AWS Systems Manager collects operational data from numerous AWS services and automates activities across your AWS resources. You can divide resources into logical groups like applications, application layers, or production vs development environments.
With Systems Manager, you can examine a resource group’s recent API activity, resource configuration changes, relevant notifications, operational alerts, software inventory, and patch compliance status.
Table of contents:
Check out this AWS Training video by Intellipaat
AWS Systems Manager Features
- Create logical resource groups like applications, application layers, or production versus development environments.
- You can monitor current API activity, resource configuration changes, related notifications, operational alerts, software inventory, and patch compliance status for a resource group by selecting it.
- Gather data about your instances and the software that is installed on them.
- Allows you to use AWS resources to safely automate typical and repetitive IT operations and management tasks.
- Provides a browser-based interactive shell and command line interface for administering Windows and Linux EC2 instances, eliminating the need to open inbound ports, manage SSH keys, or use bastion hosts. Using IAM policies, administrators may grant and revoke access to instances from a single location.
- Assists in ensuring that your software is up to date and fulfills your compliance policies.
- Allows you to arrange time slots for administrative and maintenance chores to be performed across your instances.
Check out Intellipaat’s AWS Training Course to get ahead in your career!
How Systems Manager works
The figure below shows how some Systems Manager capabilities operate on your resources. A description of each interaction listed follows the diagram.
Diagram 1: A general flow diagram of the Systems Manager process.
- Access Systems Manager- To gain access to Systems Manager, select one of the available choices.
- Choose a Systems Manager capability- Determine which capacity can assist you in carrying out the action you desire on your resources.
- Verification and processing- Systems Manager confirms that your AWS Identification and Access Management (IAM) user, group, or role has the authority to do the action you specified. If your action is directed at a managed node, the action is carried out via the node’s Systems Manager Agent (SSM Agent). The systems Manager conducts the specified action for other types of resources or communicates with other AWS services to do the action on the Systems Manager’s behalf.
- Reporting- Status is reported by the Systems Manager, SSM Agent, and any AWS services that executed an action on the Systems Manager’s behalf. If configured, the Systems Manager can provide status updates to other AWS services.
- Systems Manager operations management capabilities-Systems Manager operations management capabilities like Explorer, OpsCenter, and Incident Manager can aggregate operations data or produce artifacts in reaction to events or failures with your resources if enabled.
These artifacts contain operational work items (OpsItems) and incidents. Systems Manager’s operations management capabilities offer operational visibility into your applications and resources, as well as automated remediation options to assist with problem resolution.
SSM Agent
AWS Systems Manager Agent (SSM Agent) is Amazon software that runs on Amazon’s EC2 instances, edge devices, and on-premises servers and virtual PCs (VMs). The SSM Agent is used by the Systems Manager to update, manage, and configure these resources.
The agent accepts requests from the AWS Cloud’s Systems Manager service and performs them as specified. The SSM Agent then communicates status and execution information to the Systems Manager service using the Amazon Message Delivery Service (service prefix: ec2messages).
AWS Systems Manager Parameter Store
AWS Systems Manager’s Parameter Store functionality enables safe, hierarchical storage for configuration, secrets management, and data management.
You can save information in the form of parameter values, including license codes, database strings, Amazon Machine Image (AMI) IDs, and passwords. Values can alternatively be stored as plain text or encrypted data.
Are you preparing for an AWS interview? Here are the latest AWS Interview Questions!
How will Parameter Store benefit your organization?
The following benefits are provided by Parameter Store:
- It uses a hosted secrets management service that is secure, scalable, and requires no server management.
- You can separate your data and code to improve your security posture.
- Configuration data and encrypted strings are stored in hierarchies, and versions are tracked.
- Provides granular access control and auditing.
- Because Parameter Store is hosted in various Availability Zones across an AWS Region, parameters are reliably stored.
Features of Parameter Store
- Change notification
- Organize and control access
- Data Validation
- Accessible from other AWS services
- Integrate with other AWS services
Interested in learning more? Go through this AWS Tutorial!
AWS Systems Manager Session Manager
Session Manager is an AWS Systems Manager feature that is completely managed. Session Manager allows you to manage your edge devices, Amazon Elastic Compute Cloud (Amazon EC2) instances, and on-premises servers and virtual machines (VMs).
How will Session Manager benefit your organization?
The following benefits are provided by Session Manager:
- Centralized access control: You can permit and revoke access to managed nodes in a single location. You can regulate which individual users or groups in your company can use Session Manager and which managed nodes they can access using simply AWS Identity and Access Management (IAM) policies.
- One-click access to managed nodes: You may start a session with a single click in the AWS Systems Manager console or the Amazon EC2 console. You may also use the AWS CLI to launch a session that executes a single command or a series of commands.
- Cross-platform support: Session Manager is a single utility that supports Windows, Linux, and macOS. For example, for Linux and macOS-managed nodes, you don’t need to use an SSH client, and for Windows Server-managed nodes, you don’t need to utilize an RDP connection.
- Logging and auditing session activity: You may be required to produce a record of both the connections made on your managed nodes and the commands that were executed on them to meet operational or security needs in your business. You can also be notified when a user in your company initiates or terminates a session activity.
Integrating with the following AWS services provides logging and auditing capabilities:
Learn how to leverage AWS Certificate Manager for seamless certificate management and enhanced security!
Get 100% Hike!
Master Most in Demand Skills Now!
Features of Session Manager
- Supports Windows Server, macOS, and Linux-managed nodes
- Console, SDK, and CLI access to Session manager capabilities
- IAM access control
- Logging and auditing capability support
- Tunneling
AWS Systems Manager Setup
The AWS Systems Manager setup process varies depending on the features you want to use and the resources you want to manage.
Let’s take a high-level look at configuring AWS Systems Manager for EC2 instances:
- Make IAM users and groups to be used with the Systems Manager. Users and groups with Amazon SSM FullAccess policy have full access to Systems Manager features; however, you should adjust users, groups, and roles to fit your organization’s specific needs.
- To allow AWS Systems Manager to conduct actions on your EC2 instances, create an IAM instance profile.
- To manage EC2 instances, attach the IAM instance profile to them.
- Check that your EC2 instance has AWS SSM installed. SSM Agent is most likely deployed by default if you use Amazon Machine Images (AMIs). Other instances or servers may require you to manually install AWS SSM.
- In order for AWS Systems Manager to use it, create a VPC endpoint.
Conclusion
This was everything about the AWS system manager and the major points. Now that you understand what AWS SSM is, why you should use it, and how to utilize it, I hope this helps you get started on your AWS SSM path. Start using it right away and share your thoughts in the comments area below.