State Manager
Start course
7h 20m

This course provides detail on the AWS Management & Governance services relevant to the AWS Certified DevOps Engineer - Professional exam.

Want more? Try a lab playground or do a Lab Challenge!

Learning Objectives

  • Learn how AWS AppConfig can reduce errors in configuration changes and prevent application downtime
  • Understand how the AWS Cloud Development Kit (CDK) can be used to model and provision application resources using common programming languages
  • Get a high-level understanding of Amazon CloudWatch
  • Learn about the features and use cases of the service
  • Create your own CloudWatch dashboard to monitor the items that are important to you
  • Understand how CloudWatch dashboards can be shared across accounts
  • Understand the cost structure of CloudWatch dashboards and the limitations of the service
  • Review how monitored metrics go into an ALARM state
  • Learn about the challenges of creating CloudWatch Alarms and the benefits of using machine learning in alarm management
  • Know how to create a CloudWatch Alarm using Anomaly Detection
  • Learn what types of metrics are suitable for use with Anomaly Detection
  • Create your own CloudWatch log subscription
  • Learn how AWS CloudTrail enables auditing and governance of your AWS account
  • Understand how Amazon CloudWatch Logs enables you to monitor and store your system, application, and custom log files
  • Explain what AWS CloudFormation is and what it’s used for
  • Determine the benefits of AWS CloudFormation
  • Understand what the core components are and what they are used for
  • Create a CloudFormation Stack using an existing AWS template
  • Learn what VPC flow logs are and what they are used for
  • Determine options for operating programmatically with AWS, including the AWS CLI, APIs, and SDKs
  • Learn about the capabilities of AWS Systems Manager for managing applications and infrastructure
  • Understand how AWS Secrets Manager can be used to securely encrypt application secrets

State Manager is the secure and scalable configuration management service feature of Systems Manager. State Manager allows you to control how configurations are applied. This could be firewall settings, ports that need to be shut down, or disabling services that are not being used. State Manager can be used to enforce enterprise-wide compliance by ensuring a desired state is continuously applied to your managed instances.

We can define State Manager policies using automation documents. There are several predefined documents we can leverage for common use cases, ensuring a desired state is continuously applied. You can configure network settings or bootstrap instances with software modules at startup. Using State Manager, you can maintain configuration consistency by reapplying configuration state and view configuration history. State Manager requires for you to create an association.

The State Manager association is a configuration that is assigned to your managed instances. The configuration defines the state that you want to maintain on those instances.

An association includes three parts. The first, a document that defines the state or what needs to get done, including optional runtime parameters. Number two, the target managed instances to apply the desired state. And finally, a schedule, the finding when the change is to take place. You can use configuration shell scripts, Ruby, and Python.

You can also use your existing configuration management tools like Ansible, Salt, or PowerShell with State Manager. State Manager quickly identifies and repairs compliant and noncompliant machines across multiple accounts, if needed. An association for a software component might run once a day. If the software is not installed, then State Manager installs it. If the software is installed, but the service is not running, then State Manager is instructed to start the service.

State Manager is supported as both an event type and a target type on Amazon EventBridge rules for you to be able to implement event-driven architectures. Finally, any API interaction sustained by State Manager is automatically sent to the CloudTrail. You can also send the outputs of commands to CloudWatch Logs or Amazon S3. Native integration with identity and access management allows you to define who will have access to State Manager and run configuration tasks.

About the Author
Learning Paths

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.

Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.