Systems Manager and Its Sub Services Overview

Welcome to this lesson on AWS Systems Manager and its extensive sub-services. AWS Systems Manager is a comprehensive management solution designed to help you efficiently manage your AWS resources—ranging from virtual machines and container worker nodes (ECS/EKS) to on-premises systems and IoT devices. This robust service addresses common operational challenges including compliance, inventory, and automation by offering a centralized control plane.

AWS Systems Manager supports the management of operating systems at scale. It features multiple sub-services such as State Manager, Change Calendar, Application Manager, Session Manager, and Incident Manager. In addition, it provides essential capabilities for automation, maintenance windows, patch management, application configuration, and secure storage through Parameter Store. Its flexibility allows you to manage AWS environments, on-premises data centers outfitted with the Systems Manager agent, and even systems deployed on other cloud platforms.

You can access Systems Manager via the AWS Management Console, command line interfaces, and SDKs. For example, the run command feature in combination with automation documents (which are defined using Systems Manager automation syntax) allows you to manage a fleet of EC2 instances within a VPC. This functionality covers a wide spectrum of operational tasks.

Among its sub-services, Session Manager stands out by enabling you to securely log into instances without the need for traditional jump boxes or open ports. By leveraging the Systems Manager (SSM) agent running on your instances, Session Manager simplifies secure access. Furthermore, Systems Manager centralizes inventory management, patching, and baseline settings through maintenance windows and patch groups, making it easy to group resources by operating system (Windows or Linux), application role, or geographical location. It also offers significant automation via SSM documents, similar in concept to Puppet Manifests, Chef Recipes, or Ansible Playbooks — albeit with a simplified approach.

For automatic secret rotation, AWS Secrets Manager is the recommended solution—an important distinction for exam preparation.

In addition to Session Manager and Parameter Store, AWS Systems Manager includes several key capabilities:

• Automation Documents and Run Command: Automate patching, gather operational insights, group nodes, and remediate issues.
• Change Manager: Utilize a comprehensive change management framework with change calendars and maintenance windows. This framework logs all automated changes and can include approval processes when necessary.
• Node Management: Perform compliance scans, inventory assessments, state management with State Manager, patching for both Windows and Linux, and software distribution.

Consider an e-commerce application that requires both server configuration management and application settings oversight. With Application Manager, you can visualize your entire application architecture, identify problematic components, and automatically trigger corrective actions such as restarting servers or clearing logs using run commands. Parameter Store securely holds connection strings and credentials, ensuring that sensitive data is not hard-coded into your applications.

Change Manager adds another layer by offering a structured framework to manage and audit changes throughout your environment. Integrating automation, change calendars, and maintenance windows creates a streamlined change control process that can capture, execute, and even roll back changes as needed.

Node management in Systems Manager provides a centralized approach to manage individual resources. This includes:

• Compliance monitoring
• Inventory scans
• Secure session management
• State management to enforce desired configurations
• Patch management for both Windows and Linux
• Software distribution

On the operations side, Incident Manager plays a critical role in handling outages. For instance, if your e-commerce site experiences downtime, Incident Manager can detect the issue based on CloudWatch alarms and alert the appropriate engineers using predefined response plans, including diagnostic instructions, communication templates, and runbooks. Additionally, Ops Center consolidates patch notifications and operational issues into a centralized dashboard, streamlining both incident management and resolution.

This overview highlights some of the key sub-services provided by AWS Systems Manager. The primary focus is on State Manager, Patch Manager, Automation Documents, and Session Manager—with Incident Manager and the Systems Manager Dashboard also playing important roles. While not every feature is covered in exhaustive detail, especially those less commonly discussed at the Associate level, this discussion provides a solid foundation for understanding Systems Manager's capabilities.

Thank you for reading this lesson. We look forward to exploring more AWS services in our next session.