Patching Automation

This section documents the Terraform modules that orchestrate automated patch management and controlled instance shutdown/startup workflows.

Modules Covered

• cloudwatch_event_rule
• cloudwatch_event_target
• lambda_function
• resourcegroups_group
• ssm_maintenance_window
• ssm_maintenance_window_target
• ssm_maintenance_window_task
• ssm_parameter
• ssm_patch_baseline
• ssm_patch_group
• ssm_runbooks

Pilot Light Automation

• Manage the “pilot light” state of Epic Client Systems servers
• Stop/Start of EC2 instances based on defined schedules via EventBridge Rules.
• Manages the warm standby state where minimal resources are kept running

Windows Update Automation

• Orchestrates the Windows patching process across the Epic Client Systems servers.
• Components work together to:
  • Schedule and deploy Windows Updates using Patch Manager
  • Manage maintenance windows for update installation.
  • Supports patch compliance reporting
  • Manages patch baselines and approval rules
  • Handles rollback procedures if updates fail