patching ec2 instances with ssm

[tdub...@gmail.com]

any idea how I can patch ec2 windows instances with ssm with terraform tf script?

I can setup the ec2 instance with this

variable "instance_count" {
default = "1"
}

provider "aws" {
region = "us-west-1"
}
resource "aws_instance" "example" {
ami = "ami-0b7c10374cfb013e6"
count = "${var.instance_count}"
instance_type = "t2.micro"
key_name = "t2micro-1"
security_groups = ["${aws_security_group.allow_rdp.name}"]
tags = { Name = "test-${count.index}"
}
}

resource "aws_security_group" "allow_rdp" {
name = "allow_rdp"
description = "Allow rdp traffic"


ingress {

from_port = 3389
# By default, the windows server listens on TCP port 3389 for RDP
to_port = 3389
protocol = "tcp"

cidr_blocks = [
"0.0.0.0/0"]
}
}

but I want to patch it to the latest security updates also

[tdub...@gmail.com]

any idea on this?

[Lucas Possamai]

You can use AWS SSM Patch Baseline for that. 

[Sam Flint]

You would use https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_patch_baseline to patch the AMI.  Makes sure to tag the AMI correctly. Then can use a ami filter in terraform to pull the correct patched version.    Then you could have these run together to perform a patch.

Sam Flint | Director of Solutions

W: +‪1.540.467.0172

website | twitter | linkedIn | Facebook

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/CAE_gQfU1LiLqY_tED8s4bCQKFj-BaxjzVej0Zqk5Bjxw7c7uDw%40mail.gmail.com.