Aws System Manager

What is AWS System Manager?

AWS Systems Manager is a set of features that help you manage your applications and infrastructure running in the AWS Cloud. Systems Manager simplifies application and resource management, reduces the time to identify and resolve operational issues, and helps you manage your AWS resources securely and at scale. 

Application Management 

Application Manager helps DevOps engineers investigate and troubleshoot issues with AWS resources in the context of applications and clusters. In Application Manager, an application is a logical grouping of AWS resources that you operate as a unit. This logical grouping can represent different versions of an application, an operator-owned line, or a developer environment, to name a few. Application Manager support for container clusters includes both Amazon Elastic Kubernetes Service (Amazon EKS) and Amazon Elastic Container Service (Amazon ECS) clusters. Application Manager aggregates operational information from multiple AWS services and Systems Manager functions into a single AWS management console.

Change Management 

Change Manager is an enterprise change management framework for requesting, approving, implementing, and reporting operational changes to application configuration and infrastructure. AWS Organizations allows you to manage changes across multiple AWS accounts in multiple AWS Regions from a single delegated administrator account. Alternatively, you can use local accounts to manage changes for a single AWS account. Use Change Manager to manage changes to both AWS and on-premises resources.

Node Management 

A managed node is any machine configured for Systems Manager. Systems Manager supports Amazon Elastic Compute Cloud (Amazon EC2) instances, edge devices, on-premises servers, or virtual machines (VMs), including VMs in other cloud environments.

• Compliance 

Use Compliance to scan your fleet of managed nodes for patch compliance and configuration discrepancies. You can collect and aggregate data from multiple AWS accounts and AWS Regions and drill down to specific non-compliant resources. By default, Compliance displays compliance data for the Patch Manager patch and State Manager associations. You can also customize the service and create compliance types based on your IT or business needs.

• Fleet Manager 

Fleet Manager is a unified user interface (UI) that allows you to remotely manage your nodes. Fleet Manager allows you to view the health and performance status of your entire fleet from one console. You can also collect data from individual devices and instances and perform common troubleshooting and management tasks from the console. This includes viewing the contents of directories and files, managing the Windows registry, managing operating system users, and more.

• Inventory 

Inventory automates the process of collecting software inventory from managed nodes. Inventory can be used to collect metadata about applications, files, components, patches, and more.

• Session Manager 

Use Session Manager to manage your edge devices and Amazon Elastic Compute Cloud (Amazon EC2) instances through an interactive browser-based one-click shell or the AWS CLI. Session Manager provides secure and auditable management of edge devices and instances without the need to open inbound ports, maintain bastion hosts, or manage SSH keys. Session Manager also helps you comply with corporate policies that require controlled access to edge devices and instances, strict security practices, and fully auditable logs that detail access to edge devices and instances. but it is cross-platform and easy to access with one click for the end user. Access to edge devices and EC2 instances. Advanced instance level must be enabled to use Session Manager. For more information, see Enabling Extended Instance Tiers.

• Run Command 

Use Run Command to manage managed node configurations remotely and securely at scale. Use Run Command to perform on-demand changes such as updating applications or running Linux shell scripts and Windows PowerShell commands on a target set of tens or hundreds of managed nodes.

• State Manager 

Use State Manager to automate the process of keeping managed nodes in defined states. State Manager can be used to ensure that managed nodes start with specific software on startup, join a Windows domain (Windows Server nodes only), or be patched with specific software updates. I can do it.

• Patch Manager 

Use Patch Manager to automate the process of applying security and other types of updates to managed nodes. You can use Patch Manager to patch operating systems and applications. (On Windows Server, application support is limited to application updates released by Microsoft.)

This feature scans managed nodes for missing patches and updates that Can be applied individually or too large groups of managed nodes using tags. Patch Manager uses patch baselines. This includes rules for automatically approving patches within days of their release, and a list of approved and rejected patches. By scheduling patching to run as a Systems Manager maintenance window task, you can install security patches on a regular basis or patch managed nodes at any time as needed.

For Linux operating systems, you can define a repository to use for patch operations as part of a patch baseline. This allows you to ensure that updates are installed only from trusted repositories, regardless of which repositories are configured on the managed node. For Linux, you can also update any package on managed nodes, not just those classified as OS security updates. You can also generate a patch report that will be sent to an S3 bucket of your choice. For a single managed node, the report contains details of all patches on the machine. For the All-Managed Nodes report, only a summary of missing patches is provided

• Distributor 

Use the dispatcher to create packages and deploy them to managed nodes. Distributor allows you to package software or find AWS-provided agent software packages, such as AmazonCloudWatchAgent, to install on nodes managed by the Systems Manager. After installing a package for the first time, you can use the distributor to uninstall and reinstall newer package versions, or to perform in-place updates that add new or changed files. Distributors publish resources such as B. Software packages on nodes managed by the Systems Manager.

• Hybrid Activations 

To set up your servers and VMs as managed instances in a hybrid environment, create a managed instance activation. Once activated, you will receive an activation code and ID. This code/ID combination works like an Amazon Elastic Compute Cloud (Amazon EC2) access ID and secret key to provide secure access to the Systems Manager service from your managed instances.

Operations Management 

• Incident Manager

Incident Manager is an incident management console that helps users mitigate and resolve incidents affecting their AWS-hosted applications.

Incident Manager improves incident resolution by notifying responders of impact, highlighting relevant troubleshooting data, and providing collaboration tools to get service back up and running. Incident Manager also automates response planning and enables response team escalation.

• Explorer

Explorer is a customizable operational dashboard that reports information about your AWS resources. Explorer presents an aggregated view of operational data (OpsData) across AWS accounts and AWS Regions. In Explorer, OpsData contains metadata about Amazon EC2 instances, patch compliance details, and operational work items (OpsItems). Explorer provides context on how OpsItems are distributed across business units or applications, how they evolve over time, and how they change by category. You can group and filter information in the explorer to focus on items that are relevant to you and require action. If you identify high-priority issues, you can use OpsCenter, a feature of Systems Manager, to run automation runbooks and troubleshoot those issues.

• OpsCenter

OpsCenter provides a central location for operations engineers and IT professionals to view, investigate, and resolve operational work items (OpsItems) related to AWS resources. OpsCenter is designed to reduce mean time to resolution for issues affecting your AWS resources. This Systems Manager feature aggregates and standardizes his OpsItems across services and provides contextual investigation data about each OpsItem, his related OpsItems, and related resources. OpsCenter also provides Systems Manager Automation Runbooks that you can use to troubleshoot issues. You can specify custom data that can be searched for each OpsItem. You can also view auto-generated summary reports on OpsItems by status and source.

• CloudWatch Dashboards

Amazon CloudWatch dashboards are customizable pages in the CloudWatch console that allow you to monitor your resources in a single view, even if they are spread across different regions. You can use CloudWatch dashboards to create custom views of your AWS resources' metrics and alarms.