To me the idea of doing security updates on someone else's VM running someone else's stack/application seems very impractical. It will probably work most of the time, but when it doesn't work then basically you get credit for shutting down their service. And you don't really have any clues about what might possibly cause an issue because you don't know details of their application or stack.
And then sometimes software might need to be restarted which means you have to tell them to restart it themselves or get them to explain enough about how it works so you can restart it.
So unless you are going to charge hourly and staff accordingly, it seems like a no-go.
In this case, $100 per month is really going to pay for maybe two or three hours of sysadmin or application development work max. I.E. helping with various issues that come up in ordinary dev ops or software configuration that are specific to that particular customer's setup. And you just have to count on the idea that most people won't take advantage of more than that average amount of help, like only when they are panicked. And then hope that it is something that you can actually fix in a short amount of time.