AWS Systems Manager Requirements and Building Blocks


DVA-C02 Introduction
Amazon CloudWatch
Anomaly Detection
PREVIEW14m 35s
Options for Operating Programmatically with AWS
AWS AppConfig
AWS Cloud Development Kit (CDK)

The course is part of this learning path

Start course
3h 58m

This course provides detail on the AWS Management & Governance services relevant to the AWS Certified Developer - Associate exam.

Want more? Try a lab playground or do a Lab Challenge!

Learning Objectives

  • Learn how AWS AppConfig can reduce errors in configuration changes and prevent application downtime
  • Understand how the AWS Cloud Development Kit (CDK) can be used to model and provision application resources using common programming languages
  • Get a high-level understanding of Amazon CloudWatch
  • Learn about the features and use cases of the service
  • Create your own CloudWatch dashboard to monitor the items that are important to you
  • Understand how CloudWatch dashboards can be shared across accounts
  • Understand the cost structure of CloudWatch dashboards and the limitations of the service
  • Review how monitored metrics go into an ALARM state
  • Learn about the challenges of creating CloudWatch Alarms and the benefits of using machine learning in alarm management
  • Know how to create a CloudWatch Alarm using Anomaly Detection
  • Learn what types of metrics are suitable for use with Anomaly Detection
  • Create your own CloudWatch log subscription
  • Learn how AWS CloudTrail enables auditing and governance of your AWS account
  • Understand how Amazon CloudWatch Logs enables you to monitor and store your system, application, and custom log files
  • Explain what AWS CloudFormation is and what it’s used for
  • Determine the benefits of AWS CloudFormation
  • Understand what each of the core components are and what they are used for
  • Create a CloudFormation Stack using an existing AWS template
  • Learn what VPC flow logs are and what they are used for
  • Determine options for operating programmatically with AWS, including the AWS CLI, APIs, and SDKs
  • Learn about the capabilities of AWS Systems Manager for managing applications and infrastructure
  • Understand how AWS Secrets Manager can be used to securely encrypt application secrets

AWS Systems Manager, Requirements and Building Blocks. The SSM Agent. AWS Systems Manager requires an agent for its management service. The Systems Manager Agent is the software required to be installed and configured on all instances in order for them to be called managed instances.

A managed instance is an instance with the ability to communicate and be operated by Systems Manager. The agent executes and process tasks you specify through any of the Systems Manager features, like the Run Command. The agent is installed by default on the Amazon Linux AMIs, the AWS Windows AMIs, and available on the Amazon Linux repo. The agent is open-sourced and available on GitHub. You can install the agent on a physical server or a virtual machine in your data center or even another cloud provider. You can manage Windows Server 2003 or later, and Linux distributions like Amazon Linux, Ubuntu, Red Hat Enterprise Linux, SUSE, and CentOS.

Managed Instance Roles. A managed instance will require an Identity and Access Management role applied as an instance profile in order for Systems Manager to be able to interact with the agent and make the instance visible in the Systems Manager Fleet Manager console. AWS provides pre-defined managed policies for Systems Manager. They usually have the acronym SSM as part of their name. One of them is called Amazon EC2 Role for SSM, which can save you time in the instance configuration. You can also create your own custom role if needed or use one of the many other SSM-related policies available. To register servers and virtual machines in your data center or other cloud providers outside the scope of Amazon EC2, you can create a hybrid activation and use the activation code and activation ID supplied to configure the agent and centrally manage your hybrid environment and EC2 instances from one location.

Fleet Manager Feature. Once you configure a managed instance, you can go to the Systems Manager console. And under the Node Management section, you will see the Fleet Manager feature. All your managed instances will be displayed in this console. Fleet Manager will give you visibility into the details of each managed instance, including Instance ID, Platform Type, Instance Type, Operating System name, IP Address, and the version of the SSM Agent that is installed among many other features. One interesting item about the Fleet Manager managed instance console is that under instance action, you can connect to the instance using the Session Manager feature of Systems Manager.

The Session Manager feature of Systems Manager is a fully-managed capability that lets you connect to any managed instance using an interactive browser shell login for Linux, Windows, and MacOS instances. It requires no open inbound ports and no need to manage bastion hosts or Secure Shell keys for connectivity to your instance. You also don't need Secure Shell clients for Linux, or Remote Desktop Protocol clients for Windows when using Session Manager. Communication between Session Manager and instances uses Transport Layer Security version 1.2, or TLS 1.2 for short. Security of the communication can be increased using your own Key Management Service keys. Session Manager tracks all commands and output produced in a session, and also provides full logging and session auditing activity that can be dispatched to CloudTrail, CloudWatch, or an Amazon S3 buckets as a result. Session Manager can control which users can access specific instances by using Identity and Access Management policies. It works through the interactive browser shell or using the AWS Command Line Interface.

About the Author
Learning Paths

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.

Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.