contact

Patch Your S_it with Amazon Systems Manager

featured

Taking the 'right' risks and reaping the rewards

February 21, 2018
Are you taking the 'right' risks in your organisation - and therefore experiencing the rewards of these decisions? An opinion piece by Jenny Yang, Versent's Security Architect.
Read more

Meet the fastest growing Aussie tech firms

November 9, 2017
From the Fast Starters perspective - recognising start-ups which commenced trading after 1 July 2013 - cloud consultancy experts Versent led the way for the industry, placing 2nd with revenue at $26 million, and growth of 30 per cent.
Read more

Financial Review Fast Starters List 2017 - Versent #2

November 8, 2017
Versent's ranked #2 in this year's AFR Fast Starter Awards, and is on track to double revenue in 2017-18.
Read more

AWS, Microsoft, Versent to lead epic Perth-to-Broome bike ride for mental health

September 27, 2017
“Versent is a strong supporter of TourXOz, and the Black Dog Institute,” Coxon said. “Our shared vision of promoting mental health is why Versent is so passionate about this cause, and raising awareness and funds for an issue that affects so many Australians.”
Read more

2017’s top Victorian entrepreneurs revealed

August 11, 2017
The top Victorian entrepreneurs have taken home honors from the 2017 Entrepreneur of the Year™ Southern Region awards ceremony held last night in Melbourne. Seven finalists were chosen from an outstanding field of entrepreneurs to go through to the next round of the 2017 program.
Read more

Versent takes Google-owned Apigee's API solution to ANZ Bank

June 30, 2017
Melbourne-based IT consultant Versent has struck up a new partnership with Google-owned API specialist Apigee in a move it says will help businesses transform customer experiences and improve digital value chains, with one big client, ANZ Bank, already benefitting from the collaboration.
Read more

Survival tips in a digital economy

June 23, 2017
Consumer digital companies such as Airbnb, Uber and Netflix are changing the way consumers interact and behave. These disrupters are shaking up the marketplace and adapting and responding to customer needs far quicker than their enterprise counterparts. So as a business, if you’re not prepared to build for disruption, you’ll be left behind.
Read more

Consulting partner Versent wins big at the AWS Partner Summit

April 5, 2017
Operating as a cloud partner since 2014, Versent advanced through the Amazon Web Services (AWS) ranks to achieve Advanced Partner status in 2016 and in April was recognised as the AWS Consulting Partner of the Year 2017.
Read more

Service NSW goes digital with CA Technologies API management

January 11, 2017
Melbourne-based IT consultancy Versent has delivered CA Technologies' API management solution to Service NSW, allowing the agency to perform half of its transactions digitally.
Read more

BRW Fast Starters 2016

November 17, 2016
Versent in 7th place on BRW's Fast Starters 2016. Explore the 2016 edition of the BRW Fast Starters list, featuring the 100 fastest growing startup businesses in Australia.
Read more

NAB spinout IT consultant, Versent, makes big product bet on AWS

October 12, 2016
An IT consultancy founded by former National Australia Bank technology executives has made a $3 million bet that Amazon Web Services will remain the most popular cloud infrastructure service.
Read more

​The Hot List - Australia's leading born-in-the-cloud partners

August 17, 2016
ARN examines the companies that have risen to prominence already or are progressing beyond their start-up origins.
Read more

NSW Transport awards $1.8m online open data hub contract

February 11, 2016
The New South Wales government has awarded AU$1.8 million to Melbourne-based Versent to build a new online open data hub for the state's transport department.
Read more

most recent

Four brains, one idea

In 2014, it all came together: A unique approach to business technology services and the desire to shake up an industry that was losing its way.

We do things differently

We like to keep things simple. Transforming infrastructure services to perform effectively in the cloud with an automated, disciplined methodology. Never compromising on quality.

How do we do it?

Again, it’s simple. A structured approach to consulting, managed services and development. A wealth of expertise in the enterprise space. And a business model driven by innovation and integrity.
MARK WOLFE
Practice Director for Cloud
We’ve all seen it happen. You read about a security breach almost every other week and you think that it won’t happen to you… until it does. Here’s how Amazon Systems Manager (SSM) can help you patch your s_it and avoid being exposed.
May 25, 2018
You can patch your EC2 systems and run SSM in a few easy steps.

But first, why should you use SSM?
  1. It’s a fully managed service
  2. It’s integrated with IAM and Cloudtrail provides access control and auditing.
  3. It provides hooks to Lambda enabling integration with incident management solutions such as JIRA or Service Now.
  4. There is no cost to the customer.
SSM provides a range of helpful features, but today, we are going to focus on State Manager, which is a sub component of SSM, simple to use and enables you to patch hosts in AWS.

To get started with State Manager you need to do the following:

For Redhat Enterprise Linux (RHEL) users start at Step 1. For those using Amazon Linux or Windows, step 1 has already been done by Amazon so start at Step 2.

Step 1)  
You need to install the agent as per Manually Install SSM Agent on RHEL Linux Instances.
Step 2)  Configure your EC2 host with an IAM instanceprofile as per Create an Instance Profile for Systems Manager.
Step 3)  
Deploy the following cloudformation template to configure State Manager.
Description: This deploys SSM State Manager which updates SSM agent/patch baseline based on tags.
Resources:    
    PatchBaselineScan:         
        Type: "AWS::SSM::Association"
            Properties:
                AssociationName: PatchBaselineScan
                Name: AWS-RunPatchBaseline
                Parameters:
                    Operation:
                        - "Scan"
                    ScheduleExpression: rate(30 minutes)
                    Targets:
                        - Key: "tag:PatchBaseline"
                         Values:
                              - "scan"

    PatchBaselineInstall:
        Type: "AWS::SSM::Association"
        Properties:
            AssociationName: PatchBaselineInstall
            Name: AWS-RunPatchBaseline
            Parameters:
                Operation:
                    - "Install"
                ScheduleExpression: rate(30 minutes)
                Targets:
                    - Key: "tag:PatchBaseline"
                      Values:
                          
- "install"

    UpdateSSMAgent:
        Type: "AWS::SSM::Association"
        Properties:
            AssociationName: UpdateSSMAgent
            Name: AWS-UpdateSSMAgent
            Parameters:
                allowDowngrade:
                    - "false"
                ScheduleExpression: rate(30 minutes)
                Targets:
                    - Key: "tag:UpdateSSMAgent"
                      Values:
                          
- "true"
Note: To use the SSM service your EC2 Instances will need access to the internet, either via NAT a using a proxy server.

Once you have followed these steps you should see some EC2 Instances appear in the inbuilt inventory as per the diagram below.
EC2 Managed Instances

At Versent, our preference is to opt-in using tags on our EC2 Instances which tell State Manager to patch these hosts.
Tag Value Description
PatchBaseline scan or install Hosts with this tag will have their patches checked and applied if the value is install
UpdateSSMAgent true Enable automated upgrades of the SSM agent on these EC2 Instances
Once you have applied some tags to your EC2 Instances, this is what you should see.
EC2 SSM Tags Assigned to Instance

If you have followed these steps correctly, after a short delay (up to 30 minutes) you should see your EC2 Instances are now patched and compliant.
EC2 Inventory

Note:
Based on the default baselines, patches for Windows and RHEL have an approval rule applied which holds back patches for 7 days, which is recommended by Amazon. Custom baselines with their own approval rules can be implemented if you have existing policies.

Systems Manager makes patching your systems simple and is provided FREE by Amazon.

If you need help implementing AWS SSM, or just want to have a chat about patching your S_it, drop us a line info@versent.com.au.

Further reading for those interested:
  1. Enable SSM for on premise servers to enable assessment prior to migration.
  2. Add SSM associations to deploy and run Amazon Inspector.
  3. Configure Guardduty to provide insights into external/internal threats to your EC2 hosts.
Mark ‘Wolfie’ Wolfe is the Practice Director for Cloud at Versent in Melbourne. He has worked in operations and development on the AWS cloud platform for five years. His expansive career has seen him wear the hat of CTO, developer, DBA and network engineer in a range of consulting and start-up companies. When he’s not building applications in or on AWS, you can probably find him working on his endless self-driving car project or riding his mountain bike out in the Dandenongs.

contact

Thank you! Your submission has been received!

Apologies, something went wrong while submitting the form. Please try again.

mel

Melbourne, Victoria, Australia
Level 5, 145 Russell Street Melbourne VIC 3000

syd

Sydney, NSW, Australia
Level 6, 6 O'Connell St, Sydney NSW 2000

bNE

Brisbane, Queensland, Australia

SG

Singapore, Singapore

PER

Perth, WA, Australia
191 St Georges Tce, Perth, WA, 6000
melbourne
SYDney
brisbane
singapore
PERTH