AWS Systems Manager
AWS Systems Manager
Systems Manager allows you to see and control the infrastructure on AWS.
It allows you to view operational data from multiple AWS Services and automates operations across AWS resources.
A managed instance is an EC2 or on-premises instance in your hybrid environment that has been configured to Systems Manager.
Works with managed instances that are configured for Systems Manager.
Configure and maintain managed instances.
It helps to maintain security and compliance by scanning managed instances and reporting on (or taking remedial action on) any policy violations.
There are several supported machine types, including EC2 instances, on premises servers, and virtual machines (VMs), which include VMs in other clouds.
Supported operating systems include Windows Server, Raspbian, and multiple Linux distributions.
Capabilities that assist in managing the AWS resources
Trusted Advisor is an online tool which provides real-time guidance that will help you provide resources in accordance with AWS best practices.
AWS Personal Health Dashboard gives you information about AWS Health events that could affect your account
OpsCenter is a central location for operations engineers and IT professionals to view, investigate and resolve operational work items (OpsItems), related to AWS resourcesApplication management
SSM Parameter StoreSSM Parameter Store offers secure, scalable and hierarchical storage of configuration data and secret management.
You can store passwords, AMI IDs, database strings, and license codes as parameter value data.
Supports plain text values or encrypted data using SecureString.
Uses AWS KMS to encrypt parameter value.
Parameters can be referenced using the unique name that was given during parameter creation.
supports versioning of configuration/secrets.
High availability because Parameter Store is hosted in multiple AZs within an AWS Region.
Can be configured to send change notifications and trigger automated actions for parameters and parameter policies
It is integrated with Secrets Manager, and can be used for secret retrieval when using other AWS services which already support Parameter Store parameters
Secrets Manager does not support password rotation.
Capabilities to take action against or change the AWS resources
Systems Manager Automation
Automates common maintenance and deployment tasks, such as: Automate common maintenance and deployment tasks, such as creating and updating AMIs, applying driver and agent updates and reset passwords on Windows instance, setting up SSH keys on Linux instances, and applying OS patches and application updates.
Capabilities to manage the EC2 instances and on-premises servers, virtual machines (VMs), in the hybrid environment and other AWS resources (nodes).
Systems Manager Configuration Compliance
It scans the managed instances fleet for configuration inconsistencies and patch compliance.
It allows you to collect data from multiple AWS accounts or regions, and then drill down to specific resources that aren’t compliant.
By default, provides compliance data about Patch Manager patching, State Manager associations, and can be customizedSession Manager
It allows you to manage EC2 instances via an interactive, browser-based shell or the AWS CLI.
Secure and auditable instance management is possible without opening inbound ports, maintaining bastion hosts, or managing SSH keys.
It helps to comply with corporate policies that require controlled and secure access to instances. Logs with instance access details are fully auditable. End users still have a simple one-click cross-platform option.