Automation Artifacts for Patching Meltdown/Spectre¶
Rackspace has developed several Amazon Systems Manager documents to help automate patching and AMI generation tasks. For customers seeking to patch their instances or Auto-Scaling Groups against the January 2018 Meltdown and Spectre vulnerabilities, particularly useful documents are listed below. These can be leveraged as part of the process described in the Patching Guide for Amazon EC2 to patch vulnerable instances in place, or to generate patched AMIs from existing instances or AMIs.
Customers of Fanatical Support for AWS who consume our Aviator service offering can find these available as Systems Manager Shared Resources (in the AWS console, browse to EC2 –> Systems Manager Shared Resources –> Documents –> Private Documents and look for documents labeled with the owner ‘507897595701’).
Customers of Fanatical Support for AWS who consume our Navigator service offering can download these from the direct links below.
FAWS-MeltdownSpectre-PatchRunningWinLinuxEC2
Checks for presence of meltdown/spectre patch for Windows and Linux machines. Optionally apply patches also.
FAWS-MeltdownSpectre-PatchLinuxAMI
Creates new patched AMI (Spectre/Meltdown) from Linux source AMI
FAWS-MeltdownSpectre-PatchWindowsAMI
Creates new patched AMI (Spectre/Meltdown) from Windows source AMI
FAWS-MeltdownSpectre-PatchLinuxEC2toAMI
Creates new patched AMI (Spectre/Meltdown) from running EC2 instance
FAWS-MeltdownSpectre-PatchWindowsEC2toAMI
Creates new patched AMI (Spectre/Meltdown) from running Windows EC2 instance