AWS Systems Manager のアイコン

AWS Systems Manager Essential2017年〜

An operations management service for centrally managing AWS resources and on-premises servers

About 3 min read

What It Does

AWS Systems Manager centrally manages and operates AWS resources and on-premises servers. It provides comprehensive infrastructure operations capabilities including EC2 instance patching, software installation, configuration changes, secure parameter storage, and operational task automation. Its agent-based architecture enables instance access without SSH or RDP, improving security.

Use Cases

Bulk OS patching for EC2 instances, secure storage and distribution of application settings and secrets, automated execution of operational runbooks, inventory collection and compliance verification, and secure remote access via Session Manager.

Everyday Analogy

Think of a building management company. It handles equipment inspections (patching), key management (Parameter Store), and scheduled cleaning (maintenance tasks) across multiple buildings (servers) from a central office, monitoring all buildings remotely and dispatching work without on-site staff.

What Is Systems Manager?

AWS Systems Manager is a collection of services that centralize AWS resource operations management. It comprises 20+ capabilities including patch management, parameter management, session management, automation, and inventory collection. Beyond EC2 instances, on-premises servers and servers on other clouds can be managed by installing the SSM Agent.

Key Features

Among Systems Manager's key features, Parameter Store securely stores and distributes application settings and database connection strings. Patch Manager automates OS patching for EC2 instances and maintains patch compliance. Session Manager provides browser-based instance access without SSH key management, eliminating the need to open port 22 in security groups. Run Command executes commands across multiple instances at once.

Automation and Runbooks

The Automation feature lets you define operational procedures as runbooks and execute them automatically. Codify routine tasks like AMI creation, instance restarts, and EBS snapshot creation for reproducibility. Use 100+ pre-built runbooks from AWS or write custom ones in YAML. Combined with EventBridge, you can trigger runbooks automatically on specific events. For practical knowledge on automation and runbooks, related books on Amazon are helpful.

Pricing

Many Systems Manager features are free. Standard parameters in Parameter Store, Session Manager, Run Command, and basic Patch Manager functionality are available at no additional cost. Some advanced features like advanced parameters (over 4KB, parameter policies), OpsCenter OpsItems, and Change Manager change requests incur pay-per-use charges.

Things to Watch Out For

  • SSM Agent is pre-installed on Amazon Linux 2 and Windows Server AMIs, but requires manual installation on other operating systems
  • Standard parameters in Parameter Store are free but lack automatic rotation compared to Secrets Manager - choose based on your secret management needs
共有するXB!

Related Services

Amazon EC2 iconAmazon EC2A compute service that provides virtual servers in the cloudAmazon CloudWatch iconAmazon CloudWatchA service that provides monitoring, log management, and alarms for AWS resources and applicationsAWS Config iconAWS ConfigA service that records and evaluates AWS resource configuration changes and continuously monitors compliance

Related Articles

Implementing Feature Flags with AWS AppConfig - Safe Configuration Deployment and RollbackRoll out configuration changes independently from code deployments using Linear and Exponential strategies. Ensure safety with automatic rollback triggered by CloudWatch alarms.Chaos Engineering in Practice - Verifying Fault Tolerance with AWS Fault Injection SimulatorLearn about practicing chaos engineering with AWS Fault Injection Simulator (FIS). Covers designing fault injection scenarios, injecting faults into EC2, ECS, and RDS, and conducting safe experiments.Continuous Compliance Monitoring with AWS Config - Rule Evaluation and Auto-RemediationLearn how to record resource configurations with AWS Config, evaluate compliance using Config rules, and set up auto-remediation actions.Automating AMI Pipelines with EC2 Image Builder - Building and Testing Golden ImagesAutomate your golden AMI build pipeline from component creation and security hardening tests to multi-account distribution with EC2 Image Builder.Fleet Management with AWS Systems Manager - Automating Patch Management, Inventory, and Run CommandAutomate patch management with Patch Manager, streamline remote operations with Run Command, and enable SSH-free shell access with Session Manager.

More in This Category

AWS AppFabric iconAWS AppFabric NewA service that standardizes and aggregates audit logs from SaaS applicationsAWS AppConfig iconAWS AppConfig SpecializedA service for safely deploying and managing application configurationAWS Chatbot iconAWS Chatbot SpecializedAn interactive agent that delivers AWS notifications and enables resource operations through Slack and Microsoft TeamsAWS CloudFormation iconAWS CloudFormation EssentialAn IaC service that defines and provisions AWS resources as code using templatesAWS CloudTrail iconAWS CloudTrail EssentialA service that records and monitors API activity in your AWS accountAmazon CloudWatch iconAmazon CloudWatch EssentialA service that provides monitoring, log management, and alarms for AWS resources and applicationsAWS Config iconAWS Config PopularA service that records and evaluates AWS resource configuration changes and continuously monitors complianceAWS Control Tower iconAWS Control Tower PopularA service that automates multi-account environment setup and governance

Similar Articles and Services

AWS Systems Manager Operational Automation - A Unified Operations Platform from Patch Management to Session ManagementExplain the advantages of AWS Systems Manager as a unified operational automation platform, focusing on Patch Manager, Inventory, Run Command, and Session Manager, compared with Azure Automation.AWS Systems ManagerA service that centralizes operational management of EC2 instances and on-premises servers, enabling patch application, command execution, parameter management, and session connections securely without SSHStreamlining Systems Operations - Building a Unified Operations Platform with Systems ManagerLearn how to design systems operations management with AWS Systems Manager, including patch management, Parameter Store, and operational automation using Run Command.Fleet Management with AWS Systems Manager - Automating Patch Management, Inventory, and Run CommandAutomate patch management with Patch Manager, streamline remote operations with Run Command, and enable SSH-free shell access with Session Manager.Managing Configuration and Secrets with AWS Systems Manager Parameter Store - Hierarchical Structure and EncryptionLearn how to manage configuration values and secrets with Parameter Store, design hierarchical parameter structures, and choose between Parameter Store and Secrets Manager.