AWS Systems Manager: User Guide
- Length: 2172 pages
- Edition: 1
- Language: English
- Publisher: Amazon Web Services
- Publication Date: 2021
- ISBN-10: B078XCSXDS
- Sales Rank: #17559 (See Top 100 Books)
This is official Amazon Web Services (AWS) documentation for AWS Systems Manager. This documentation is offered for free here as a Kindle book, or you can read it online or in PDF format at https://docs.aws.amazon.com/systems-manager/latest/userguide/. AWS Systems Manager (formerly Amazon EC2 Systems Manager) is a unified interface that allows you to easily centralize operational data and automate tasks across your AWS resources. Systems Manager shortens the time to detect and resolve operational problems in your infrastructure. Systems Manager gives you a complete view of your infrastructure performance and configuration, simplifies resource and application management, and makes it easy to operate and manage your infrastructure at scale. This guide helps you use Systems Manager
What is AWS Systems Manager? Systems Manager capabilities How Systems Manager works About SSM Agent Supported operating systems Accessing Systems Manager Systems Manager prerequisites AWS Systems Manager Quick Setup Setting up AWS Systems Manager Step 1: Sign up for AWS Step 2: Create an Admin IAM user for AWS Step 3: Create non-Admin IAM users and groups for Systems Manager Task 1: Create user groups Task 2: Create users and assign permissions Step 4: Create an IAM instance profile for Systems Manager Step 5: Attach an IAM instance profile to an EC2 instance Step 6: (Optional) Create a Virtual Private Cloud endpoint Step 7: (Optional) Create Systems Manager service roles Step 8: (Optional) Set up integrations with other AWS services Setting up AWS Systems Manager for hybrid environments Step 1: Complete general Systems Manager setup steps Step 2: Create an IAM service role for a hybrid environment Step 3: Install a TLS certificate on on-premises servers and VMs Step 4: Create a managed-instance activation for a hybrid environment Step 5: Install SSM Agent for a hybrid environment (Linux) Step 6: Install SSM Agent for a hybrid environment (Windows) Getting started with AWS Systems Manager Step 1: Install or upgrade AWS command line tools Step 2: Practice installing or updating SSM Agent on an instance Step 3: Try Systems Manager tutorials and walkthroughs Working with SSM Agent Installing and configuring SSM Agent on Windows Server instances Install and configure SSM Agent on EC2 instances for Windows Server Configure SSM Agent to use a proxy for Windows Server instances Installing and configuring SSM Agent on EC2 instances for Linux Manually install SSM Agent on EC2 instances for Linux Manually install SSM Agent on Amazon Linux instances Manually install SSM Agent on Amazon Linux 2 instances Manually install SSM Agent on CentOS instances Manually install SSM Agent on Debian Server instances Manually install SSM Agent on Oracle Linux instances Manually install SSM Agent on Red Hat Enterprise Linux instances Manually install SSM Agent on SUSE Linux Enterprise Server 12 instances Manually install SSM Agent on Ubuntu Server instances Configure SSM Agent to use a proxy Upgrade the Python requests module on Amazon Linux instances that use a proxy server Uninstall SSM Agent from Linux instances Getting the currently installed SSM Agent version View SSM Agent logs Restrict access to root-level commands through SSM Agent Automate updates to SSM Agent Subscribe to SSM Agent notifications About minimum S3 Bucket permissions for SSM Agent Troubleshooting SSM Agent Product and service integrations with Systems Manager Integration with AWS services Running scripts from Amazon S3 Referencing AWS Secrets Manager secrets from Parameter Store parameters Integration with other products and services Running scripts from GitHub Using Chef InSpec profiles with Systems Manager Compliance Integration examples from the community Operations Management AWS Systems Manager Explorer Getting started with Systems Manager Explorer and OpsCenter Setting up related services Configuring roles and permissions for Systems Manager Explorer Enabling default rules Specifying tag keys Setting up Systems Manager Explorer to display data from multiple accounts and Regions Configuring a Delegated Administrator Using Systems Manager Explorer Editing default rules for OpsItems Editing Systems Manager Explorer data sources Customizing the display and using filters Deleting a Systems Manager Explorer Resource Data Sync Exporting OpsData from Systems Manager Explorer Troubleshooting Systems Manager Explorer AWS Systems Manager OpsCenter Getting started with OpsCenter Creating OpsItems Working with OpsItems Remediating OpsItem issues using Systems Manager Automation Viewing OpsCenter summary reports Supported resources reference Auditing and logging OpsCenter activity Amazon CloudWatch dashboards hosted by Systems Manager Trusted Advisor and Personal Health Dashboards hosted by Systems Manager AWS Systems Manager Application Management Resource Groups in AWS Systems Manager Viewing operations data for AWS Resource Groups AWS AppConfig AWS Systems Manager Parameter Store Parameter types and examples SecureString parameters Native parameter support for Amazon Machine Image IDs Public parameters Getting started with Parameter Store Restricting access to Systems Manager parameters using IAM policies Setting up notifications or trigger actions based on Parameter Store events Managing parameter tiers Specifying a default parameter tier Changing a standard parameter to an advanced parameter Increasing Parameter Store throughput Working with parameters Organizing parameters into hierarchies Assigning parameter policies About requirements and constraints for parameter names Creating Systems Manager parameters Create a Systems Manager parameter (console) Create a Systems Manager parameter (AWS CLI) Create a multi-line parameter (AWS CLI) Create a Systems Manager parameter (Tools for Windows PowerShell) Searching for Systems Manager parameters Working with parameter versions Working with parameter labels Working with parameter labels (console) Working with parameter labels (AWS CLI) Parameter Store walkthroughs Walkthrough: Create and test a String parameter (console) Walkthrough: Create and update a String parameter (AWS CLI) Walkthrough: Create and update a SecureString parameter (AWS CLI) Walkthrough: Create a SecureString parameter and join an instance to a Domain (PowerShell) Walkthrough: Manage parameters using hierarchies (AWS CLI) AWS Systems Manager Actions & Change AWS Systems Manager Automation Getting started with Automation Method 1: Use AWS CloudFormation to configure a service role for Automation Method 2: Use IAM to configure roles for Automation Working with automations Running a simple automation Running an automation manually Running an automation with approvers Running automations that use targets and rate controls About targets About concurrency and error thresholds Running automations based on triggers Running automations with triggers using CloudWatch Events Running automations with triggers using State Manager Running automations with triggers using Maintenance Windows Running automations by using different security models Running an automation as the current authenticated user Running an automation by using an IAM service role Running an automation by using delegated administration Running automations in multiple AWS Regions and accounts Systems Manager Automation actions reference aws:approve – Pause an execution for manual approval aws:assertAwsResourceProperty – Assert an AWS resource state or event state aws:branch – Run conditional automation steps aws:changeInstanceState – Change or assert instance state aws:copyImage – Copy or encrypt an Amazon Machine Image aws:createImage – Create an Amazon Machine Image aws:createStack – Create an AWS CloudFormation stack aws:createTags – Create tags for AWS resources aws:deleteImage – Delete an Amazon Machine Image aws:deleteStack – Delete an AWS CloudFormation stack aws:executeAutomation – Run another automation execution aws:executeAwsApi – Call and run AWS API actions aws:executeScript – Run a script aws:executeStateMachine – Run an AWS Step Functions state machine aws:invokeLambdaFunction – Invoke an AWS Lambda function aws:pause – Pause an automation execution aws:runCommand – Run a command on a managed instance aws:runInstances – Launch an EC2 instance aws:sleep – Delay an automation execution aws:waitForAwsResourceProperty – Wait on an AWS resource property Automation system variables Working with Automation documents Creating Automation documents using Document Builder Creating an Automation document using the Editor Creating Automation documents that run scripts Creating an Automation document that runs a script (console) Creating an Automation document that runs scripts (command line) Amazon managed Automation documents that run scripts Creating dynamic Automation workflows with conditional branching Handling timeouts in Automation documents Invoking other AWS services from a Systems Manager Automation workflow Sample scenarios and custom Automation document solutions Deploy VPC architecture and Microsoft Active Directory domain controllers Restore a root volume from the latest snapshot Create an AMI and cross-Region copy Systems Manager Automation documents reference Automation document details reference AWSSupport-ActivateWindowsWithAmazonLicense AWS-ASGEnterStandby AWS-ASGExitStandby AWS-AttachEBSVolume AWS-AttachIAMToInstance AWS-ConfigureCloudWatchOnEC2Instance AWS-ConfigureS3BucketLogging AWS-ConfigureS3BucketVersioning AWS-CopySnapshot AWSEC2-CloneInstanceAndUpgradeWindows AWSEC2-CloneInstanceAndUpgradeSQLServer AWS-CreateDynamoDBBackup AWS-CreateImage AWS-CreateJiraIssue AWS-CreateManagedLinuxInstance AWS-CreateManagedWindowsInstance AWS-CreateRdsSnapshot AWS-CreateServiceNowIncident AWS-CreateSnapshot AWS-DeleteCloudFormationStack AWS-DeleteDynamoDBBackup AWS-DeleteDynamoDBTableBackups AWS-DeleteEBSVolumeSnapshots AWSConfigRemediation-DeleteUnusedIAMGroup AWS-DeleteImage AWS-DeleteSnapshot AWS-DetachEBSVolume AWS-DisablePublicAccessForSecurityGroup AWS-DisableS3BucketPublicReadWrite AWS-EnableCloudTrail AWSConfigRemediation-EnableEnhancedMonitoringOnRDSInstance AWS-EnableS3BucketEncryption AWS-ExportOpsDataToS3 AWSSupport-ExecuteEC2Rescue AWSSupport-GrantPermissionsToIAMUser AWSSupport-ManageRDPSettings AWSSupport-ManageWindowsService AWS-PatchAsgInstance AWS-PatchInstanceWithRollback AWS-PublishSNSNotification AWS-RebootRDSInstance AWS-RunCfnLint AWS-RunPacker AWSSupport-ResetAccess AWS-ReleaseElasticIP AWS-ResizeInstance AWS-RestartEC2Instance AWSSupport-SendLogBundleToS3Bucket AWS-SetupInventory AWSSupport-SetupIPMonitoringFromVPC AWS-SetupManagedInstance AWS-SetupManagedRoleOnEC2Instance AWSEC2-ConfigureSTIG AWSEC2-SQLServerDBRestore AWS-StartEC2Instance AWSSupport-StartEC2RescueWorkflow AWS-StartRDSInstance AWS-StopEC2Instance AWS-StopRDSInstance AWS-TerminateEC2Instance AWSSupport-TerminateIPMonitoringFromVPC AWSSupport-TroubleshootConnectivityToRDS AWSSupport-TroubleshootDirectoryTrust AWSSupport-TroubleshootRDP AWSSupport-TroubleshootSSH AWS-UpdateCloudFormationStack AWS-UpdateLinuxAmi AWS-UpdateWindowsAmi AWSSupport-UpgradeWindowsAWSDrivers Automation walkthroughs Patching Amazon Machine Images Walkthrough: Patch a Linux AMI (console) Walkthrough: Patch a Linux AMI (AWS CLI) Walkthrough: Patch a Windows Server AMI Walkthrough: Simplify AMI patching using Automation, AWS Lambda, and Parameter Store Walkthrough: Patch an AMI and update an Auto Scaling group Using AWS support self-service Automations Walkthrough: Run the EC2Rescue tool on unreachable instances Walkthrough: Reset passwords and SSH keys on EC2 instances Walkthrough: Using input transformers with Automation Walkthrough: Using Automation with Jenkins Walkthrough: Using Document Builder to create a custom Automation document Troubleshooting Systems Manager Automation AWS Systems Manager Change Calendar Getting started with Change Calendar Working with Change Calendar Create a Change Calendar entry Create a Change Calendar event Update a Change Calendar event Delete a Change Calendar event Update a Change Calendar entry Share a Change Calendar entry Delete a Change Calendar entry Get the state of the Change Calendar Add Change Calendar dependencies to Automation documents AWS Systems Manager Maintenance Windows Controlling access to maintenance windows Control access to maintenance windows (console) Control access to maintenance windows (AWS CLI) Control access to maintenance windows (Tools for Windows PowerShell) Working with maintenance windows (console) Create a maintenance window (console) Assign targets to a maintenance window (console) Assign tasks to a maintenance window (console) Update or delete a maintenance window (console) Systems Manager Maintenance Windows tutorials (AWS CLI) Tutorial: Create and configure a maintenance window (AWS CLI) Step 1: Create the maintenance window (AWS CLI) Step 2: Register a target instance with the maintenance window (AWS CLI) Examples: Register targets with a maintenance window Step 3: Register a task with the maintenance window (AWS CLI) Examples: Register tasks with a maintenance window About register-task-with-maintenance-windows options About pseudo parameters Tutorial: View information about maintenance windows (AWS CLI) Tutorial: View information about tasks and task executions (AWS CLI) Tutorial: Update a maintenance window (AWS CLI) Tutorial: Delete a maintenance window (AWS CLI) Maintenance window walkthroughs Walkthrough: Create a maintenance window to update SSM Agent (AWS CLI) Walkthrough: Create a maintenance window to update SSM Agent (console) Reference: Maintenance window scheduling and active period options Troubleshooting maintenance windows AWS Systems Manager Instances & Nodes AWS Systems Manager Configuration Compliance Getting started with Configuration Compliance Creating a Resource Data Sync for Configuration Compliance Working with Configuration Compliance Remediating compliance issues Configuration Compliance walkthrough (AWS CLI) AWS Systems Manager Inventory Learn more about Systems Manager Inventory Metadata collected by inventory Working with file and Windows registry inventory Related AWS services Configuring Resource Data Sync for Inventory Configuring inventory collection Working with Systems Manager inventory data Querying inventory data from multiple Regions and accounts Querying an inventory collection by using filters Aggregating inventory data Working with custom inventory Viewing inventory history and change tracking Systems Manager Inventory walkthroughs Walkthrough: Assign custom inventory metadata to an instance Walkthrough: Configure your managed instances for Inventory by using the CLI Walkthrough: Use Resource Data Sync to aggregate inventory data Troubleshooting problems with Systems Manager Inventory AWS Systems Manager Managed Instances Configuring instance tiers Enabling the advanced-instances tier Reverting from the advanced-instances tier to the standard-instances tier Resetting passwords on managed instances Deregistering managed instances in a hybrid environment Troubleshooting managed instances AWS Systems Manager hybrid activations AWS Systems Manager Session Manager Getting started with Session Manager Step 1: Complete Session Manager prerequisites Step 2: Verify or create an IAM instance profile with Session Manager permissions Adding Session Manager permissions to an existing instance profile Create a custom IAM instance profile for Session Manager Step 3: Control user session access to instances Enforce a session document permission check for the AWS CLI Quickstart default IAM policies for Session Manager Additional sample IAM policies for Session Manager Step 4: Configure session preferences Grant or deny a user permissions to update Session Manager preferences Enable run as support for Linux instances Enable AWS KMS key encryption of session data (console) Create Session Manager preferences (command line) Update Session Manager preferences (command line) Step 5: (Optional) Restrict access to commands in a session Step 6: (Optional) use PrivateLink to set up a VPC endpoint for Session Manager Step 7: (Optional) disable or enable ssm-user account administrative permissions Step 8: (Optional) Enable SSH connections through Session Manager Working with Session Manager (Optional) Install the Session Manager Plugin for the AWS CLI Start a session Terminate a session View session history Auditing and logging session activity Troubleshooting Session Manager AWS Systems Manager Run Command Setting up Run Command Running commands using Systems Manager Run Command Running commands from the console Running PowerShell scripts on Linux instances Running commands using the document version parameter Using targets and rate controls to send commands to a fleet Canceling a command Handling exit codes with scripts Rebooting managed instance from scripts Managing exit codes in Run Command commands Understanding command statuses Run Command walkthroughs Walkthrough: Use the AWS CLI with Run Command Walkthrough: Use the AWS Tools for Windows PowerShell with Run Command Troubleshooting Systems Manager Run Command AWS Systems Manager State Manager About State Manager Working with associations in Systems Manager About targets and rate controls in State Manager associations Create an association Edit and create a new version of an association Viewing association histories AWS Systems Manager State Manager walkthroughs Creating associations that run MOF files Creating associations that run Ansible playbooks Creating associations that run Chef recipes Automatically update SSM Agent (CLI) Walkthrough: Automatically update PV drivers on EC2 instances for Windows Server (console) AWS Systems Manager Patch Manager Patch Manager prerequisites How Patch Manager operations work How security patches are selected How to specify an alternative patch source repository (Linux) How patches are installed How patch baseline rules work on Linux-based systems Key differences between Linux and Windows patching About patching operations About patching configurations About SSM documents for patching instances About the SSM document AWS-RunPatchBaseline About the SSM Document AWS-RunPatchBaselineAssociation Sample scenario for using the InstallOverrideList parameter in AWS-RunPatchBaseline About patch compliance status values About patch baselines About predefined and custom patch baselines About package name formats for approved and rejected patch lists About patch groups About patching applications on Windows Server Working with Patch Manager (console) View AWS predefined patch baselines Working with custom patch baselines Create a custom patch baseline (Windows) Create a custom patch baseline (Linux) Update or delete a custom patch baseline (console) Set an existing patch baseline as the default Create a patching configuration (console) Create a patch group Create a maintenance window for patching About patching schedules using Maintenance Windows Working with Patch Manager (AWS CLI) Use Kernel Live Patching on Amazon Linux 2 instances AWS Systems Manager Patch Manager walkthroughs Walkthrough: Create a patch baseline for installing Windows Service Packs (console) Walkthrough: Patch a server environment (AWS CLI) AWS Systems Manager Distributor Getting started with Distributor Step 1: Complete Distributor prerequisites Step 2: Verify or create an IAM instance profile with Distributor permissions Step 3: Control user access to packages Step 4: Create or choose an Amazon S3 bucket Working with Distributor View packages Create a package Edit package permissions (console) Edit package tags (console) Add a package version to Distributor Install or update packages Uninstall a package Delete a package Auditing and logging Distributor activity Troubleshooting AWS Systems Manager Distributor AWS Systems Manager Shared Resources AWS Systems Manager documents SSM document schemas and features SSM document syntax Systems Manager Command document plugin reference Creating Systems Manager documents Create an SSM document (console) Create an SSM document (command line) Create an SSM document (API) Creating composite documents Sharing SSM documents Best practices for shared SSM documents Share an SSM document Modify permissions for a shared SSM document Using shared SSM documents Running Systems Manager command documents from remote locations Security in AWS Systems Manager Data protection in AWS Systems Manager Identity and access management for AWS Systems Manager How AWS Systems Manager works with IAM AWS Systems Manager identity-based policy examples Troubleshooting AWS Systems Manager identity and access Using service-linked roles for Systems Manager Using Roles to Collect Inventory and Run Maintenance Windows Tasks Using Roles to Collect AWS Account Information for Systems Manager Explorer Logging and monitoring in AWS Systems Manager Compliance validation for AWS Systems Manager Resilience in AWS Systems Manager Infrastructure security in AWS Systems Manager Configuration and vulnerability analysis in AWS Systems Manager Security best practices for Systems Manager Monitoring AWS Systems Manager Sending instance logs to CloudWatch Logs (CloudWatch agent) Sending SSM Agent logs to CloudWatch Logs Monitoring Run Command metrics using Amazon CloudWatch Logging AWS Systems Manager API calls with AWS CloudTrail Configuring Amazon CloudWatch Logs for Run Command Monitoring Systems Manager events with Amazon CloudWatch Events Configuring CloudWatch Events for Run Command Configuring CloudWatch Events for Systems Manager automation Monitoring Systems Manager status changes using Amazon SNS notifications Example Amazon SNS notifications for AWS Systems Manager Use Run Command to send a command that returns status notifications Use a maintenance window to send a command that returns status notifications Tagging Systems Manager resources Taggable Systems Manager resources Tagging Systems Manager documents Tagging maintenance windows Tagging managed instances Tagging OpsItems Tagging Systems Manager parameters Tagging patch baselines AWS Systems Manager reference Reference: Cron and rate expressions for Systems Manager Reference: ec2messages, ssmmessages, and other API calls Reference: Creating formatted date and time strings for Systems Manager Use cases and best practices Choosing between State Manager and Maintenance Windows Document history AWS glossary
Donate to keep this site alive
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.