View a markdown version of this page

修補 - 標記 AWS 資源的最佳實務

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

修補

組織可以使用 AWS Systems Manager Patch Manager 和 自動化其針對可變運算環境的修補策略,並使可變執行個體與該應用程式環境定義的修補基準保持一致 AWS Lambda。在這些環境中可變執行個體的標記策略可以透過將上述執行個體指派給修補程式群組和維護 Windows 來進行管理。請參閱下列開發 → 測試 → 生產分割的範例。 AWS 規範指引可用於可變執行個體的修補程式管理。

表 10 - 操作標籤可以是環境特定的

開發 安裝 生產 
{
"Tags": [
{
"Key": "Maintenance Window",
"ResourceId": "i-012345678ab9ab111",
"ResourceType": "instance",
"Value": "cron(30 23 ? * TUE#1 *)"
},
{
"Key": "Name",
"ResourceId": "i-012345678ab9ab222",
"ResourceType": "instance",
"Value": "WEBAPP"
},
{
"Key": "Patch Group",
"ResourceId": "i-012345678ab9ab333",
"ResourceType": "instance",
"Value": "WEBAPP-DEV-AL2"
}
]
}

{
"Tags": [
{
"Key": "Maintenance Window",
"ResourceId": "i-012345678ab9ab444",
"ResourceType": "instance",
"Value": "cron(30 23 ? * TUE#2 *)"
},
{
"Key": "Name",
"ResourceId": "i-012345678ab9ab555",
"ResourceType": "instance",
"Value": "WEBAPP"
},
{
"Key": "Patch Group",
"ResourceId": "i-012345678ab9ab666",
"ResourceType": "instance",
"Value": "WEBAPP-TEST-AL2"
}
]
}

{
"Tags": [
{
"Key": "Maintenance Window",
"ResourceId": "i-012345678ab9ab777",
"ResourceType": "instance",
"Value": "cron(30 23 ? * TUE#3 *)"
},
{
"Key": "Name",
"ResourceId": "i-012345678ab9ab888",
"ResourceType": "instance",
"Value": "WEBAPP"
},
{
"Key": "Patch Group",
"ResourceId": "i-012345678ab9ab999",
"ResourceType": "instance",
"Value": "WEBAPP-PROD-AL2"
}
]
}

零時差漏洞也可以透過定義標籤來補充修補策略來管理。如需詳細指引,請參閱使用 AWS Systems Manager 避免具有同日安全修補的零時差漏洞