50
AWS Organisations
25000
+AWS Accounts
60000
+EC2 Instances
10
Patching Solution
Client
A large energy company required a comprehensive AWS patching solution that would allow the owners of 2,500 AWS accounts across multiple AWS Organizations to efficiently view their EC2 instances’ patch statuses and schedule patching in bulk. The goal was to extend AWS Systems Manager (SSM) Patch Management to align with the company’s risk profile while providing comprehensive reporting and integration with existing enterprise tools.
Cloudignyte
Challenge
Centralized Patch Governance
Managing patch visibility and scheduling across thousands of AWS accounts within multiple AWS Organizations.
Custom
Risk
Reporting
Adapting SSM Patch status reporting to accommodate the company’s custom risk assessment criteria.
Automated Patch Orchestration
Automating patch scheduling for different workloads with minimal manual intervention.
ServiceNow-Integrated Tracking
Providingseamless integration with ServiceNow for incident tracking and compliance reporting.
Scalable, Cost-Efficient Design
Ensuring a scalable and cost-effective solution using native AWS services.
A Bespoke Approach
Solution
To meet the requirements, AWS native solutions were leveraged to enhance the existing SSM Patch Management capabilities:
Patch Visibility & Centralized Data Aggregation
AWS Systems Manager (SSM) Patch Manager was configured to align with the company’s risk profile.
A centralized logging account was utilized to aggregate multi-organizational patch compliance data.
AWS Glue & Athena were used to process and analyze patch compliance data across multiple accounts and organizations.
ASSM Automation for Patch Scheduling & Execution.
AWS Step Functions orchestrated automated workflows.
AWS Lambda handled scheduling logic and reconciliation reports.
API Gateway provided a centralized API endpoint for triggering patch jobs across multiple accounts and organisations.
EventBridge was used in conjunction with SSM Automation and Step Functions to provide real-time feedback to the ServiceNow UI.
ServiceNow integration allowed IT teams to track patching activities, incidents, and compliance requirements.
Amazon SNS & EventBridge ensured stakeholders received real-time notifications of patch status updates.
Results & Business Impact
- Centralized Patch Visibility – All AWS account owners could view real-time EC2 patch status across organizations.
- Automated & Risk-Based Patching – Patch scheduling aligned with corporate risk policies, reducing security exposure.
- Improved Compliance & Reporting – Automated dashboards and ServiceNow integration streamlined compliance tracking.
- Scalable & Cost-Effective – The solution leveraged AWS-native services, reducing operational overhead
conclusion