Shared resource

This element identifies shared resources to help manage and configure your instances and on-premise virtual servers made up of the following four resources:

  • Managed Instances: This displays all of the configured instances that are ready for use with SSM, including both EC2 and virtual servers from your on-premises hybrid solution. A part of this configuration requires that the instances have the agent installed and that the necessary IAM permissions are in place.
  • Activations: This element is entirely for your on-premise virtual servers in your hybrid environment. To enable connectivity of these servers and the management of these servers by SSM, you need to create a managed-instance activation, which essentially functions as a secret access key authorizing permissions to the SSM service. This is where you can create those manage-instance activations.
  • Documents: Within the documents section, you are able to choose different types of documents that are used to specify which actions and scripts are carried out on your selected instances. You are able to use these documents in conjunction with your own configured parameters, allowing you to implement a level of customization. The documents are formatted in either a JSON or a YAML format. The different document types that are available are as follows:
    • Command: Command documents are used by both the State Manager and Run Command functions to apply specific configurations and to carry out commands on your instances. There are a wide scope of pre-configured command documents within SSM, for example, AWS-ConfigureCloudWatch. This is used to export metrics and log files from your instances to Amazon CloudWatch.
    • Policy: Policy documents effectively apply policies to your instances ensuring specific tasks or actions are being out. If the policy is removed, then that function ceases to continue. An example of a policy document is AWS-GatherSoftwareInventory. This is used to perform a software inventory of your instances.
    • Automation: Automation documents allow to you perform automated maintenance tasks that are referenced from within the Action section mentioned previously. A good example of an automation document would be AWS-CreateDynamoDbBackup. This performs an automatic backup of a DynamoDB table.
  • Parameter Store: This element of SSM relates to security and storage. It is used to retain configuration data management and secrets management. This information could be credentials, passwords, database strings, and so on. So effectively information that needs to be kept secure that can be called upon by SSM through the Run Command, Automation, and State Manager. Parameter Store can also be used with other AWS services as well, for example, EC2, AWS Lambda, CoudBuild, which can then retrieve key data from this central repository.

The storage of your parameters within the store is modeled on a hierarchical model. This allows you to create a tiered structure of your parameters that provides better management and ease of use, especially when trying to locate the correct parameter. Due to the sensitivity of the data, the parameter values themselves can be encrypted. However, this hierarchical string to your parameter is not encrypted.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.142.36.231