how to create amazon ssm automated document,to use it for centralized patching from multiple accounts

Question

As part of AWS system manager patching,we were planning to create centralized management patching to patch the servers from various regions and various accounts in aws.

Multi account and region access set up was done using the below link https://aws.amazon.com/blogs/mt/centralized-multi-account-and-multi-region-patching-with-aws-systems-manager-automation/

how ever having issues to create custom automation documents,to "execute automation for Multi account and region"

Any ideas on creating own automated documents for windows and Linux patching

Answer 1

This documentation has several sections that cover sharing SSM documents: https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-sharing.html

You can share SSM documents privately or publicly with accounts in the same AWS Region. To privately share a document, you modify the document permissions and allow specific individuals to access it according to their Amazon Web Services (AWS) ID. To publicly share an SSM document, you modify the document permissions and specify All.

Note that it states you can share a document "in the same AWS region."

This link has info on creating a custom document: https://docs.aws.amazon.com/systems-manager/latest/userguide/create-ssm-doc.html

AWS pre-defined SSM documents might perform some of the actions you require. You can call these documents by using the aws:runDocument, aws:runCommand, or aws:executeAutomation plugins within your custom SSM document, depending on the document type. You can also copy portions of those documents into a custom SSM document, and edit the content to meet your requirements.