Automation Artifacts for Patching Meltdown/Spectre

Rackspace has developed several Amazon Systems Manager documents to help automate patching and AMI generation tasks. For customers seeking to patch their instances or Auto-Scaling Groups against the January 2018 Meltdown and Spectre vulnerabilities, particularly useful documents are listed below. These can be leveraged as part of the process described in the Patching Guide for Amazon EC2 to patch vulnerable instances in place, or to generate patched AMIs from existing instances or AMIs.

Customers of Fanatical Support for AWS who consume our Aviator service offering can find these available as Systems Manager Shared Resources (in the AWS console, browse to EC2 –> Systems Manager Shared Resources –> Documents –> Private Documents and look for documents labeled with the owner ‘507897595701’).

Customers of Fanatical Support for AWS who consume our Navigator service offering can download these from the direct links below.

1. FAWS-MeltdownSpectre-PatchRunningWinLinuxEC2

   • Checks for presence of meltdown/spectre patch for Windows and Linux machines. Optionally apply patches also.

2. FAWS-MeltdownSpectre-PatchLinuxAMI

   • Creates new patched AMI (Spectre/Meltdown) from Linux source AMI

3. FAWS-MeltdownSpectre-PatchWindowsAMI

   • Creates new patched AMI (Spectre/Meltdown) from Windows source AMI

4. FAWS-MeltdownSpectre-PatchLinuxEC2toAMI

   • Creates new patched AMI (Spectre/Meltdown) from running EC2 instance

5. FAWS-MeltdownSpectre-PatchWindowsEC2toAMI

   • Creates new patched AMI (Spectre/Meltdown) from running Windows EC2 instance