AWS Systems Manager Operations


AWS Control Tower
AWS Control Tower
PREVIEW19m 56s
Automating Patch and State Operations with AWS Systems Manager
Manage Instances using the AWS Systems Manager Run Command, Documents, & Parameter Store

The course is part of this learning path

Start course
1h 50m

This course covers the core learning objective to meet the requirements of the 'Architecting for Management & Governance in AWS - Level 3' skill

Learning Objectives:


  • Analyze how to design a multi-account AWS environment for complex organizations
  • Analyze an effective patch management strategy for your AWS resources
  • Analyze the most effective and appropriate logging and monitoring strategy for multiple resources
  • Evaluate an appropriate AWS offering(s) to enable configuration management automation

Once you configure a managed instance by having the systems manager agent configured and you have assigned a systems manager access role, you can go to the Systems Manager console and under the “Node Management” section you will see the “Fleet Manager” feature. 

All your managed instances will be displayed in this console. Fleet Manager will give you visibility into the details of each managed instance including Instance ID, Platform Type, Instance Type, OS Name, IP Address, and SSM Agent version among others. 

Being able to see your managed instance fleet on a single display is very useful.  

Under the “Node Management” section of Systems Manager, you will notice the session manager feature.  The session manager is a fully managed capability that lets you connect to any managed instance using an interactive browser shell login for Linux, Windows, and MacOS instances. 

It requires no open inbound ports and no need to manage bastion hosts or SSH keys for connectivity to your instances. 

You also don’t need SSH clients for Linux or RDP clients for windows when using Session Manager. Communication between session manager and instances is secure and session manager tracks all commands and output produced in a session that can be dispatched to CloudTrail, CloudWatch, or an Amazon S3 bucket as a result.


About the Author
Jorge Negrón
AWS Content Architect
Learning Paths

Experienced in architecture and delivery of cloud-based solutions, the development, and delivery of technical training, defining requirements, use cases, and validating architectures for results. Excellent leadership, communication, and presentation skills with attention to details. Hands-on administration/development experience with the ability to mentor and train current & emerging technologies, (Cloud, ML, IoT, Microservices, Big Data & Analytics).