
      TaskInvocationParameters:
        MaintenanceWindowRunCommandParameters:
          DocumentHash: 945ae15356b0f6ba7bce2a738101b8822cedef3bf5c027abc3bb9023aaec8b1b
          DocumentHashType: Sha256
          NotificationConfig:
            NotificationArn: !Ref MaintenanceTargetSNSARN
            NotificationEvents: 
              - All
            NotificationType: Command
          OutputS3BucketName: !Ref MaintenanceRunCommandS3Bucket
          OutputS3KeyPrefix: !Ref MaintenanceRunCommandS3BucketPrefix

看看我在这里的 SystemsManager 模板:https ://github.com/Talderon/AWS_CloudFormation/tree/master/SystemsManager

查看我的 repo 中的 WIKI 页面,因为我也记录了那里的所有内容。

于 2019-10-25T21:27:03.147 回答