Basic Systems Manager Setup


AWS Control Tower
AWS Control Tower
PREVIEW19m 56s
Automating Patch and State Operations with AWS Systems Manager
Manage Instances using the AWS Systems Manager Run Command, Documents, & Parameter Store

The course is part of this learning path

Basic Systems Manager Setup
1h 50m

This course covers the core learning objective to meet the requirements of the 'Architecting for Management & Governance in AWS - Level 3' skill

Learning Objectives:


  • Analyze how to design a multi-account AWS environment for complex organizations
  • Analyze an effective patch management strategy for your AWS resources
  • Analyze the most effective and appropriate logging and monitoring strategy for multiple resources
  • Evaluate an appropriate AWS offering(s) to enable configuration management automation

Basic Systems Manager setup. Systems Manager is a collection of services you can use to manage any number of instances securely and efficiently. With Systems Manager, you can securely connect to your instances, perform manual work, collect software inventory, collect patch and compliance status, make resource configuration changes and execute any modification needed to establish the desired state for instances independently of the size of your fleet. Systems Manager puts all your relevant operational data into a single view of your infrastructure for performance and compliance.

Central to the operation of Systems Manager is the Systems Manager Agent. This is a software component which is required to be installed and configured on each machine in order to be considered a managed instance. A managed instance is a machine with the ability to communicate with Systems Manager and satisfies the following three requirements.

Number one, the Systems Manager Agent has been installed and configured. The agent executes and processes the task that you specify through any of the Systems Manager features like the run command. This is an essential requirement component.

Number two, a role with the permissions needed has been defined and associated with the instance. The preexisting policy Amazon EC2 role for SSM defines the permissions and access controls between EC2 instances and Systems Manager. You can also use the policy called Amazon SSM Managed Instance Core.

The third requirement in order to set up a managed instance is that the instance needs to have access to the public Systems Manager access point. And this is done using an internet gateway for instances in a public subnet or a VPC endpoint for instances on private subnets. With these requirements in place, we get to be able to use Systems Manager features to handle our fleet of instances.

Once again, the Systems Manager Agent needs to be installed. The instances need corresponding access permissions enabled using a role. And the instance has to have access to the public Systems Manager endpoint. That's the basic Systems Manager instance setup.

About the Author
Jorge Negrón
AWS Content Architect
Learning Paths

Experienced in architecture and delivery of cloud-based solutions, the development, and delivery of technical training, defining requirements, use cases, and validating architectures for results. Excellent leadership, communication, and presentation skills with attention to details. Hands-on administration/development experience with the ability to mentor and train current & emerging technologies, (Cloud, ML, IoT, Microservices, Big Data & Analytics).