AWS Systems Manager: All you need to know

product-page-diagram-AWS-Systems-Manager_how-it-works
https://aws.amazon.com/systems-manager/

What is AWS SSM?

AWS Systems Manager is an agent-based platform for managing servers across any infrastructure, including AWS, on-premises and other clouds. You can now deploy applications and application configurations with a single command to AWS. The EC2 Run Command is still available, but there’s also a new service that offers this functionality called AWS OpsWorks (OpsWorks for short). Previously, there was no single solution that could be used to manage all servers. This resulted in ASM coming into existence and filling the gap.

Features of SSM (AWS Systems Manager)

Run command

Being a remote command, this enables us to go into your servers and do ad-hoc things easily. Previously, we would utilise AnsibleBastion Hosts and other similar services to run ad-hoc commands to our remote servers. There are many different solutions, but they all take time to set up & it can be difficult to determine precisely who is doing what. By integrating with AWS Identity and Access Management (IAM), SSM provides significantly better control over controlling remote command executions. It saves remote administration records to audit usage. Security documentation may also be produced for often used commands.

State Manager

New vulnerabilities are discovered every day, so there’s no way to keep your network safe. State Manager makes it extremely simple to maintain the proper state for our application environment by allowing us to run a collection of commands utilising SSM documents on a regular basis. If we want to disable SSH temporarily on all servers, a strategy could be to use an Systems Manager document that schedules a shutdown of the SSH demon on each of our servers every half hour (30 min).

Automation

With this upgrade to the Run Command feature, we’re now able to remotely run commands on various instances. This isn’t all that automation has to offer; we can use AWS API’s as part of these executions. We may combine many stages to complete complicated tasks by using an Systems Manager automation type document. Please keep in mind that Automation documents are run on SSM Service and have a maximum execution time of 1,000,000 seconds per AWS account per region.

Inventory

It’s easy to track what applications are running on our servers and services we use from Systems Manager Inventories. This is done by linking an SSM document to a managed instance, which then collects inventory data about these items at regular intervals and makes them available for examination afterwards.

Patch Manager

Even the environment needs to be updated with new patches. Using SSM Patch Manager, we can define patch baselines and apply them to managed instances during Maintenance Windows. This is done automatically whenever the Maintenance Window time arrives, reducing the possibility of a manual oversight.

Maintenance Windows

Amazon offers a way to schedule tasks to execute on AWS infrastructure at certain intervals, called recurring tasks. You can count on us to perform patch fixes, install software, and upgrade the OS while your computer is in the shop. We may utilise SSM Run commands and Automation features during maintenance windows.

Compliance

This is an SSM reporting method that tells us if our instances are patch baseline or States Manager association compliant. This capability may be used to drill deeper into issues and resolve them using SSM Run commands or Automation.

Parameter Store

By leveraging the AWS KMS service, this functionality eliminates the possibility of exposing database passwords and other sensitive parameters we’d like to include in our SSM Documents. This is a minor component of SSM, but it is necessary for the service to function properly.

Documents

SSM comes with a number of pre-made documents that may be used with Run Commands, Automation, and States Manager. We can also create our own unique documents. SSM Document permissions are connected with AWS IAM, allowing us to use AWS IAM policies to manage who has execution privileges on which documents.

Concurrency

With AWS, you can run commands and automation documents in parallel by specifying a percentage or a count of target instances. We may also halt operations if the number of target instances throwing errors reaches a certain threshold.

Security

Security is a complicated concept and the Systems Manager Agent implements it by running as root on the servers. This better affords visibility into the security of our work environment.

  • The SSM agent retrieves pending orders from the SSM service and executes them on the instance via a pull mechanism.
  • Communication between the SSM agent and the service takes place through a secure channel that employs the HTTPS protocol.
  • Because the SSM agent code is open source, we know exactly what it does.
  • To log all API calls, the SSM service may be linked with AWS CloudTrail.

Cost?

Start using AWS Systems Manager for free – Try the 13 free features available with the AWS Free Tier.

Pay nothing to try »

Conclusion

AWS Systems Manager is a cloud-based service for managing, monitoring, and maintaining the health of your IT infrastructure.

AWS Systems Manager is a cloud-based service for managing, monitoring, and maintaining the health of your IT infrastructure. It provides a centralized console to view the state of all your AWS resources, as well as one-click actions to fix common issues.

Overall, AWS Systems Manager is an impressive production-ready tool that lets you manage your servers and other AWS resources remotely.

Links

AWS are down 07 November 2021 Again?

If you are an Amazon Web Services user, you may have seen the warning that your data may be at risk due to a maintenance incident. AWS was down for over an hour, which is enough time for data to be compromised.

News: