AWS systems-manager documentation change
Summary
Added IPv6 patching note about URL reachability and dualstack endpoints
Security assessment
Documents configuration requirements for secure patching in IPv6 environments, ensuring proper connectivity for updates. While not fixing a vulnerability, it supports security maintenance.
Diff
diff --git a/systems-manager/latest/userguide/patch-manager-override-lists.md b/systems-manager/latest/userguide/patch-manager-override-lists.md index b11c2426c..8a7ad0967 100644 --- a//systems-manager/latest/userguide/patch-manager-override-lists.md +++ b//systems-manager/latest/userguide/patch-manager-override-lists.md @@ -36,0 +37,4 @@ The result: Only `Security` patches, as defined in your default patch baseline, +###### Note + +When you're patching a node that only uses IPv6, ensure that the provided URL is reachable from the node. If the SSM Agent config option `UseDualStackEndpoint` is set to `true`, then a dualstack S3 client is used when an S3 URL is provided. See [Tutorial: Patching a server in an IPv6 only environment](./patch-manager-server-patching-iPv6-tutorial.html) for more information on configuring the agent to use dualstack. +