Managing Resource Groups
Start course

In this course, you will be introduced to AWS Systems Manager and learn how the Systems Manager service helps you automatically implement complex workflows related to your machine setup, maintenance, and life cycle. It also covers Systems Manager features including requirements and building blocks like the Systems Manager Agent, Resource Groups, Instance Roles, Hybrid Activations, Fleet Manager, and Session Manager.

Learning Objectives

  • Learn what Systems Manager can do in terms of features and capabilities
  • Understand the conditions and requirements to use Systems Manager effectively for your daily maintenance and machine life cycle management

Intended Audience

  • Architects, developers, system operators, and administrators looking for a unified, consistent, reliable, scalable, and secure way to automate their machine maintenance workflows
  • Anyone studying for the Solutions Architect Associate Certification Exam and the SysOps Administrator Associate Certification Exam


In order to get the most out of this course, you should meet the requirements for the cloud practitioner certification and preferably one of the AWS associate-level certifications.



Systems Manager includes over 20 features and integrations, each with their own capabilities and functionality. Some of them are the Fleet Manager, Session Manager, Run Command, Parameter Store, Patch Manager, and State Manager, among others. Most of these features use Systems Manager documents to define the operations to be performed. They also use Maintenance Windows to define the date and time when those operations can take place. Together, they provide you a comprehensive dashboard and essential tools to set up and manage the life cycle of your instances. You can manage inventory and patch assets, run commands and manage desired state, and even securely connect to EC2 instances in private subnets.

In general, using Systems Manager entails grouping your AWS resources, examining their relevant operational data via dashboards, and finally, take action to mitigate any issues reported. The instances to be operated can be selected using one of three general mechanisms. The first one is manually. This is where you select the instances that you want to register as targets individually, using the Systems Manager console. You can also use instance tags where you specify one or more tag key-value pairs to select the instances that share those tags. You can then save the results as a Resource Group to execute operations on the same set of instances in the future.

Finally, you can use Resource Groups where you can perform a query based on existing resource tags or choose an existing Resource Group that already includes the instances you want to target. Systems Manager operates on logical units of managed instances via Resource Groups. This is the most powerful way to define your targets for AWS Systems Manager to operate. In general, if you work across a range of different AWS resources that are related, AWS Resource Groups can help you organize them for better visibility and aggregation in terms of management, ownership and categories.

Resource Groups begin their life by defining common tags with key-value pairs describing the items in the categorization. A Resource Group is a collection of AWS resources in the same region that match a particular description. Resource Groups can be tag based, which represent a group of resources as being part of a development tier, production tier, a specific owner, a department, or dedicated for a particular project among many other possible categories. Systems Manager can also operate on Resource Groups that are based on CloudFormation stacks. These groups are resources created by the same CloudFormation stack in a particular region. The Resource Group will have the same logical structure as the stack. Systems Manager and Resource Groups allow you to create custom consoles that show organized and consolidated information about Resource Groups, and offer helpful visibility for operation and management.

As a default, the AWS Management Console shows resources organized by service category, as you may have already observed in the EC2 Management Console. The Tag Editor allows you to define tags and what will become a Resource Group. It allows for bulk editing and application of tags to resources in a specific region. The Tag Policy Editor can help enforce tagging across your resources in a particular account or the entire organization. You can manage Resource Groups and find the Tag Editor under the AWS Resource Group service in the Management Tools sections of your AWS Console. Also, as you provision resources on the console, a section of the provisioning will always permit you to define tags.

As you may have noticed, establishing the best practice of tagging your resources becomes essential in order for you to use and take advantage of the features of Systems Manager. As you build your fleet of instances, it is important to catalog these resources using tags. Later, it becomes significantly easier to group them and operate on them using Systems Manager.

About the Author
Jorge Negrón
AWS Content Architect
Learning Paths

Experienced in architecture and delivery of cloud-based solutions, the development, and delivery of technical training, defining requirements, use cases, and validating architectures for results. Excellent leadership, communication, and presentation skills with attention to details. Hands-on administration/development experience with the ability to mentor and train current & emerging technologies, (Cloud, ML, IoT, Microservices, Big Data & Analytics).