Adjusting Systems Manager settings

The options on the Settings pages enable and configure features in the Systems Manager unified console. The options displayed depend on the account you are logged into and whether or not you have already set up Systems Manager.

Account setup settings

If Systems Manager is enabled, and if you are logged into an account that is not a member of Organizations or if the delegated administrator has not added your Organizations account to Systems Manager, the Account setup page shows the option to Disable Systems Manager. Disabling Systems Manager means Systems Manager doesn't display the unified console. All Systems Manager tools still function.

Organizational setup settings

On the Organizational setup tab, the Home Region section displays the AWS Region chosen as the home Region during setup. In multi-account and multi-Region environments that use AWS Organizations, Systems Manager automatically aggregates node data from all accounts and Regions to the home Region. Aggregating data in this way enables you to view node data across accounts and Regions in a single location.

The Organizational setup section displays the AWS organizational units and AWS Regions chosen during setup. To change which organizational units and Regions display node data in Systems Manager, choose Edit. For more information about setting up Systems Manager for Organizations, see Setting up AWS Systems Manager.

Diagnose and remediate settings

The Diagnose and remediate settings determine whether or not Systems Manager automatically scans your nodes to ensure they can communicate with Systems Manager. If enabled, the feature runs automatically according to a schedule you define. The feature identifies which nodes can't connect to Systems Manager and why. This feature also provides recommended runbooks for remediating networking issues and other problems preventing nodes from being configured as managed nodes.

Scheduling a recurring diagnostic scan

Systems Manager can diagnose and help you remediate several types of deployment failures, as well as drifted configurations. Systems Manager can also identify Amazon Elastic Compute Cloud (Amazon EC2) instances in your account or organization that Systems Manager isn't able to treat as a managed node. The EC2 instance diagnosis process can identify issues related to misconfigurations for a virtual private cloud (VPC), in a Domain Name Service (DNS) setting, or in an Amazon Elastic Compute Cloud (Amazon EC2) security group.

To simply the task of identifying nodes that can't connect to Systems Manager, the Schedule recurring diagnosis feature enables you to automate a recurring diagnostic scan. The scans help identify which nodes can't connect to Systems Manager and why. Use the following procedure to enable and configure a recurring diagnostic scan of your nodes.

For more information about the Diagnose and remediate feature, see Diagnosing and remediating.

Updating S3 bucket encryption

When you onboard Systems Manager, Quick Setup creates an Amazon Simple Storage Service (Amazon S3) bucket in the delegated administrator account for AWS Organizations setups. For single-account setups, the bucket is stored in the account being set up. This bucket is used to store the metadata generated during diagnostic scans.

For more information about setting up the unified Systems Manager console, see Setting up AWS Systems Manager.

By default, your data in the bucket is encrypted using a AWS Key Management Service (AWS KMS) key that AWS owns and manages for you.

You can choose to use a different AWS KMS key for your bucket encryption. As another alternative, you can use server-side encryption with AWS KMS keys (SSE-KMS) using a customer managed key (CMK). For information, see Working with Amazon S3 buckets and bucket policies for Systems Manager.