AWS Systems Manager

AWS Systems Manager (SSM) is a fully managed service helps to automate the management of your infrastructure at scale.

AWS Systems Manager offers a variety of tools that help manage and automate operations across AWS environments.

Explorer: Provides visibility into all AWS resources and operational data across multiple AWS accounts and Regions. Easily find and monitor and visualize operational data for faster issue detection and resolution.
Automation automate repetitive tasks using runbooks (predefined actions).
Run Command allows custom scripts to be executed, making it more versatile for third-party software updates. Can run ad-hoc commands across multiple instances to perform system maintenance or install updates.
Patch Manager optimized for OS patching (e.g., Linux, Windows) and is integrated with AWS systems.
State Manager
1. Automates the configuration of AWS resources and ensures compliance across AWS environments.
2. Configure and validate compliance with organizational standards by using operational runbooks.
Session Manager
1. Enables remote management of instances securely via the AWS Management Console without needing SSH access or VPN connections.
2. Connect securely to EC2 instances or on-premises servers for troubleshooting, debugging, or system management. Ideal for zero-trust environments where direct access to instances is restricted.
Parameter Store
1. Centralizes and securely manages configuration data such as secrets, credentials, or configuration settings.
2. Store and retrieve parameters via AWS applications, Lambda functions, EC2 instances, or other AWS services.
Event Manager
1. Proactively responds to operational issues by automating actions based on events detected from AWS resources.
2. Create automated responses to system events (such as changes in CPU usage or memory spikes) using AWS CloudWatch and SSM Automation.
Monitoring & Insights
1. Collects operational data from AWS resources (EC2 instances, RDS databases, etc.) to monitor system performance.
2. Gain insights into performance metrics and operational data from across your AWS environment using AWS CloudWatch.
Cost Management
1. Helps optimize and manage costs by providing visibility into AWS resource consumption.
2. Monitor resource usage, identify cost anomalies, and create cost optimization plans using AWS Cost Explorer integrated with SSM.

1. SSM vs Cloudwatch

AWS System Manger:
1. A centralized tool designed to automate the management and operational tasks of AWS resources.
2. It provides features like automation, patching, configuration management, secure remote access, and resource compliance enforcement.
AWS Cloudwatch:
1. A centralized tool for monitoring and logging AWS resources.
2. It collects and visualizes metrics, logs, and events from AWS services and applications, enabling performance monitoring and anomaly detection.

2. SSM Explorer vs Resource Explorer

Explorer provides operational insights and helps manage compliance, resource configurations, and issues.
Resource Explorer Provides a search and discovery tool to locate AWS resources efficiently, which can then be managed through tools like Explorer or other AWS services.

3. Question: AWS Run Command

A company has a production workload that runs on 1,000 Amazon EC2 Linux instances. The workload is powered by third-party software. The company needs to patch the third-party software on all EC2 instances as quickly as possible to remediate a critical security vulnerability. What should a solutions architect do to meet these requirements?

Create an AWS Lambda function to apply the patch to all EC2 instances.
Configure AWS Systems Manager Patch Manager to apply the patch to all EC2 instances.
Schedule an AWS Systems Manager maintenance window to apply the patch to all EC2 instances.
Use AWS Systems Manager Run Command to run a custom command that applies the patch to all EC2 instances.(Correct Ans)

Explanation: Allows custom scripts to be executed, making it more versatile for third-party software updates.