SSM Agent Flashcards
Capabilities - Automation
Automation - automate common and repetitive IT operations and management tasks across AWS resources
Step - defined as in initiated action performed in the automation execution on a per target basis you can execute the entire systems manager automation document in one action, or choose to execute one step at a time.
Automation document defines the automation work flow.
Can be scheduled.
Automation action - the action determines the inputs behavior and outputs of the step
Automation Queue - a queue to hold automations if you run more than 25 automations simultaneously
Resource groups
A collection of AWS resources that are all in the same AWS region, and that match criteria provided by a query
Use groups as a basis for viewing and monitoring configuration insights in systems manager
Built-in insights
Shows detailed information about a single resource group
Includes information from recent API calls through cloud Trail, recent configuration changes through config, instance software inventory listings, instance patch compliance views, and instance configuration compliance views
Systems manager activation
Enable hybrid and cross cloud management. Register any server weather, physical or virtual to be managed by systems manager.
Inventory manager
Automate the process of collecting software inventory from managed instances
Specify the type of metadata to collect the instances from where the meta-data should be collected and the schedule for metadata collection
Configuration compliance
Scans for patch compliance and configuration inconsistencies
View compliance history, and change tracking for patch manager patching data and state manager associations by using AWS config
Create your own compliance types
Run command
Remotely and securely manage the configuration of your managed instances at scale
Managed instances - any EC2 instance or on premise server or virtual machine in your hybrid environment that is configured for systems manager
Session manager
Manage your EC2 instances through an interactive, one, click browser-based shell, or through the AWS CLI
Use session manager to tunnel SSH & SCP traffic between a client and a server
Distributor
Package your own software or prepackaged software
Then
Distribute or deploy packages via one time using the run command or on a schedule using systems manager state manager
Patch manager
Automate patching, your managed instances
Scan for and apply missing patches to instances
For security patches, patch baselines include rules for auto approving patches within days of their release
Select and apply Microsoft application patches automatically
Includes common vulnerability, identifiers (CVE ID)
Configure actions to be performed before and after installing patches
Incident manager
Console to manage and monitor all incidents relating to AWS resources that your applications are using
Used to mitigate and recover from production incidents
Notify responders of impact, highlights, relevant, troubleshooting data, provides collaboration tools to return normal operations quickly
Automated response plans
Allows responder team escalation
Compliance
Automatically scanned your fleet of manage nodes for compliance and configuration inconsistencies
Collects and aggregate data from multiple AWS accounts, and AWS regions
Displays compliance data about patch manager patching and state manager associations
Create your own compliance types
Fleet manager
Remotely manage your nodes
View the health and performance status of your entire fleet from a single UI console
Gathers data from individual devices, external servers, and Amazon EC2 instances to perform common troubleshooting in management task, straight from the council, without manually connect into the resource
View the directories and file contents of your nodes/instances, windows registry management, operating system, user management, etc.
State manager
Hey service at autumn is the process of keeping your EC2 and hybrid infrastructure in a state that you define
Parameter store
meter Store
Provides secure, hierarchical storage for configuration data and secrets management.
о
You can store values as plain text or encrypted data with SecureString.
о
Parameters work with Systems Manager capabilities such as Run Command, State Manager, and Automation.
Ops center
• OpsCenter
• OpsCenter helps you view, investigate, and resolve operational issues related to your environment from a central location.
• OpsCenter complements existing case management systems by enabling integrations via
Amazon Simple Notification Service (SNS) and public AWS SDKs. By aggregating information from AWS Config, AWS CloudTrail logs, resource descriptions, and Amazon CloudWatch Events, OpsCenter helps you reduce the mean time to resolution (MTTR) of incidents, alarms, and operational tasks.
Change manager
• Change Manager
An enterprise change management framework for requesting, approving, implementing, and reporting on operational changes to your application configuration and infrastructure.
• From a single delegated administrator account, if you use AWS Organizations, you can manag changes across multiple AWS accounts and across AWS Regions. Alternatively, using a local account, you can manage changes for a single AWS account.
ㅇ
Can be used for both AWS and on-premises resources.
For each change template, you can add up to five levels of approvers. When it’s time to implement an approved change, Change Manager runs the Automation runbook that is specified in the associated change request.
Maintenance window
laintenance Window
Set up recurring schedules for managed instances to execute administrative tasks like installing patches and updates without interrupting business-critical operations.
Supports running four types of tasks:
Systems Manager Run Command commands
• Systems Manager Automation workflows
. AWS Lambda functions
• AWS Step Functions tasks
Systems manager document (SSM)
Defined the actions, assistant manager performs
Types of SSM documents:
command document - used by the run command to execute commands; used by state manager to apply a configuration
Policy document - used to enforce policies 
Automation document - used to perform common maintenance and deployment tasks 
Package document - includes packaged software assets to install managed instances 
Monitoring
Monitoring
• SSM Agent writes information about executions, scheduled actions, errors, and health statuses to log files on each instance. For more efficient instance monitoring, you can configure either SSM Agent itself or the CloudWatch Agent to send this log data to CloudWatch Logs.
• Using CloudWatch Logs, you can monitor log data in real-time, search and filter log data by creating one or more metric filters, and archive and retrieve historical data when you need it.
• Log System Manager API calls with CloudTrail.
Security
Systems manager is linked directly to IAM for access controls 
