[AWS] Systems Manager

Systems Manager (formerly known as SSM) manages EC2 instances at scale (EC2 fleet).

Features

  • Systems Manager organizes and groups your EC2 instances.
  • Automates common tasks such as patching, running scripts, and installing applications.
  • An agent software is installed on each VM.

Systems Manager Run Command

Run Commands” allows you to run operational tasks across multiple EC2 instances.

  • Run commands or scripts on one or more EC2 instances using Resource groups.
  • Stop, start, re-size, or terminate instances.
  • Install, patch, or uninstall software.

Systems Manager Parameter Store

Parameter Store provides secure serverless storage for the management of configuration data and secrets.

  • You can store confidential data such as passwords, database strings, and license codes as parameter values.
  • Values can be saved as plain text or encrypted values (using the key from KMS).
  • Parameters are stored in hierarchies.
    • e.g. /prod/db/aurora/connection, /dev/db/aurora/connection
  • The service can be used with EC2, ECS, or Lambda.

Example: Systems Manager Patch Manager

  1. Setup an IAM role with AmazonEC2RoleforSSM
  1. Launch EC2 instances – 2 or more
    • Attach the role
    • Provide a tag to group instances later
  1. Open the Systems Manager Console
    • You can find instances in the Fleet Manager section.
  2. Create a resource group
    • Create a resource group based on tags
  1. Use Patch Manager: Set the default baseline.
    • Search the baseline and set it as the default
  1. Use Patch Manager – Patch Now
    • You can schedule the patch or patch now.
    • You can select target instances using instance tags or a resource group.
    • Install any missing patches

Example: Systems Manager Run Command

  1. Setup an IAM role with AmazonEC2RoleforSSM
  2. Launch EC2 instances – 2 or more
  3. Create a resource group
  4. Run Command
    • Select the Command document
    • For your custom action, you can select “AWS-RunShellScript
    • Type the commands in the Command parameters
    • Select your target using the resource group
    • You can save the output in S3 or set up the SNS notification.
  1. Run the command
  2. You can confirm the output in Management Console.

Published by Pyongwon Lee

IT (Cloud, Web) Development, Philosophy, Economics.

Leave a Comment

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s