Patching logs - SSM agent and hooks outputs

During patching AutoPatcher produces several outputs from:

  • SSM Agent at patched machines
  • hooks
  • host hooks

Outputs are stored to S3 buckets.

Output storage region

Logs storage location can be selected for AWS instances during customer onboarding.

Common buckets are located in the main AutoPatcher region - currently eu-central-1 (Frankfurt). Dedicated bucket location can be specified as any valid AWS region.

Hybrid machine outputs

SSM agent logs from hybrid instances (Azure, GCP, other non-AWS providers) and their host hooks outputs are stored only in common logs buckets.

EC2 service roles and policy templates

Each customer can have different setup for storing the patching logs. AutoPatcher provides an auto-generated policy and service role CloudFormation templates for AWS EC2 machines.

All generated permissions have minimum access rules needed for storing outputs to proper S3 buckets.

The full process of onboarding the customer AWS account is described here

To download CloudFormation templates navigate to NEW MACHINE page:

  1. Click on GET IAM POLICY FOR EC2 or GET IAM SERVICE ROLE button (a popup window with template preview will appear)
  2. Click DOWNLOAD TEMPLATE button

cloudformation-templates