AWS Systems Manager Documentation

AWS Systems Manager allows you to centralize operational data from multiple AWS services and manage tasks across your AWS resources. You can create logical groups of resources such as applications, different layers of an application stack, or production versus development environments. With Systems Manager, you can select a resource group and view its recent API activity, resource configuration changes, related notifications, operational alerts, software inventory, and patch compliance status. You can also act on each resource group depending on your operational needs. Systems Manager provides a central place to view and manage your AWS resources, so you can have visibility and control over your operations.

Explorer

AWS Systems Manager Explorer is a customizable dashboard, providing key insights and analysis into the operational health and performance of your AWS environment. Explorer is designed to aggregate operational data from across AWS accounts and AWS Regions to help you prioritize and identify where action may be required.

OpsCenter

OpsCenter provides a central location where operations engineers and IT professionals can view, investigate, and resolve operational issues related to AWS resources. OpsCenter is designed to aggregate and standardize operational issues, referred to as OpsItems, while providing contextually relevant data that helps with diagnosis and remediation. Engineers working on an OpsItem get access to information such as:
 
Event, resource and account details
Past OpsItems with similar characteristics
Related AWS Config changes
AWS CloudTrail logs
Amazon CloudWatch alarms
Stack information
Other quick-links to access logs and metrics
List of runbooks and recommended runbooks
Other information passed to OpsCenter through AWS services
 
This information helps engineers to investigate and remediate operational issues faster. Engineers can use OpsCenter to view and address issues using the Systems Manager console or via the Systems Manager OpsCenter APIs.

Incident Manager

AWS Systems Manager Incident Manager enables faster resolution of critical application availability and performance issues. It helps you prepare for incidents with response plans that bring the right people and information together. With Incident Manager, you can act when a critical issue is detected by an Amazon CloudWatch alarm or Amazon Eventbridge event. Incident Manager is designed to execute pre-configured response plans to engage responders via SMS and phone calls, link designated chat channels using AWS Chatbot, and execute AWS Systems Manager Automation runbooks. Incident Manager helps you improve service reliability by suggesting post-incident action items, such as automating a runbook step or adding a new alarm, based on Amazon’s post-incident analysis template.

Application Manager

AWS Systems Manager Application Manager helps you investigate and remediate issues with your AWS resources in the context of your applications. With Application Manager, you can discover and/or define your application components, view operations data (e.g. deployment status, Amazon CloudWatch alarms, resource configurations, and operational issues) in the context of an application, and perform remedial actions such as patching and running Automation runbooks. This helps improve operational workflows for your applications and avoids the need to use different consoles to investigate and remediate operational issues. You can use Application Manager to view data and alarms and act on your existing container clusters in Amazon ECS and EKS environments. Additionally, you can also manage the full lifecycle of your AWS CloudFormation templates and stacks from within the Application Manager console.

AppConfig

AWS AppConfig helps you deploy application configuration in a managed and a monitored way just like code deployments, but without the need to deploy the code if a configuration value changes. AWS AppConfig is designed to scale with your infrastructure so you can deploy configurations to any number of Amazon EC2 instances, containers, AWS Lambda functions, mobile apps, IoT devices or on-premises instances. AWS AppConfig enables you to update configurations by entering changes through the API or Console. AWS AppConfig allows you to validate those changes semantically and syntactically to ensure configurations are aligned to their respective applications’ expectation, thus enabling you to help prevent potential outages. You can deploy your application configurations with similar best practices as code deployments, including staging roll-outs, monitoring alarms, and roll back changes should an error occur.

Parameter Store

AWS Systems Manager provides a centralized store to manage your configuration data, whether plain-text data such as database strings, or secrets such as passwords. This allows you to separate your secrets and configuration data from your code. Parameters can be tagged and organized into hierarchies, helping you manage parameters more easily. For example, you can use the same parameter name, "db-string", with a different hierarchical path, "dev/db-string” or “prod/db-string", to store different values. Systems Manager is integrated with AWS Key Management Service (KMS), allowing you to encrypt the data you store. You can also control user and resource access to parameters using AWS Identity and Access Management (IAM). Parameters can be referenced through other AWS services, such as Amazon Elastic Container Service, AWS Lambda, and AWS CloudFormation.

Change Manager

AWS Systems Manager Change Manager is designed to simplify the way you request, approve, implement, and report on operational changes to your application configuration and infrastructure on AWS and on-premises. With Change Manager, you can use pre-approved change workflows to help avoid unintentional results when making operational changes. Change Manager helps you safely implement changes, while helping you to detect schedule conflicts with important business events and notify impacted approvers. Using Change Manager’s change reports, you can monitor progress and audit operational changes across your organization, providing improved visibility and accountability.

Automation

AWS Systems Manager is designed to help you to safely automate common and repetitive IT operations and management tasks. With Systems Manager Automation, you can use predefined playbooks, or you can build, run, and share wiki-style automated playbooks to enable AWS resource management across multiple accounts and AWS Regions. You can execute Python or PowerShell scripts as part of a playbook in combination with other automation actions such as approvals, AWS API calls, or running commands on your EC2 instances. The service is designed so these playbooks can be scheduled in a maintenance window, triggered based on changes to AWS resources through Amazon CloudWatch Events, or executed directly through the AWS Management Console, CLIs, and SDKs. You can track the execution of each step in a playbook, require approvals, incrementally roll out changes, and halt the roll out if errors occur.

Maintenance Windows

AWS Systems Manager lets you schedule windows of time to run administrative and maintenance tasks across your instances. This helps you to select a convenient and safe time to install patches and updates or make other configuration changes, improving the availability and reliability of your services and applications.

Fleet Manager

AWS Systems Manager Fleet Manager is designed to streamline your remote server management process. With Fleet Manager, you can manage and troubleshoot your fleet of servers running on AWS and on-premises. You can drill down to individual servers to perform common troubleshooting and management tasks using a centralized graphical user interface. Perform a variety of system administration tasks, including disk and file exploration, log management, Windows Registry operations, and user management, without needing to remotely connect to your virtual machines, saving your administrators time and effort.

Compliance

AWS Systems Manager is designed to aggregate and display operational data for each resource group through a dashboard. Systems Manager eliminates the need for you to navigate across multiple AWS consoles to view your operational data. With Systems Manager you can view API call logs from AWS CloudTrail, resource configuration changes from AWS Config, software inventory, and patch compliance status by resource group. You can also integrate your AWS CloudWatch Dashboards, AWS Trusted Advisor notifications, and AWS Personal Health Dashboard performance and availability alerts into your Systems Manager dashboard. Systems Manager centralizes relevant operational data, to help you view your infrastructure compliance and performance.

Inventory

AWS Systems Manager helps you collect information about your instances and the software installed on them, so you can better understand your system configurations and installed applications. You can collect data about applications, files, network configurations, Windows services, registries, server roles, updates, and any other system properties. The gathered data enables you to manage application assets, track licenses, monitor file integrity, discover applications not installed by a traditional installer, and more.

Session Manager

AWS Systems Manager provides a browser-based interactive shell and CLI for managing Windows and Linux EC2 instances, without the need to open inbound ports, manage SSH keys, or use bastion hosts. Administrators can grant and revoke access to instances through a central location by using AWS Identity and Access Management (IAM) policies. This helps you to control which users can access each instance, including the option to provide non-root access to specified users. The service is designed so that once access is provided, you can audit which user accessed an instance and log each command to Amazon S3 or Amazon Cloud Watch Logs using AWS CloudTrail.

Run Command

AWS Systems Manager is designed to help you safely and securely remotely manage your instances at scale without logging into your servers, replacing the need for bastion hosts, SSH, or remote PowerShell. It provides a simple way of managing common administrative tasks across groups of instances such as registry edits, user management, and software and patch installations. Through integration with AWS Identity and Access Management (IAM), you can apply granular permissions to help you control the actions users can perform on instances. The service is designed so that all actions taken with Systems Manager are recorded by AWS CloudTrail, allowing you to audit changes throughout your environment.

State Manager

AWS Systems Manager provides configuration management, which helps you maintain consistent configuration of your Amazon EC2 or on-premises instances. AWS Systems Manager is designed to help you control configuration details such as server configurations, anti-virus definitions, firewall settings, and more. You can define configuration policies for your servers through the AWS Management Console or use existing scripts, PowerShell modules, or Ansible playbooks directly from GitHub or Amazon S3 buckets. AWS Systems Manager is designed to apply your configurations across your instances at a time and frequency that you define. You can query AWS Systems Manager at any time to help you view the status of your instance configurations, giving you on-demand visibility into your compliance status.

Patch Manager

AWS Systems Manager helps you select and deploy operating system and software patches across large groups of Amazon EC2 or on-premises instances. Through patch baselines, you can set rules designed to approve select categories of patches to be installed, such as operating system or high severity patches, and you can specify a list of patches that override these rules and are approved or rejected. You can also schedule maintenance windows for your patches so that they are only applied during preset times. AWS Systems Manager helps you ensure that your software is up-to-date and meets your compliance policies.

Distributor

AWS Systems Manager helps you securely distribute and install software packages, such as software agents. Systems Manager Distributor is designed to help you centrally store and systematically distribute software packages while you maintain control over versioning. You can use Distributor to create and distribute software packages and then install them using Systems Manager Run Command and State Manager. Distributor can also use Identity and Access Management (IAM) policies to control who can create or update packages in your account. You can use the existing IAM policy support for Systems Manager Run Command and State Manager to help you define who can install packages on your hosts.

Connect with ITSM / ITOM Software

IT Service Management (ITSM) tools, such as Jira Service Desk, can connect with AWS Systems Manager to make it easier for ITSM platform users to manage AWS resources. These AWS Service Management Connectors provide Jira Service Desk administrators governance and oversight over AWS products.

Additional Information

For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see https://docs.aws.amazon.com/index.html. This additional information does not form part of the Documentation for purposes of the AWS Customer Agreement available at http://aws.amazon.com/agreement, or other agreement between you and AWS governing your use of AWS’s services.