What it is: An SSM feature to automate OS patching for managed instances.

What it’s for:

• Apply security updates consistently across a fleet.
• Reduce vulnerability exposure over time.

Key ideas:

• You define patch baselines and maintenance windows.
• Works with compliance reporting.

Exam cues:

• “automate patching weekly” → Patch Manager + maintenance window.

Hard words:

• *vulnerability* /ˌvʌlnərəˈbɪləti/: lỗ hổng
• *baseline* /ˈbeɪslaɪn/: chuẩn nền (rule chuẩn)
• *maintenance window* /ˈmeɪntənəns ˈwɪndoʊ/: khung giờ bảo trì