https://www.youtube.com/watch?v=OJa0WsB_FJk
What
Automates the patching of managed instances, Patch ON-DEMAND or ON-SCHEDULE via maintenance window OS Updates, application updates, security updates Generates a patch compliance report and can be sent to s3
Patch Baseline
Controls which patches should be installed and not installed By default, install crictical patches and related to security
Patch Group
Associate specific group of instances with a specific patch baseline, with auto approval delay.