Looking to get a sense of how and how often kernel security patches are applied? We have AWS credits and are thinking to use Amazon AMI EC2 images to host our Docker containers. Can we live-patch the kernel for security updates? What tools are available to handle updates and how often security updates are issued? Thanks!