Provides visibility and control of the infrastructure on AWS

Helps to view operational data from multiple AWS services and automate operational tasks across AWS resources.

Helps you automatically collect software inventory, apply OS patches, create system images, and configure Windows and Linux operating systems.

Runs in Amazon EC2 or on premises.

Works with managed instances, which are configured for use with Systems Manager.

Helps configure and maintain managed instances.

Helps maintain security and compliance by scanning the managed instances and reporting on (or taking corrective action on) any policy violations it detects.

Supports machine types include EC2 instances, on-premises servers, and virtual machines (VMs) in the hybrid environment, including VMs in other cloud environments and other types of AWS resources (nodes) .

Supported operating system types include Windows Server, multiple distributions of Linux, and Raspbian.

Capabilities for taking action against or changing the AWS resources.

If we want to administrate a compute element, then we need to install the agent and add one role to the compute element with the policy AmazonEC2RoleforSSM.

Systems Manager Automation

Offers the following

Run Command: Remotely and securely manage the configuration of your managed instances at scale. Perform on-demand changes like updating applications or running Linux shell scripts and Windows PowerShell commands on a target set of dozens or hundreds of instances.

Patch Manager: Automate the process of patching your managed instances. Can scan instances for missing patches and apply them individually or to large groups of instances sharing a tag.

Maintenance Windows: Set up recurring schedules for managed instances to execute administrative tasks like installing patches and updates.

State Manager: Automates the process of keeping your managed instances in a defined state. Ensures that your instances are bootstrapped with specific software at startup, joined to a Windows domain (if applicable), or patched with specific software updates.

Systems Manager Configuration Compliance

1. 1. Helps scan fleet of managed instances for patch compliance and configuration inconsistencies.

   2. Helps collect and aggregate data from multiple AWS accounts and Regions, and then drill down into specific resources that aren’t compliant.

   3. Provides, by default, displays compliance data about Patch Manager patching and State Manager associations, but can be customized.

Session Manager

1. 1. Helps manage EC2 instances through an interactive one-click browser-based shell or through the AWS CLI.

   2. Provides secure and auditable instance management without the need to open inbound ports, maintain bastion hosts, or manage SSH keys.

   3. Helps comply with corporate policies that require controlled access to instances, strict security practices, and fully auditable logs with instance access details, while still providing end users with simple one-click cross-platform access to the EC2 instances.

Systems Manager Run Command

1. 1. Helps to remotely and securely manage the configuration of the managed instances at scale.

   2. Helps perform on-demand changes like updating applications or running Linux shell scripts and Windows PowerShell commands on a target set of dozens or hundreds of instances.

Patch Manager

1. 1. Helps automate process of patching managed instances with both security related and other types of updates.

   2. Helps apply patches for both operating systems and applications. (On Windows Server, application support is limited to updates for Microsoft applications.)

   3. Enables scanning of instances for missing patches and applies them individually or to large groups of instances by using EC2 instance tags.

   4. Uses patch baselines, which can include rules for auto-approving patches within days of their release, as well as a list of approved and rejected patches.

   5. Helps install security patches on a regular basis by scheduling patching to run as a Systems Manager maintenance window task.

Systems Manager Inventory

1. 1. Provides visibility into your Amazon EC2 and on-premises computing environment.

   2. Collect metadata from the managed instances about applications, files, components, patches, and more on your managed instances

Systems Manager State Manager

1. 1. Helps automate the process of keeping the managed instances in a defined state.

   2. Helps ensure that the instances are bootstrapped with specific software at startup, joined to a Windows domain (Windows instances only), or patched with specific software updates.

Capabilities for managing and configuring the AWS resources

Systems Manager document (SSM document)

1. 1. defines the actions that Systems Manager performs.

   2. SSM document types include

      1. 1. Command documents, which are used by State Manager and Run Command, and

         2. Automation documents, which are used by Systems Manager Automation.

Parameter Store

1. 1. Provides secure, hierarchical storage for configuration data and secrets management.

   2. Can store data such as passwords, database strings, and license codes as parameter values.

   3. Supports values as plain text or encrypted data, referenced by using the specified unique name.

   4. Parameter Store is offered at no additional charge.

Is software that can be installed and configured on an EC2 instance, an on-premises server, or a virtual machine (VM).

Makes it possible for Systems Manager to update, manage, and configure these resources.

Must be installed on each instance to use with Systems Manager

Usually comes preinstalled with lot of Amazon Machine Images (AMIs), while it must be installed manually on other AMIs, and on on-premises servers and virtual machines for your hybrid environment.

Parameter Store, a capability of AWS Systems Manager, provides secure, hierarchical storage for configuration data management and secrets management.

You can store data such as passwords, database strings, AMI IDs, and license codes as parameter values.

You can store values as plain text or encrypted data.

Executing One Script in EC2 Using System Manager