Creates an S3 bucket with lifecycle (expiration) policy to hold output from scanning and patching tasks
Creates patch baselines for Windows and several linux flavors.
Set "Patch Group" = "cu-cit-cloud-team-patching" on instances which should use these patch baselines.
Creates Systems Manager Maintenance Windows, Tasks, etc. to implement a basic patching and patch scanning process.
The outputs of this template provides CLI commands that can be used to trigger out-of-cycle maintenance window tasks.
Creates Inspector configuration run inspector evaluations against targeted instances.
The output of this template provides a CLI command that can be used to trigger an out-of-cycle assessment run.
Creates Windows EC2 instances to test SSM documents and patch baselines.
NOTE Since initial launch of Windows instances take so long to do the initialization/patching, we want to delay the association that does the patching. So, the instances are launched with "Maitnance Group" = "test-windows-XXX". Change that to "test-windows" once CPUs settle down (~ 1 hr) to make the association with the SSM document. Then the SSM document will run for another round of patching.
After the association is successful, manually launch/run the Windows Inspector template defined in the this CloudFormation template.
Creates linux EC2 instances to test SSM documents and patch baselines.
After the association is successful, manually launch/run the linux Inspector templates defined in the this CloudFormation template.