1. Sign in to the AWS Management Console: Go to https://aws.amazon.com/ and sign in to your AWS account.
2. Navigate to AWS Systems Manager: In the AWS Management Console, search for “Systems Manager” in the search bar at the top and click on the “Systems Manager” service.
3. Select Managed Instances: In the Systems Manager console, under the “Node Management” section on the left-hand side, click on “Managed Instances”.
4. Check Compliance Status: In the Managed Instances dashboard, you will see a list of all your managed instances. Look for the instance that has a status of “Non-Compliant” or “Unknown” under the “Compliance” column.
5. Remediate Compliance Status: To remediate the compliance status of the instance, click on the checkbox next to the instance that needs to be remediated.
6. Run Compliance Scan: Once you have selected the instance, click on the “Actions” dropdown menu at the top and select “Scan for Patch Compliance”. This will trigger a compliance scan on the selected instance.
7. Review Compliance Results: After the compliance scan is completed, go back to the Managed Instances dashboard and check the compliance status of the instance. It should now show as “Compliant” if the remediation was successful.
8. Monitor Compliance: To ensure that the compliance status remains checked, you can set up automated compliance scans and notifications in AWS Systems Manager.

​

1. Check Compliance Status: Run the following AWS CLI command to check the compliance status of your EC2 instances:
   Copy

   Ask AI

   aws ssm describe-instance-information --output json
   

2. Identify Non-Compliant Instances: Look for instances that have a “PingStatus” or “LastPingDateTime” indicating non-compliance.
3. Update SSM Agent: If the non-compliant instances have outdated SSM agents, update the SSM agent on those instances by following these steps:
   • Connect to the non-compliant EC2 instance using SSH.
   • Run the following commands to update the SSM agent:
     Copy

     Ask AI

     sudo yum update -y amazon-ssm-agent
     sudo systemctl restart amazon-ssm-agent
     

4. Check Compliance Again: Run the command in step 1 to check the compliance status of the instances again to ensure that the SSM agent update resolved the issue.
5. Automate Compliance Checks: To ensure continuous compliance monitoring, consider setting up AWS Config Rules or AWS Systems Manager Automation to automatically check and remediate compliance issues.

1. Install the AWS SDK for Python (Boto3) if you haven’t already. You can install it using pip:

pip install boto3

2. Create a Python script with the following code to check the compliance status of managed instances:

import boto3

# Initialize the AWS SDK
ssm_client = boto3.client('ssm')

# Get a list of managed instances
response = ssm_client.describe_instance_information()

# Check the compliance status for each managed instance
for instance in response['InstanceInformationList']:
    instance_id = instance['InstanceId']
    compliance_summary = ssm_client.get_compliance_summary_by_resource(
        ResourceType='ManagedInstance',
        ResourceId=instance_id
    )
    compliance_status = compliance_summary['ComplianceSummary']['ComplianceType']
    
    print(f"Instance ID: {instance_id}, Compliance Status: {compliance_status}")

3. Run the Python script to check the compliance status of managed instances. If the compliance status is not as expected, you may need to investigate further to identify and remediate the underlying issues causing non-compliance.