AWS Security ChangesHomeSearch

AWS systems-manager high security documentation change

Service: systems-manager · 2025-11-13 · Security-related high

File: systems-manager/latest/userguide/patch-manager-alternative-source-repository.md

Summary

Added guidance to enforce repository update verification for YUM/DNF package managers

Security assessment

Introduces configuration to prevent skipping updates when repositories are unreachable, directly addressing a potential security gap in patch management reliability. This mitigates the risk of missing critical security patches due to connectivity issues.

Diff

diff --git a/systems-manager/latest/userguide/patch-manager-alternative-source-repository.md b/systems-manager/latest/userguide/patch-manager-alternative-source-repository.md
index 46e5b02b7..9fcd2950b 100644
--- a//systems-manager/latest/userguide/patch-manager-alternative-source-repository.md
+++ b//systems-manager/latest/userguide/patch-manager-alternative-source-repository.md
@@ -45,0 +46,6 @@ Keep in mind the following points as you plan your patching strategy using alter
+###### Enforce repo update verifications (YUM and DNF)
+
+A default configuration for a package manager on a Linux distribution might be set to skip an unreachable package repository if connection to the repository cannot be established. To enforce repository update verification, add `skip_if_unavailable=False` to the repository configuration.
+
+For more information about the `skip_if_available` option, see [Connectivity to the patch source](./patch-manager-prerequisites.html#source-connectivity).
+