AWS Systems Manager is the operations hub for your AWS applications and resources and a secure end-to-end management solution for hybrid and multicloud environments that enables secure operations at scale.
AWS Systems Manager gives you visibility and control of your infrastructure on AWS. Systems Manager provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources.
With Systems Manager, you can group resources, like Amazon EC2 instances, Amazon S3 buckets, or Amazon RDS instances, by application, view operational data for monitoring and troubleshooting, and take action on your groups of resources.
How Systems Manager works
Access Systems Manager – Use one of the available options for accessing Systems Manager.
Choose a Systems Manager capability – Select a capability to perform the desired action on your resources.
Verification and processing – Systems Manager checks IAM permissions. If targeting a managed node, the SSM Agent executes the action. For other resources, Systems Manager or associated AWS services perform the action.
Reporting – Systems Manager, SSM Agent, and related AWS services report status. Systems Manager can forward these details to other AWS services if configured.
Systems Manager operations management capabilities – If enabled, tools like Explorer, OpsCenter, and Incident Manager aggregate operations data, create OpsItems and incidents, and provide insights and automated remediation for issues.
AWS Systems Manager Parameter Store
AWS Systems Manager Parameter Store provides secure, hierarchical storage for configuration data management and secrets management. You can store data such as passwords, database connection strings, and license codes as parameter values. You can store values as plain text or encrypted data using AWS Key Management Service (KMS). You can then reference values by using the unique name that you specified when you created the parameter.
AWS Systems Manager with SSM Agent
The Systems Manager Agent (SSM Agent) is an Amazon software agent that runs on your Amazon EC2 instances and your hybrid instances that are configured for Systems Manager. The agent processes requests from the Systems Manager service in the cloud and configures your machine as specified in the request. The agent sends status and execution information back to the Systems Manager service by using the Amazon EC2 Instance Metadata Service (service prefix: ec2messages).
What’s important to know about AWS Systems Manager
- AWS Systems Manager is a collection of capabilities that helps you automate management tasks such as collecting system inventory, applying operating system (OS) patches, automating the creation of Amazon Machine Images (AMIs), and configuring operating systems (OSs) and applications at scale.
- AWS Systems Manager simplifies resource and application management, shortens the time to detect and resolve operational problems, and makes it easy to operate and manage your infrastructure securely at scale.
- AWS Systems Manager helps you maintain security and compliance by scanning your managed instances for patch compliance and integrating with AWS Identity and Access Management (IAM) so you can control access to your resources.
What’s different AWS Systems Manager and AWS Secrets Manager
- AWS Systems Manager helps you manage your infrastructure and applications securely at scale, providing tools for automation, patching, and resource management.
- AWS Secrets Manager helps you protect access to your applications, services, and IT resources by managing secrets such as database credentials, API keys, and other sensitive information.
- AWS Systems Manager can’t rotate secrets stored in AWS Secrets Manager. To rotate secrets stored in AWS Secrets Manager, you can use AWS Lambda functions to automate the rotation process.