AWS Security ChangesHomeSearch

AWS systems-manager documentation change

Service: systems-manager · 2025-10-16 · Documentation medium

File: systems-manager/latest/userguide/patch-manager-override-lists.md

Summary

Added IPv6 patching note about URL reachability and dualstack endpoints

Security assessment

Documents configuration requirements for secure patching in IPv6 environments, ensuring proper connectivity for updates. While not fixing a vulnerability, it supports security maintenance.

Diff

diff --git a/systems-manager/latest/userguide/patch-manager-override-lists.md b/systems-manager/latest/userguide/patch-manager-override-lists.md
index b11c2426c..8a7ad0967 100644
--- a//systems-manager/latest/userguide/patch-manager-override-lists.md
+++ b//systems-manager/latest/userguide/patch-manager-override-lists.md
@@ -36,0 +37,4 @@ The result: Only `Security` patches, as defined in your default patch baseline,
+###### Note
+
+When you're patching a node that only uses IPv6, ensure that the provided URL is reachable from the node. If the SSM Agent config option `UseDualStackEndpoint` is set to `true`, then a dualstack S3 client is used when an S3 URL is provided. See [Tutorial: Patching a server in an IPv6 only environment](./patch-manager-server-patching-iPv6-tutorial.html) for more information on configuring the agent to use dualstack.
+