[AWS] Systems Manager

Systems Manager (formerly known as SSM) manages EC2 instances at scale (EC2 fleet).

Features

  • Systems Manager organizes and groups your EC2 instances.
  • Automates common tasks such as patching, running scripts, and installing applications.
  • An agent software is installed on each VM.

Systems Manager Run Command

Run Commands” allows you to run operational tasks across multiple EC2 instances.

  • Run commands or scripts on one or more EC2 instances using Resource groups.
  • Stop, start, re-size, or terminate instances.
  • Install, patch, or uninstall software.

Systems Manager Parameter Store

Parameter Store provides secure serverless storage for the management of configuration data and secrets.

Features

  • You can store confidential data such as passwords, database strings, and license codes as parameter values.
  • Values can be saved as plain text or encrypted values (using the key from KMS).
  • Parameters are stored in hierarchies.
    • e.g. /prod/db/aurora/connection, /dev/db/aurora/connection
  • The service can be used with EC2, ECS, or Lambda.

Tiers

  • Standard
    • up to 10,000 parameters
    • up to 4KB parameter value size
    • No parameter policies
    • No charge
  • Advanced
    • more than 10,000 parameters
    • up to 8KB parameter value size
    • parameter polices are available
    • Charges apply

Types

  • String
    • Any string value
  • StringList
    • a comma-separated list of strings
  • SecureString
    • Encrypted string using KMS keys from your account or another account

Example: Systems Manager Patch Manager

  1. Create an IAM role
    • Trusted Entity: EC2
    • Managed Policy: AmazonSSMManagedInstanceCore
  1. Launch EC2 instances – 2 or more
    • Attach the role
    • Provide a tag to group instances later
  1. Open the Systems Manager Console
    • You can find instances in the Fleet Manager section.
    • If you do not see the instances, please check the attached IAM role in the EC2 instances.
  2. Create a resource group
    • Search and select the service “Resource Groups & Tag Editor
    • Create a resource group based on a tag
  1. Use Patch Manager in the Systems Manager
    • Search the baseline and set it as the default
  1. Use Patch Manager – Patch Now
    • You can schedule the patch or patch now.
    • You can select target instances using instance tags or a resource group.
    • Install any missing patches

Example: Systems Manager Run Command

  1. Setup an IAM role with AmazonSSMManagedInstanceCore
  2. Launch EC2 instances – 2 or more
  3. Create a resource group
  4. Run Command
    • Select the Command document
    • For your custom action, you can select “AWS-RunShellScript
    • Type the commands in the Command parameters
    • Select your target using the resource group
    • You can save the output in S3 or set up the SNS notification.
  1. Run the command
  2. You can confirm the output in Management Console.

Published by Pyongwon Lee

IT (Cloud, Web) Development, Philosophy, Economics.

Leave a Comment

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s