本文属于机器翻译版本。若本译文内容与英语原文存在差异，则一律以英文原文为准。 # 修补通过使用 AWS Systems Manager Patch Manager 和 AWS Lambda，组织可以自动执行针对可变计算环境的修补策略，并使可变实例与该应用环境中定义的补丁基准保持一致。通过将上述实例分配到**补丁组**和**维护**窗口，可以管理这些环境中可变实例的标记策略。有关开发 → 测试 → 生产拆分，请参阅以下示例。[可变实例的补丁管理](https://docs.aws.amazon.com/prescriptive-guidance/latest/patch-management-hybrid-cloud/welcome.html)有 AWS 规范性指导。 *表 10 — 操作标签可能因环境而异* | 开发 | 生产前调试 | 生产 | | --- | --- | --- | |

{
"Tags": [
{
"Key": "Maintenance Window",
"ResourceId": "i-012345678ab9ab111",
"ResourceType": "instance",
"Value": "cron(30 23 ? * TUE#1 *)"
},
{
"Key": "Name",
"ResourceId": "i-012345678ab9ab222",
"ResourceType": "instance",
"Value": "WEBAPP"
},
{
"Key": "Patch Group",
"ResourceId": "i-012345678ab9ab333",
"ResourceType": "instance",
"Value": "WEBAPP-DEV-AL2"
}
]
}

{
"Tags": [
{
"Key": "Maintenance Window",
"ResourceId": "i-012345678ab9ab444",
"ResourceType": "instance",
"Value": "cron(30 23 ? * TUE#2 *)"
},
{
"Key": "Name",
"ResourceId": "i-012345678ab9ab555",
"ResourceType": "instance",
"Value": "WEBAPP"
},
{
"Key": "Patch Group",
"ResourceId": "i-012345678ab9ab666",
"ResourceType": "instance",
"Value": "WEBAPP-TEST-AL2"
}
]
}

{
"Tags": [
{
"Key": "Maintenance Window",
"ResourceId": "i-012345678ab9ab777",
"ResourceType": "instance",
"Value": "cron(30 23 ? * TUE#3 *)"
},
{
"Key": "Name",
"ResourceId": "i-012345678ab9ab888",
"ResourceType": "instance",
"Value": "WEBAPP"
},
{
"Key": "Patch Group",
"ResourceId": "i-012345678ab9ab999",
"ResourceType": "instance",
"Value": "WEBAPP-PROD-AL2"
}
]
}

| 也可以通过定义标签来管理未修补漏洞，以补充修补策略。有关详细指导，请参阅使用 [S AWS ystems Manager 进行当天安全修补以避免未修补漏洞](https://aws.amazon.com/blogs/mt/avoid-zero-day-vulnerabilities-same-day-security-patching-aws-systems-manager/)。