What does this AWS Solutions Implementation do?

Amazon Web Services (AWS) customers who own a fleet of servers are sometimes unsure of how to best automate their fleet management for operational efficiency and maintenance. AWS Systems Manager provides a unified user interface so customers can view operational data from multiple AWS services, and allows customers to automate operational tasks across your AWS resources.

To help customers more easily leverage the capabilities of Systems Manager, AWS offers the Server Fleet Management at Scale solution. This solution combines Systems Manager with Amazon Inspector, an automated security assessment service, to help simplify software inventory management, OS patch compliance, and security vulnerability assessments on managed instances.

AWS Solutions Implementation overview

The Server Fleet Management at Scale solution allows you to automate maintenance and deployment tasks, or automatically apply patches, updates, and configuration changes across any resource group. The solution also allows you to deploy a sample fleet of servers for testing. The diagram below presents the architecture you can deploy in minutes using the solution's implementation guide and accompanying AWS CloudFormation template.

Server Fleet Management at Scale | Architecture Diagram
 Click to enlarge

Server Fleet Management at Scale architecture

An Amazon CloudWatch event triggers Amazon Inspector to run daily security assessments on your fleet of Amazon Elastic Compute Cloud (Amazon EC2) instances. Amazon Inspector defines the rules packages for assessments and identifies the target Amazon EC2 instances for assessment runs.

Amazon Inspector also publishes a message to an Amazon Simple Notification Service (Amazon SNS) topic that has two subscribers; an AWS Lambda function, and the provided email address. The Lambda function queries Amazon Inspector for the agent IDs of the agents within the assessment run and publishes the IDs to a second Amazon SNS topic.

Server Fleet Management at Scale

Version 1.1.1
Last updated: 12/2019
Author: AWS

Estimated deployment time: 4 min

Use the button below to subscribe to solution updates.

Note: To subscribe to RSS updates, you must have an RSS plug-in enabled for the browser you are using. 

Did this Solutions Implementation help you?
Provide feedback 


Patch management

AWS Systems Manager adds your servers to a patch management regiment to ensure the servers are patched regularly.


The solution leverages Amazon Inspector to run security assessments on your instances and produce findings for you to review and remediate.

Maintenance scheduling

You can define routine maintenance tasks that will run against a set of instances on a weekly schedule.


AWS CloudFormation automatically launches and configures the components necessary to automate server maintenance and deployment tasks.
Build icon
Deploy a Solution yourself

Browse our library of AWS Solutions Implementations to get answers to common architectural problems.

Learn more 
Find an APN partner
Find an APN Partner

Find AWS certified consulting and technology partners to help you get started.

Learn more 
Explore icon
Explore Solutions Consulting Offers

Browse our portfolio of Consulting Offers to get AWS-vetted help with solution deployment.

Learn more