Vendor services misconfigurations

Ec2 Systems Manager(SSM) non compliant – patch

Risk Level

Informational (4)

Platform(s)

Description

Systems Manager is an AWS service that you can use to view and control your AWS infrastructure as well as maintain security and compliance. Systems Manager Patch Manager is a service that automatically updates security patches on assets managed by it. This control determines whether the Amazon EC2 Systems Manager patch compliance status is COMPLIANT or NON COMPLIANT after the patch is installed on the instance. It only examines instances that are managed by Systems Manager Patch Manager. The asset {AwsEc2Instance} ({AwsEc2Instance.InstanceId}) is not compliant with patching requirements and its status is: NON_COMPLIANT, in this case the asset is not updated with the right security patches
  • Recommended Mitigation

    It is recommended to consider to update patching requirements for instance - ({AwsEc2Instance.InstanceProfile}) by Systems Manager's Patch Manager or manually.