Quite simply, this provides a method of automating the management of patch updates across your fleet of EC2 instances. This is a great way to push out a newly released patch that protects you from new vulnerabilities across your whole fleet with a few clicks. It also has the ability to scan your instances to see which patches are missing, and if configured to do so, it will update any missing patches for you.
Before you use Patch Manager, ensure that you meet all the prerequisites of using Systems Manager found at https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-prereqs.html.
There are four key points to Patch Manager, as highlighted by the AWS Systems Manager Patch console:
So, let's take a look at each of these in turn.