The AWS Systems Manager (known as SSM) service has been derived from previous services that you may have heard of that are no longer in service, these being AWS EC2 Systems Manager and Amazon Simple Systems Manager.
The service itself is designed to help you manage and give visibility to your infrastructure, particularly when it comes to your EC2 fleet. It also has the ability to configure and manage your virtual compute resources on-premises, as well as within your AWS environment, ensuring they meet specific compliance needs. Using AWS SDKs, the AWS CLI, AWS Toolkit for Windows PowerShell, or even the AWS the Management Console, you are able to centrally manage, review, and automate tasks for your resources. This makes it a great tool for helping you view your infrastructure through a single pane of glass, making it highly scalable.
Much like Amazon Inspector, SSM also uses agents that are installed locally to help with the configuring and deploying of updates to your EC2 and on-premises virtual servers. When requests are sent by Systems Manager, the agent receives the request and carries out the required task.
If you are running Linux AMIs, then by default, the agent is also installed on Amazon Linux, Amazon Linux 2, Ubuntu Server 16.04, and Ubuntu Server 18.04 LTS base AMIs. If you are running any other Linux AMIs, then you will need to install the agent manually following this process: https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-install-ssm-agent.html.
If you want to control and automate configurations on your on-premise virtual servers then you will need to perform a manual installation: https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-install-managed-win.html.
So, once the agent is installed on the required EC2/virtual server fleet, you are able to control and manage your instances. But how does this work? At a very high level, it's very simple.
Once you have verified the installation of SSM agents on your resources, you can then use Systems Manager to configure and deploy configuration changes to resource groups (your EC2/Virtual Servers).
The agent will then receive the request of configuration changes sent by SSM to be performed and verifies the packages to be run. The agent will then carry out and process the tasks required.
The output and results of these configuration changes can be sent to other AWS services for reporting and monitoring, such as AWS CloudTrail, Amazon S3, and Amazon CloudWatch:
Let's now look deeper at some of the elements that make up this service, these being the following:
- Resource groups
- Actions
- Insights
- Shared resources