Introduction
Systems Manager management service helps you automatically collect
software inventory, apply OS patches and automate administration tasks and complex workflows.
You will also see how to eliminate the need for bastion hosts to manage your resources. You will review the below Systems Manager capabilities
- Run Command
- State Manager
- Inventory
- Patch Manager
- Maintenance Window
- Automation
- Parameter Store
- Session Manager
- OpsCenter
- Explorer
- Change Calendar
- Distributor
Pre-requisites
you will need:
✓ An AWS Account
If you don't have an account visit https://aws.amazon.com and click Sign Up.
Key Benefits
- Hybrid
- Cross-Platform Support
- Scalable
- AWS Optimized
- No Complex Licensing Model
- Partner Benefits
Systems Manager Building Blocks
-
SSM Agentinstalled in EC2 instances -
Documents– series of steps executed in sequence. Versioned and shared across and used in run command, session manager, state manager
Registering instances in systems manager
Systems Manager Quick Setup
In AWS Management Console Search for Systems Manager this will take you to the home screen. In the left menu click on the Quick Setup for configuration.
Select the default roles to create or use the existing roles
Configuration Options
Targets
Manual Configuration
Create a role with Managed Policies attached and configure the IAM role to the EC2 instance
Run Command
Remotely and securely run configurations actions at scale
Accessible via console, CLI, and SDK
- Monitoring
- On-demand Patching
- run bootstrap scripts on applications
State Manager
Used to Enable or Disable Services
- Collecting Inventory
- Running Anti-virus Scans
- Running Scripts in Managed Windows or Linux Instances
Parameter Store
Provides secure and hierarchical storage for configuration data and secrets data
- stores passwords, database strings, license codes
- Can be stored encrypted or plain text
Inventory
Collects instance details and OS details
- Applications Installed
- Network Configuration
- Updates installed
- Monitor Windows Services and roles
- Monitor Windows Registry Keys
- Billing Information
- Custom Inventory
- Integrated with AWS Config
Patch Manager
Simplifies Operating System and application patching process and controls instance reboots
- Define approval rules
- Select patches to deploy ( blacklist or whitelist patches)
- Specify timings to roll out patches
- Report Patching Compliance
Maintenance Window
Scheduling the tasks based on the user-defined specified timings
- Patching and OS
- Updating Drivers
- Installing Softwares
- Creating AMI's
Automation
Automation is a platform to orchestrate Operational Playbooks and integrates with AWS Config and AWS Service Catalog
- orchestrate dynamic playbooks
- Manage AWS resources across accounts/regions
- Standardize and share playbooks across the organization
Session Manager
Interactive, one-click browser-based shell eliminates to maintain the bastion hosts or SSH keys to connect to managed instances
- Centralised access control
- No bastion host
- Port forwarding
- Hybrid
- Cross-Platform
- Logging and auditing Session Activities
Distributor
Securely store and distribute software packages
- Install-on-demand or on schedule
- central repository with version control
- Share with other AWS accounts
- Control access package via IAM
Explorer
Provides a summary of EC2 instances and patch summary compliance state
- Integrates with AWS Organization
- View Operations data across accounts/regions
AWS Config
Settings
Specify the types of AWS resources you want AWS Config to record, the Amazon S3 bucket to which it sends files, and the Amazon SNS topic to which it sends notifications.
AWS Config rules
AWS Config can check the configuration of your resources against the rules that you define. Choose one or more of the following rules to get started. After setting up AWS Config, you can customize these rules, set up other rules provided by AWS Config, or create your own rules.
Summary
AWS Systems Manager provides more insight into your managed instances and using the SNS Notifications you can get notified if any failure happens during the patching process or running commands or installing software. These compliance data can be stored in S3 buckets for further analysis.
Happy Coding!
Top comments (0)