Centralized Management Using AWS System Manager

You can manage your applications and infrastructure in the cloud Systems Manager, System Manager simplifies application and resource management, reduces the time it takes to detect and resolve operational problems, and helps you securely manage your resources at scale.

image.png

image Source

  • System Manager will verify that your user, group, or role has permission to perform the action you specified.
  • If the target of your action is a managed node, the System Manager Agent will perform the action.
  • System Manager, SSM Agent, and other services performed an action on behalf of System Manager report status. If configured, System Manager can send status details to other services.
  • If enabled, System Manager operations management capabilities such as Explorer, OpsCenter, and Incident Manager collect operations data or create artifacts in response to incidents or errors with your resources.
  • Artifacts include operational work items. System Manager Operations Management capabilities provide operational insights into your applications and resources.

There are four main feature groups that make up the operations center for your AWS applications and resources.

Operations Management

explorer

  • Explorer is a dashboard that shows information about your resources.
  • Explorer has a holistic view of your accounts’ operational data.

ops center

  • Operations engineers and IT professionals can view, investigate and resolve operational work items in one central location. It is designed to reduce the average time taken to resolve issues.
  • The System Manager Automation Runbook can be used to solve problems.
  • You can specify the data you want for each item.
  • You can view reports by status and source.

event manager

  • Users can reduce and recover from incidents affecting their applications with the help of Incident Manager.
  • Incident Manager enhances incident resolution by informing responders of impact, highlighting relevant data, and providing collaboration tools to get services back up and running.
  • The incident manager can automate response plans.

application management

application Manager

The Application Manager helps engineers investigate and fix problems with their applications and their resources in the context of the cluster.

app config

AppConfig can help you create, manage and deploy application configurations. AppConfig can be used to deploy applications of any size.

parameter store

The parameter store has configuration data and storage for secrets.

change management

automation

Common maintenance and deployment tasks can be automated.

change manager

Change Manager is an enterprise change management framework for requesting, approving, implementing and reporting operational changes to your application configuration and infrastructure.

maintenance windows

The Maintenance window can be used to set recurring schedules for managed instances to run administrative tasks.

node management

fleet manager

Fleet Manager is a UI experience that allows you to manage your nodes remotely.

session manager

Session Manager can be used to manage Edge devices and Amazon EC2 instances.

patch manager

Patch Manager can be used to automate the patching process of your managed nodes.

  1. Collect data and get actionable insights across services in a single console.

  2. It is possible to solve application problems automatically.

  3. Use operational data to easily manage applications and identify problems.

  4. Proactive processes such as patching and resource changes can be automated to diagnose and fix operational issues before they affect users.

In this article, you will get started with Centralized Operations Management By using the capabilities of System Manager, such as

  • fleet manager
  • patch manager
  • state manager
  • Automation Runbook.

The article focuses on using the Automation Runbook to manage large-scale EC2 instances, patch operations on a managed fleet, and simplify maintenance tasks.

immediate management

Quick setup There is a feature of System Manager that can be used to quickly set up security roles on your Amazon EC2 instance. Quick Setup can be used in an individual account or across multiple accounts. The minimum required permissions to get started are provided by these capabilities, which help you manage and monitor the health of your instances.

To get started with Quick Setup, you’ll need to choose a home area and onboard with it. Quick Setup creates the resources that are used to deploy your configuration in the home area.

IAM roles and permissions

Permissions and roles are part of IAM. Quick Setup creates the following IAM roles on your behalf.

  • aws-quicksetup-stackset-local-execrole
  • aws-quicksetup-stackset-local-administrationrole

If you are setting up a management account, Quick Setup creates the following roles on your behalf.

  • aws-quicksetup-ssm-role to enable explorer
  • AWSServiceRoleForAmazonSSM
  • AWSServiceRoleForAmazonSSM_AccountDiscoverey
  • Launch Amazon EC2 Instances to Manage with AWS System Manager

Please watch the video below to launch an Amazon EC2 instance to manage with AWS System Manager.


We used System Manager’s Quick Setup feature to get started. We now have the necessary roles and permissions set up so that we can take advantage of the power of System Manager.

The process of patching managed nodes with both security-related and other types of updates can be done with the help of the patch manager.

patch manager

  • patch manager Can be used for applying patches.
  • Patch Manager uses a patch baseline, which includes auto-approval rules within days of a patch’s release, as well as a list of approved and rejected patches.
  • patching scheduling to run as system manager State Manager association Will allow you to install patches regularly.

We’ll use the patch baseline to learn how to use the patch manager.

Please watch the video below to patch your managed nodes using Patch Manager.


We ran a simple patching operation on our managed instance after setting up the default patch baseline. We can schedule patching operations by creating a patching configuration that will allow us to perform patching during a defined window.

Common maintenance, deployment and remedial tasks can be simplified with the help of automation,

Please watch the video below to see how to use Automation Runbook to resize EC2 instances.


We explored the power of the System Manager Automation Runbook by resizing our instances to the desired instance type. The System Manager Automation Runbook reference can be used to start working with Runbooks.

Thanks for reading my article till the end. I hope you felt something unique today. If you liked this article then please share it with your friends and if you have suggestions or ideas to share with me then please write in the comment box.

Follow me and share your thoughts
GitHub
linkedin
Twitter

Leave a Comment