DEV Community

loading...
Cover image for AWS Systems Manager Hands-On

AWS Systems Manager Hands-On

sunilkumarmedium profile image sunilkumarmedium ・3 min read

Introduction

Systems Manager management service helps you automatically collect
software inventory, apply OS patches and automate administration tasks and complex workflows.

You will also see how to eliminate the need for bastion hosts to manage your resources. You will review the below Systems Manager capabilities

  1. Run Command
  2. State Manager
  3. Inventory
  4. Patch Manager
  5. Maintenance Window
  6. Automation
  7. Parameter Store
  8. Session Manager
  9. OpsCenter
  10. Explorer
  11. Change Calendar
  12. Distributor

Pre-requisites
you will need:
✓ An AWS Account

If you don't have an account visit https://aws.amazon.com and click Sign Up.

Key Benefits

  • Hybrid
  • Cross-Platform Support
  • Scalable
  • AWS Optimized
  • No Complex Licensing Model
  • Partner Benefits

Systems Manager Building Blocks

  • SSM Agent installed in EC2 instances
  • Documents – series of steps executed in sequence. Versioned and shared across and used in run command, session manager, state manager

Registering instances in systems manager

Systems Manager Quick Setup
In AWS Management Console Search for Systems Manager this will take you to the home screen. In the left menu click on the Quick Setup for configuration.
Alt Text

Select the default roles to create or use the existing roles

Configuration Options
Alt Text

Targets
Alt Text

Manual Configuration

Create a role with Managed Policies attached and configure the IAM role to the EC2 instance
Alt Text

Run Command
Remotely and securely run configurations actions at scale
Accessible via console, CLI, and SDK

  • Monitoring
  • On-demand Patching
  • run bootstrap scripts on applications

State Manager
Used to Enable or Disable Services

  • Collecting Inventory
  • Running Anti-virus Scans
  • Running Scripts in Managed Windows or Linux Instances

Alt Text

Parameter Store
Provides secure and hierarchical storage for configuration data and secrets data

  • stores passwords, database strings, license codes
  • Can be stored encrypted or plain text

Inventory
Collects instance details and OS details

  • Applications Installed
  • Network Configuration
  • Updates installed
  • Monitor Windows Services and roles
  • Monitor Windows Registry Keys
  • Billing Information
  • Custom Inventory
  • Integrated with AWS Config

Alt Text

Alt Text

Alt Text

Patch Manager
Simplifies Operating System and application patching process and controls instance reboots

  • Define approval rules
  • Select patches to deploy ( blacklist or whitelist patches)
  • Specify timings to roll out patches
  • Report Patching Compliance

Maintenance Window
Scheduling the tasks based on the user-defined specified timings

  • Patching and OS
  • Updating Drivers
  • Installing Softwares
  • Creating AMI's

Automation
Automation is a platform to orchestrate Operational Playbooks and integrates with AWS Config and AWS Service Catalog

  • orchestrate dynamic playbooks
  • Manage AWS resources across accounts/regions
  • Standardize and share playbooks across the organization

Session Manager
Interactive, one-click browser-based shell eliminates to maintain the bastion hosts or SSH keys to connect to managed instances

  • Centralised access control
  • No bastion host
  • Port forwarding
  • Hybrid
  • Cross-Platform
  • Logging and auditing Session Activities

Distributor
Securely store and distribute software packages

  • Install-on-demand or on schedule
  • central repository with version control
  • Share with other AWS accounts
  • Control access package via IAM

Explorer
Provides a summary of EC2 instances and patch summary compliance state

  • Integrates with AWS Organization
  • View Operations data across accounts/regions

Alt Text

AWS Config

Settings
Specify the types of AWS resources you want AWS Config to record, the Amazon S3 bucket to which it sends files, and the Amazon SNS topic to which it sends notifications.

AWS Config rules

AWS Config can check the configuration of your resources against the rules that you define. Choose one or more of the following rules to get started. After setting up AWS Config, you can customize these rules, set up other rules provided by AWS Config, or create your own rules.

Alt Text

Alt Text

Alt Text

Summary
AWS Systems Manager provides more insight into your managed instances and using the SNS Notifications you can get notified if any failure happens during the patching process or running commands or installing software. These compliance data can be stored in S3 buckets for further analysis.

Happy Coding!

Discussion (0)

Forem Open with the Forem app