PatchBaseline

PatchBaseline is a configuration used by AWS Systems Manager Patch Manager to define which operating system patches are approved for installation on managed instances, and which patches are blocked. Baselines are defined per operating system (for example Windows, Amazon Linux, Amazon Linux 2, Ubuntu, Red Hat, SUSE) and can be either AWS-maintained defaults or customer created.

A patch baseline specifies several elements. Approved patches determine which patches may be installed, and can

How it works in practice: after an instance is configured as a managed instance with the SSM

Why it matters: Patch Baselines enforce consistent patching across fleets, help meet security and compliance requirements,