Server Fleet Management at Scale

Amazon Web Services (AWS) customers who own a fleet of servers are sometimes unsure of how to best automate their fleet management for operational efficiency and maintenance. AWS Systems Manager provides a unified user interface so customers can view operational data from multiple AWS services, and allows customers to automate operational tasks across your AWS resources.

Server Fleet Management at Scale provides guidance to help customers more easily leverage the capabilities of Systems Manager at scale. This Guidance combines Systems Manager with Amazon Inspector, an automated security assessment service, to help simplify software inventory management, OS patch compliance, and security vulnerability assessments on managed instances.


Server Fleet Management at Scale allows you to automate maintenance and deployment tasks, or automatically apply patches, updates, and configuration changes across any resource group. It allows you to deploy a sample fleet of servers for testing. The diagram below presents the architecture you can build using the example code on GitHub.

Server Fleet Management at Scale architecture

An Amazon CloudWatch event invokes Amazon Inspector to run daily security assessments on your fleet of Amazon Elastic Compute Cloud (Amazon EC2) instances. Amazon Inspector defines the rules packages for assessments and identifies the target Amazon EC2 instances for assessment runs.

Amazon Inspector also publishes a message to an Amazon Simple Notification Service (Amazon SNS) topic that has two subscribers; an AWS Lambda function, and the provided email address. The Lambda function queries Amazon Inspector for the agent IDs of the agents within the assessment run and publishes the IDs to a second Amazon SNS topic.

Server Fleet Management at Scale

Version 1.1.1
Last updated: 12/2019
Author: AWS

Additional resources

Did this Guidance help you?
Provide feedback 


Patch management

AWS Systems Manager adds your servers to a patch management regiment to ensure the servers are patched regularly.

Maintenance scheduling

You can define routine maintenance tasks that will run against a set of instances on a weekly schedule.


The Guidance leverages Amazon Inspector to run security assessments on your instances and produce findings for you to review and remediate.
Build icon
Deploy an AWS Solution yourself

Browse our library of AWS Solutions to get answers to common architectural problems.

Learn more 
Find an APN partner
Find an AWS Partner Solution

Find AWS Partners to help you get started.

Learn more 
Explore icon
Explore Guidance

Find prescriptive architectural diagrams, sample code, and technical content for common use cases.

Learn more