Amazon Web Services (AWS) customers who own a fleet of servers are sometimes unsure of how to best automate their fleet management for operational efficiency and maintenance. AWS Systems Manager provides a unified user interface so customers can view operational data from multiple AWS services, and allows customers to automate operational tasks across your AWS resources.
Server Fleet Management at Scale provides guidance to help customers more easily leverage the capabilities of Systems Manager at scale. This Guidance combines Systems Manager with Amazon Inspector, an automated security assessment service, to help simplify software inventory management, OS patch compliance, and security vulnerability assessments on managed instances.
Server Fleet Management at Scale allows you to automate maintenance and deployment tasks, or automatically apply patches, updates, and configuration changes across any resource group. It allows you to deploy a sample fleet of servers for testing. The diagram below presents the architecture you can build using the example code on GitHub.
Server Fleet Management at Scale architecture
An Amazon CloudWatch event invokes Amazon Inspector to run daily security assessments on your fleet of Amazon Elastic Compute Cloud (Amazon EC2) instances. Amazon Inspector defines the rules packages for assessments and identifies the target Amazon EC2 instances for assessment runs.
Amazon Inspector also publishes a message to an Amazon Simple Notification Service (Amazon SNS) topic that has two subscribers; an AWS Lambda function, and the provided email address. The Lambda function queries Amazon Inspector for the agent IDs of the agents within the assessment run and publishes the IDs to a second Amazon SNS topic.
Server Fleet Management at Scale
Last updated: 12/2019
Browse our library of AWS Solutions to get answers to common architectural problems.
Find AWS Partners to help you get started.
Find prescriptive architectural diagrams, sample code, and technical content for common use cases.