What is AWS Systems Manager?
AWS Systems Manager helps you centrally view, manage, and operate nodes at scale in AWS, on-premises, and multicloud environments. With the launch of an unified console experience, Systems Manager consolidates various tools to help you complete common node tasks across AWS accounts and Regions.
To use Systems Manager, nodes must be managed, which means SSM Agent is installed on the machine and the agent can communicate with the Systems Manager service. To help you identify why nodes aren't reporting as managed, Systems Manager offers a one-click agent issue diagnosis and remediation runbook that you can configure to run automatically according to a schedule you define. This feature helps identify why nodes can't connect to Systems Manager, including networking misconfigurations. This feature also provides recommended runbooks for remediating networking issues and other problems preventing nodes from being configured as managed nodes.
The unified console experience also includes a dashboard that provides a high-level overview of your nodes. You can drill down for more specific node insights such as which nodes are running outdated operating system (OS) software. You can also use filters for granular views based on instance metadata like OSs, AWS Regions, accounts, and SSM Agent versions. These filters help you retrieve relevant information at a specific account or application level across your entire organization.
Topics
How can Systems Manager benefit my operations?
Benefits of Systems Manager include the following:
-
Enhance visibility across your entire infrastructure
Systems Manager provides a centralized view of nodes across your organization's accounts and Regions. Quickly access instance information such as ID, name, OS details, and installed agents. Use Amazon Q Developer to query instance metadata using natural language, helping you identify issues and take action faster.
-
Boost operational efficiency with automation
Automate common operational tasks and reduce time and effort required to maintain your systems. Systems Manager provides safe and secure remote management of your nodes at scale without logging into your servers. You no longer need to use bastion hosts, SSH, or remote PowerShell. Systems Manager also provides a simple way of automating common administrative tasks across groups of nodes such as registry edits, user management, and software and patch installations.
-
Simplify node management at scale in any environment
Systems Manager helps you manage nodes across AWS, on-premises, and multicloud environments. Schedule automated diagnoses to identify SSM Agent issues and remediate them with one-click runbooks. After your nodes are configured as managed nodes, you can execute critical operational tasks such as applying security patches, initiating logged sessions, and running commands remotely.
Who should use Systems Manager?
Systems Manager is used by IT operations managers and operators, DevOps engineers, security and compliance managers, and IT directors and CIOs. Broadly speaking, Systems Manager is appropriate for the following:
-
Organizations that want to improve the management and security of their nodes at scale.
-
Organizations that want to increase visibility and operational agility when managing their infrastructure.
-
Organizations that want to increase operational efficiency at scale.
What are the main features of Systems Manager?
The primary features of Systems Manager are shared between the unified console and the individual tools Systems Manager provides to help you manage nodes at scale.
Unified console
The unified console provides a centralized experience to view and manage your nodes. This console leverages several Systems Manager tools and more to provide you with the following:
-
Centralized views of your nodes
-
Detailed node insights
-
Automated diagnosis and remediation of common node issues
For more information about the unified console, see What is the unified console?.
Tools
Tools consist of the individual capabilities of Systems Manager and their features such as Run Command, Session Manager, Automation, and Parameter Store. With Systems Manager tools you can do the following:
-
Patch nodes at scale
-
Securely connect to nodes without opening inbound ports
-
Run commands remotely on nodes
-
Securely store data referenced by applications
-
Automate common systems administration tasks
For more information about Systems Manager tools, see Using AWS Systems Manager tools.
Supported AWS Regions
For a list of AWS Regions that support Systems Manager tools, see Systems Manager service endpoints in the Amazon Web Services General Reference.
The unified Systems Manager console, released on November 21, 2024, is available in the following AWS Regions:
-
US East (N. Virginia) Region
-
US East (Ohio) Region
-
US West (N. California) Region
-
US West (Oregon) Region
-
Canada (Central) Region
-
South America (São Paulo) Region
-
Asia Pacific (Mumbai) Region
-
Asia Pacific (Tokyo) Region
-
Asia Pacific (Seoul) Region
-
Asia Pacific (Singapore) Region
-
Asia Pacific (Sydney) Region
-
Europe (Frankfurt) Region
-
Europe (Stockholm) Region
-
Europe (Ireland) Region
-
Europe (London) Region
-
Europe (Paris) Region
Accessing Systems Manager
You can work with Systems Manager in any of the following ways:
- Systems Manager console
-
The Systems Manager console
is a browser-based interface to access and use Systems Manager. - AWS IoT Greengrass V2 console
-
You can view and manage edge devices that are configured for AWS IoT Greengrass in the Greengrass console
. - AWS command line tools
-
By using the AWS command line tools, you can issue commands at your system's command line to perform Systems Manager and other AWS tasks. The tools are supported on Linux, macOS, and Windows. Using the AWS Command Line Interface (AWS CLI) can be faster and more convenient than using the console. The command line tools also are useful if you want to build scripts that perform AWS tasks.
AWS provides two sets of command line tools: the AWS Command Line Interface
and the AWS Tools for Windows PowerShell . For information about installing and using the AWS CLI, see the AWS Command Line Interface User Guide. For information about installing and using the Tools for Windows PowerShell, see the AWS Tools for Windows PowerShell User Guide. Note
On your Windows Server instances, Windows PowerShell 3.0 or later is required to run certain SSM documents (for example, the legacy
AWS-ApplyPatchBaselinedocument). Verify that your Windows Server instances are running Windows Management Framework 3.0 or later. The framework includes Windows PowerShell. - AWS SDKs
-
AWS provides software development kits (SDKs) that consist of libraries and sample code for various programming languages and platforms (for example, Java
, Python , Ruby , .NET , iOS and Android , and others ). The SDKs provide a convenient way to grant programmatic access to Systems Manager. For information about the AWS SDKs, including how to download and install them, see Tools for Amazon Web Services .
Systems Manager service name history
AWS Systems Manager (Systems Manager) was formerly known as "Amazon Simple Systems Manager (SSM)" and "Amazon EC2 Systems Manager (SSM)". The original abbreviated name of the service, "SSM", is still reflected in various AWS resources, including a few other service consoles. Some examples:
-
Systems Manager Agent: SSM Agent
-
Systems Manager parameters: SSM parameters
-
Systems Manager service endpoints:
ssm.region.amazonaws.com -
AWS CloudFormation resource types:
AWS::SSM::Document -
AWS Config rule identifier:
EC2_INSTANCE_MANAGED_BY_SSM -
AWS Command Line Interface (AWS CLI) commands:
aws ssm describe-patch-baselines -
AWS Identity and Access Management (IAM) managed policy names:
AmazonSSMReadOnlyAccess -
Systems Manager resource ARNs:
arn:aws:ssm:region:account-id:patchbaseline/pb-07d8884178EXAMPLE
