Understand AWS Systems Manager

Systems Manager provides visibility and control of the infrastructure on AWS and helps to view operational data from multiple AWS services and automates operational tasks across AWS resources.

Its can managed in any EC2 instance or on-premises machine in your hybrid environment that has been configured for Systems Manager.

The AWS system manager helps maintain security and compliance by scanning the managed instances and reporting on (or taking corrective action on) any policy violations it detects that also supported machine types include EC2 instances, on-premises servers, and virtual machines (VMs), including VMs in other cloud environments.

Systems Manager makes use of SSM agent, supported operating system types include Windows Server, multiple distributions of Linux, and Raspbian.

That’s all about system manager, lets see the useful features which can make administrative responsibilities easier:

Session Manager
- Manage your EC2 instances through an interactive one-click browser-based shell or through the AWS CLI.
- Makes it easy to comply with corporate policies that require controlled access to instances, strict security practices, and fully auditable logs with instance access details, while still providing end users with simple one-click cross-platform access to your Amazon EC2 instances.
- You can use AWS Systems Manager Session Manager to tunnel SSH (Secure Shell) and SCP (Secure Copy) traffic between a client and a server.

Run Command
- Remotely and securely manage the configuration of your managed instances at scale.
- Managed Instances – any EC2 instance or on-premises server or virtual machine in your hybrid environment that is configured for Systems Manager.

Patch Manager
- Automate the process of patching your managed instances.
- Enables you to scan instances for missing patches and apply missing patches individually or to large groups of instances by using EC2 instance tags.
- For security patches, Patch Manager uses patch baselines that include rules for auto-approving patches within days of their release, as well as a list of approved and rejected patches.
- You can use AWS Systems Manager Patch Manager to select and apply Microsoft application patches automatically across your Amazon EC2 or on-premises instances.
- AWS Systems Manager Patch Manager includes common vulnerability identifiers (CVE ID). CVE IDs can help you identify security vulnerabilities within your fleet and recommend patches.
- You can configure actions to be performed on a managed instance before and after installing patches.

Parameter Store
- Provides secure, hierarchical storage for configuration data and secrets management.
- You can store values as plain text or encrypted data with SecureString.
- Parameters work with Systems Manager capabilities such as Run Command, State Manager, and Automation.

Inventory Manager
- Automates the process of collecting software inventory from managed instances.
- You specify the type of metadata to collect, the instances from where the metadata should be collected, and a schedule for metadata collection.

Fleet Manager
- All in all, AWS Server Fleet Management is worth looking into if you’ve got a large EC2 deployment. Even if you don’t use the pre-made stack, it might give you some ideas on how to use the underlying AWS services to help secure and manage your fleet. With the included sample fleet, it’s easy to get it set up and try it out!

Automation
- Allows you to safely automate common and repetitive IT operations and management tasks across AWS resources
- A step is defined as an initiated action performed in the Automation execution on a per-target basis. You can execute the entire Systems Manager automation document in one action or choose to execute one step at a time.
- Concepts

- - - Automation document – defines the Automation workflow.
    - Automation action – the Automation workflow includes one or more steps. Each step is associated with a particular action or plugin. The action determines the inputs, behavior, and outputs of the step.
    - Automation queue – if you attempt to run more than 25 Automation simultaneously, Systems Manager adds the additional executions to a queue and displays a status of Pending. When an Automation reaches a terminal state, the first execution in the queue starts.
- You can schedule Systems Manager automation document execution.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Author: Arunava Mukherjee

Leave a Reply Cancel reply

Author: Arunava Mukherjee

Related posts

Leave a Reply Cancel reply