Amazon Systems Manager is a management service that helps you automatically collect software inventory, apply OS patches, create system images, and configure Windows and Linux operating systems. These capabilities help you define and track system configurations, prevent drift, and maintain software compliance of your EC2 and on-premises configurations.
In this blog, I will cover everything you need to know to make your task easier!
Topic’s we will cover:
- What is AWS Systems Manager?
- How does Systems Manager work?
- SSM Agent
- AWS Systems Manager features
- Conclusion
What is AWS Systems Manager?
Let’s first understand the need for Amazon Systems Manager
Recently at K21 Academy due to some updates from our technical security team, we had to install an agent on all our hosting servers in the AWS account. We usually use to run multiple EC2 instances in our account according to client demands. These servers have varied Operating Systems. Also, these servers have different types of workloads. So, creating AMIs for each type of instance with the agent would have taken a long time and a huge effort which is not a good approach. Also, there are multiple servers that can’t tolerate restart (for User data scripts to work).
Here comes our savior AWS System Manager also known as SSM which you can use to view and control your infrastructure and allows its users to run remote commands without the need for SSH, you can view operational data from multiple AWS services and automate operational tasks across your AWS resources. It helps you maintain security and compliance by scanning your managed nodes (A managed node is any machine configured for Systems Manager) and reporting on any policy violations it detects.
Only the basic requirement for running the SSM is that the host should have an amazon-SSM-agent running (we will be covering it in this blog later) and the host should have an IAM role having access to SSM (AmazonSSMManagedInstanceCore: An instance trust policy that allows a node to use Systems Manager service core functionality.).
How does Systems Manager work?
Let’s understand with a General example of a Systems Manager process flow
- Access Systems Manager – The AWS Console provides access to the Systems Manager. You can use the AWS Command Line Interface, AWS Tools for Windows PowerShell, or the AWS SDK to manage resources programmatically. You may use Systems Manager to configure, schedule, automate, and execute operations on your AWS resources and managed nodes. AWS resources include users, groups, and roles in AWS Identity and Access Management (IAM); AWS Lambda functions; Amazon EC2 Auto Scaling groups; and Amazon Simple Storage Service (Amazon S3) buckets, to mention a few.
- Choose a Systems Manager capability – More than two dozen functions are included in Systems Manager to assist you in performing activities on your resources. Only a handful of the features that administrators employ to configure and manage their resources are shown in the illustration.
- Verification and processing – Systems Manager verifies configurations, including permissions, and makes requests to the AWS Systems Manager agent (SSM Agent) running on your hybrid environment’s instances, edge devices, or servers and VMs. The configuration changes given by SSM Agent are implemented.
- Reporting – SSM Agent notifies the user, Systems Manager in the AWS Cloud, Systems Manager operations management capabilities, and various AWS services, if configured, about the status of the configuration changes and actions.
- Systems Manager operations management capabilities – In reaction to events or issues with your resources, Systems Manager operations management features such as Explorer OpsCenter and Incident Manager aggregate operations data or create artifacts such as operational work items (OpsItems) and incidents if enabled. These features might assist you in investigating and troubleshooting issues.
Check also: Free AWS Training
SSM Agent
The AWS Systems Manager Agent (SSM Agent) is Amazon software that operates on Amazon EC2 instances, edge devices, and on-premises servers and virtual computers (VMs). Systems Manager may update, manage, and configure these resources using the SSM Agent. The agent receives requests from the AWS Cloud’s Systems Manager service and executes them as stated in the request. The SSM Agent then uses the Amazon Message Delivery Service (service prefix: ec2messages) to deliver status and execution information back to the Systems Manager service.
AWS Systems Manager features
Systems Manager Inventory:
- AWS Systems Manager gathers data about your instances and the software they run, allowing you to better understand your system configurations and installed applications.
- Data on apps, files, network configurations, Windows services, registries, server roles, updates, and other system attributes can be collected.
- You can use the information acquired to manage application assets, track licensing, check file integrity, and find apps that aren’t installed by a standard installer, among other things.
Configuration Compliance:
- AWS Systems Manager allows you to check for patch compliance and configuration inconsistencies on your managed instances.
- You can collect and aggregate data from many AWS accounts and Regions, then drill down into non-compliant resources.
- AWS Systems Manager shows statistics about patching and associations by default. You can also personalise the service by creating your own compliance categories to meet your specific needs.
Automation:
- AWS Systems Manager enables you to automate common and repetitive IT operations and management tasks across AWS resources in a safe and secure manner.
- You can use JSON documents to specify a specific list of tasks in Systems Manager, or you can utilize community-published documents.
- These documents can be run immediately from the AWS Management Console, CLIs, and SDKs, scheduled in a maintenance window, or triggered by Amazon CloudWatch Events based on changes to AWS resources.
- You can keep track of how each step in the papers is being completed, as well as request approvals for each step.
- You can also roll out updates in stages and have them stop when mistakes occur.
Run Command:
- Use the Systems Manager Run Command to manage the configuration of your managed instances at scale remotely and securely. Use Run Command to make on-demand changes to a target group of dozens or hundreds of instances, such as updating software or running Linux shell scripts and Windows PowerShell commands.
Session Manager:
- AWS Systems Manager allows you to manage your instances at scale safely and securely without having to log into your servers, eliminating the need for bastion hosts, SSH, or remote PowerShell.
- It provides a simple way to automate basic administration operations such as registry modifications, user management, and software and patch deployments across groups of instances.
- You may apply granular permissions to govern the tasks users can conduct on instances by integrating with AWS Identity and Access Management (IAM).
- AWS CloudTrail records all actions performed with Systems Manager, allowing you to audit changes across your environment.
Patch Manager:
- AWS Systems Manager allows you to choose and apply operating system and software patches to large groups of Amazon EC2 or on-premises instances automatically.
- Patch baselines allow you to create rules to automatically approve or reject certain kinds of patches, such as operating systems or high-severity fixes, and you can also specify a list of patches that override these rules and are approved or refused automatically.
- You can also plan patch maintenance windows so that they are only applied at specific times.
- Systems Manager assists you in keeping your software up to date and compliant with your regulations.
Maintenance Windows:
- AWS Systems Manager allows you to schedule administrative and maintenance operations across all of your instances.
- This means that you can install patches and updates or make other configuration changes at a time that is convenient and safe for you, boosting the availability and reliability of your services and applications.
Distributor:
- AWS Systems Manager’s Distributor feature allows you to securely store and distribute software packages around your organization.
- To control the lifespan of the packages running on your instances, you can utilize Distributor in conjunction with current Systems Manager tools like Run Command and State Manager.
State Manager:
- AWS Systems Manager enables configuration management, allowing you to keep your Amazon EC2 or on-premises instances configured consistently.
- You can manage configuration parameters such as server configurations, anti-virus definitions, firewall settings, and more with Systems Manager.
- You can leverage existing scripts, PowerShell modules, or Ansible playbooks directly from GitHub or Amazon S3 buckets to set configuration policies for your servers using the AWS Management Console.
- Systems Manager applies your configurations to all of your instances at the time and frequency you specify.
- You may check the status of your instance configurations in Systems Manager at any time, giving you on-demand visibility into your compliance status.
Parameter Store:
- AWS Systems Manager acts as a single repository for all of your configuration data, including plain-text data like database strings and secrets like passwords.
- This allows you to segregate your code from your secrets and configuration data. Parameters can be labeled and arranged into hierarchies to make it easier to handle them.
- To save various values, you can use the same parameter name, “db-string,” but a different hierarchical path, “dev/db-string” or “prod/db-string.”
- AWS Key Management Service (KMS) is linked with Systems Manager, allowing you to automatically encrypt the data you save.
- You may also use AWS Identity and Access Management to control user and resource access to parameters (IAM). Other AWS services, such as Amazon Elastic Container Service, AWS Lambda, and AWS CloudFormation, can reference parameters.
Conclusion
This was all about the AWS systems manager and the important key points. Now that you know what the AWS SSM is, why should you use it, and how to use it, I hope this helps you kick-start your AWS SSM journey. Start using it already and share your experiences or suggestions in the comments section below.
Related Links/References
- AWS Free Tier Limits
- Overview of Amazon Web Services & Concepts
- How to create a free tier account in AWS
- AWS Certified Solutions Architect Associate SAA-CO3
- AWS Management Console Walkthrough
- AWS EFS, EBS and S3: Best AWS Storage Option
- AWS Certificate Manager (ACM): Overview, Features and How it Works?
Next Task For You
Begin your journey towards an AWS Cloud by joining our FREE Informative Class on Amazon Cloud Free Class by clicking on the below image.
Leave a Reply