Skip to content


In this workshop we start by guiding you through tagging your resources and maintaining an asset inventory for visibility and governance purposes with AWS Tags and Systems Manager (SSM). We then build an Amazon Machine Image (AMI) baking pipeline, harden the AMI with AWS SSM and install the Amazon Inspector agent. Within the pipeline we look for vulnerabilities and apply patches before promoting the AMI for use by an application.

Next we construct a continuous detection framework to detect change in state of security or detection of vulnerabilities using Amazon Inspector and AWS SSM’s Patch Manager.

Finally we put all these pieces together to manage your Amazon EC2 fleet at scale.

  • Level: Intermediate
  • Duration: 2 - 3 hours
  • CSF Functions: Identity, Protect, Detect, Respond, Recover
  • CAF Components: Detective, Responsive
  • Prerequisites: AWS Account, IAM User (with admin permissions)

Presentation Deck



Please use the us-east-2 (Ohio) region for this workshop.


This workshop is broken up into the four modules below:

  1. Asset Management and Tagging
  2. AMI Factory
  3. Vulnerability Assessment and Patch Manager Setup
  4. EC2 Fleet Management at Scale