AWS Control Tower
Automating Patch and State Operations with AWS Systems Manager
Gain Operational Insights with Systems Manager
Manage Instances using the AWS Systems Manager Run Command, Documents, & Parameter Store
The course is part of this learning path
This course covers the core learning objective to meet the requirements of the 'Architecting for Management & Governance in AWS - Level 3' skill
- Analyze how to design a multi-account AWS environment for complex organizations
- Analyze an effective patch management strategy for your AWS resources
- Analyze the most effective and appropriate logging and monitoring strategy for multiple resources
- Evaluate an appropriate AWS offering(s) to enable configuration management automation
Systems Manager includes over 20 features and integrations, each with their own capabilities and functionality. Some of them are the Fleet Manager, Session Manager, Run Command, Parameter Store, Patch Manager, and State Manager, among others. Most of these features use Systems Manager documents to define the operations to be performed. They also use Maintenance Windows to define the date and time when those operations can take place. Together, they provide you a comprehensive dashboard and essential tools to set up and manage the life cycle of your instances. You can manage inventory and patch assets, run commands and manage desired state, and even securely connect to EC2 instances in private subnets.
In general, using Systems Manager entails grouping your AWS resources, examining their relevant operational data via dashboards, and finally, take action to mitigate any issues reported. The instances to be operated can be selected using one of three general mechanisms. The first one is manually. This is where you select the instances that you want to register as targets individually, using the Systems Manager console. You can also use instance tags where you specify one or more tag key-value pairs to select the instances that share those tags. You can then save the results as a Resource Group to execute operations on the same set of instances in the future.
Finally, you can use Resource Groups where you can perform a query based on existing resource tags or choose an existing Resource Group that already includes the instances you want to target. Systems Manager operates on logical units of managed instances via Resource Groups. This is the most powerful way to define your targets for AWS Systems Manager to operate. In general, if you work across a range of different AWS resources that are related, AWS Resource Groups can help you organize them for better visibility and aggregation in terms of management, ownership and categories.
Resource Groups begin their life by defining common tags with key-value pairs describing the items in the categorization. A Resource Group is a collection of AWS resources in the same region that match a particular description. Resource Groups can be tag based, which represent a group of resources as being part of a development tier, production tier, a specific owner, a department, or dedicated for a particular project among many other possible categories. Systems Manager can also operate on Resource Groups that are based on CloudFormation stacks. These groups are resources created by the same CloudFormation stack in a particular region. The Resource Group will have the same logical structure as the stack. Systems Manager and Resource Groups allow you to create custom consoles that show organized and consolidated information about Resource Groups, and offer helpful visibility for operation and management.
As a default, the AWS Management Console shows resources organized by service category, as you may have already observed in the EC2 Management Console. The Tag Editor allows you to define tags and what will become a Resource Group. It allows for bulk editing and application of tags to resources in a specific region. The Tag Policy Editor can help enforce tagging across your resources in a particular account or the entire organization. You can manage Resource Groups and find the Tag Editor under the AWS Resource Group service in the Management Tools sections of your AWS Console. Also, as you provision resources on the console, a section of the provisioning will always permit you to define tags.
As you may have noticed, establishing the best practice of tagging your resources becomes essential in order for you to use and take advantage of the features of Systems Manager. As you build your fleet of instances, it is important to catalog these resources using tags. Later, it becomes significantly easier to group them and operate on them using Systems Manager.
Experienced in architecture and delivery of cloud-based solutions, the development, and delivery of technical training, defining requirements, use cases, and validating architectures for results. Excellent leadership, communication, and presentation skills with attention to details. Hands-on administration/development experience with the ability to mentor and train current & emerging technologies, (Cloud, ML, IoT, Microservices, Big Data & Analytics).