What does this AWS Solution do?

Amazon Web Services (AWS) customers who own a fleet of servers are sometimes unsure of how to best automate their fleet management for operational efficiency and maintenance. AWS Systems Manager provides a unified user interface so customers can view operational data from multiple AWS services, and allows customers to automate operational tasks across your AWS resources.

To help customers more easily leverage the capabilities of Systems Manager, AWS offers the Server Fleet Management at Scale solution. This solution combines Systems Manager with Amazon Inspector, an automated security assessment service, to help simplify software inventory management, OS patch compliance, and security vulnerability assessments on managed instances.

AWS Solution overview

The Server Fleet Management at Scale solution allows you to automate maintenance and deployment tasks, or automatically apply patches, updates, and configuration changes across any resource group. The solution also allows you to deploy a sample fleet of servers for testing. The diagram below presents the architecture you can deploy in minutes using the solution's implementation guide and accompanying AWS CloudFormation template.

server-fleet-management-at-scale-architecture
 Click to enlarge

Server Fleet Management at Scale architecture

An Amazon CloudWatch event triggers Amazon Inspector to run daily security assessments on your fleet of Amazon Elastic Compute Cloud (Amazon EC2) instances. Amazon Inspector defines the rules packages for assessments and identifies the target Amazon EC2 instances for assessment runs.

Amazon Inspector also publishes a message to an Amazon Simple Notification Service (Amazon SNS) topic that has two subscribers; an AWS Lambda function, and the provided email address. The Lambda function queries Amazon Inspector for the agent IDs of the agents within the assessment run and publishes the IDs to a second Amazon SNS topic.

Server Fleet Management at Scale

Version 1.0.1
Last updated: 06/2018
Author: AWS

Estimated deployment time: 4 min

Source code  CloudFormation template 

Features

Patch management

AWS Systems Manager adds your servers to a patch management regiment to ensure the servers are patched regularly.

Security

The solution leverages Amazon Inspector to run security assessments on your instances and produce findings for you to review and remediate.

Maintenance scheduling

You can define routine maintenance tasks that will run against a set of instances on a weekly schedule.

Automation

AWS CloudFormation automatically launches and configures the components necessary to automate server maintenance and deployment tasks.
Product-Page_Standard-Icons_01_Product-Features_SqInk
Explore all AWS Solutions

Browse our portfolio of AWS-built solutions to common architectural problems.

Learn more 
Next-Steps-Icon_Find-a-Partner-B
Find a Partner

Find AWS certified consulting and technology partners to help you get started.

Learn more 
Product-Page_Standard-Icons_03_Start-Building_SqInk
Start building in the console

Sign-up and start exploring our services.

Get started