AWS Systems Manager: Proven Best Use Cases and a Real-World Success Story - Beinex

AWS Systems Manager: Proven Best Use Cases and a Real-World Success Story

AWS Systems Manager is a comprehensive AWS management service designed to streamline the administration of your AWS Cloud-based applications and infrastructure. Systems Manager can be used with hybrid and multi-cloud environments. It offers the ability to manage EC2 instances, on-premises instances, and VMs at scale, facilitating automated software inventory collection, OS patch application, system image creation, and Windows and Linux OS configuration.

By using AWS Systems Manager, you gain invaluable operational insights and infrastructure state data, simplifying the management of your resources. This tool empowers you to effortlessly detect and address underlying infrastructure issues, all while offering free patching capabilities for enhanced compliance.

19 Oct 2023
Team Beinex

    Interested in the article or the service offering? Get in touch with us:

    AWS Systems Manager seamlessly operates with both Windows and Linux OS and integrates with CloudWatch metrics, CloudWatch Dashboard, and AWS Config. Moreover, it enables the creation of resource groups spanning various AWS services, allowing for aggregated operational data viewing and facilitating monitoring, troubleshooting, and resource group-specific actions.

    Common use cases and best practices for AWS Systems Manager capabilities are listed below:


  • Create self-service Automation runbooks for infrastructure.
  • Leverage AWS Systems Manager’s Automation feature to simplify the process of generating Amazon Machine Images (AMIs) from the AWS Marketplace or custom AMIs. This can be achieved using public Systems Manager documents (SSM documents) or by creating custom workflows tailored to your specific needs.
  • Two recommended Automation runbooks for building and maintaining AMIs are AWS-UpdateLinuxAmi and AWS-UpdateWindowsAmi.
  • Inventory

  • Audit Application Configurations Over Time with Inventory
  • Use AWS Systems Manager’s Inventory in conjunction with AWS Config to conduct comprehensive audits of your application configurations as they evolve over time.
  • Maintenance Windows

  • Scheduled Maintenance for Node Management
  • Define a routine schedule for executing potentially disruptive actions on your nodes, including activities like operating system (OS) patching, driver updates, or software installations.
  • For guidance on choosing between State Manager and Maintenance Windows, both key capabilities of AWS Systems Manager, refer to “Choosing between State Manager and Maintenance Windows.”
  • Parameter Store

  • Centralised Management of Global Configuration Settings
  • Employ Parameter Store, a pivotal feature within AWS Systems Manager, to centrally manage and maintain global configuration settings.
  • Patch Manager

  • Efficient Patch Rollouts and Enhanced Fleet Compliance
  • Make use of Patch Manager, an integral component of AWS Systems Manager, to orchestrate the deployment of patches across your fleet of instances while also gaining enhanced visibility into fleet compliance.
  • To bolster your security posture, integrate Patch Manager with AWS Security Hub for real-time compliance alerts and monitoring of patching status.
  • Optimise Patch Compliance Scans
  • It is advisable to employ only one method at a time for scanning managed nodes for patch compliance to prevent accidental overwriting of compliance data.
  • Run Command

  • Effortless Instance Management without SSH Access
  • Harness the power of EC2 Run Command within AWS Systems Manager for managing instances at scale without the need for SSH access.
  • Secure and Controlled Command Execution
  • Audit all API calls related to Run Command by utilising AWS CloudTrail. To maintain data security, avoid including sensitive information in plaintext when sending commands via Run Command. Utilise SecureString parameters for encryption of sensitive data used in Systems Manager operations.
  • Staged Command Execution and Access Control
  • Employ the targets and rate control features in Run Command for executing staged command operations and ensure fine-grained access permissions through AWS Identity and Access Management (IAM) policies.
  • Session Manager

  • Comprehensive Session Activity Auditing
  • Audit session activity within your AWS account by making use of AWS CloudTrail.
  • Session Data Logging and Access Control
  • Log session data in your AWS account via Amazon CloudWatch Logs or Amazon S3, enabling tighter control over user session access to instances. Additionally, you can manage access to commands within a session and customise SSM-user account administrative permissions.
  • State Manager

  • Regular SSM Agent Updates and Tags for Node Management
  • Ensure that SSM Agent is updated at least once a month by utilising the pre-configured AWS-UpdateSSMAgent document. For Windows instances, upload PowerShell or DSC modules to Amazon S3 and use AWS-InstallPowerShellModule.
  • Employ tags to create application groups for your nodes and target nodes using the Targets parameter instead of specifying individual node IDs. Automate the remediation of findings generated by Amazon Inspector using Systems Manager.
  • Centralized Configuration Repository and Document Sharing
  • Utilize a centralised configuration repository for your SSM documents and share these documents across your organisation for streamlined management.
  • Managed Nodes

  • Time Accuracy for Optimal Operations
  • Accurate time references are essential for Systems Manager to perform operations effectively. Ensure that your node’s date and time settings are correct, as discrepancies may lead to errors or incomplete functionality, and can result in nodes not being included in your managed nodes lists.
  • Case Study: A Global Cloud Solutions and Services Company Enhances Scalability and Efficiency with AWS Systems Manager

    Client: A Global Cloud Solutions and Services Company

    A technology services company that specialises in helping organisations across 120 countries adopt modern technologies and manage them efficiently. They focus on creating solutions for hybrid and multi-cloud environments.

    Requirement: Finding Scalability on AWS Systems Manager

    The client faced a significant challenge in managing multi-cloud environments at scale reliably and cost-effectively. Manually handling activities across hundreds of thousands of different compute instances was resource-intensive and delayed issue resolution. They needed a solution that could run both on-premises and on the cloud and wanted a single tool for managing their suite of solutions.>


  • Manual management of hundreds of thousands of compute instances.
  • Delays in issue resolution due to human intervention.
  • Need for a solution that could operate on-premises and in the cloud.
  • Desire for a unified tool to manage their suite of solutions.
  • Process: Supporting Automation, Staff Productivity, and Transparency on AWS

    The client began using AWS Systems Manager in 2015 for various products and extended its use to other cloud environments in 2019. Since 2019, the client has utilised AWS Systems Manager to power patching activities across all major cloud providers they support. They perform mass patching at scale, covering over 62,000 VMs across all their managed services. VM Management automates traditionally manual tasks like patching, agent distribution, server diagnostics, and issue remediation. It significantly reduces labour, costs, and errors associated with manual tasks, enhancing security and efficiency.

    SmartTickets, a component in VM Management, handled thousands of incidents and automated responses using AWS Systems Manager, saving time and reducing costs for the company. They also used Amazon CloudWatch for monitoring and observability and automated runbooks for real-time monitoring and alerts.

    AWS Systems Manager provides a single-pane view of environments, improving customer visibility and decision-making.

    Result: Taking Automation to the Next Level on AWS

    The client plans to develop custom runbooks with customers and further automate responses and resolutions using AWS Systems Manager. They have successfully solved industry challenges by saving time, cutting costs, and reducing complexity for both their customers and themselves.

    Key Takeaway

    The client leveraged AWS Systems Manager to streamline and automate their operations, resulting in improved efficiency, cost reduction, and enhanced customer satisfaction. With automation, they can swiftly respond to and resolve issues, meeting customer expectations effectively.

    How Beinex Can Help You

    Beinex is an AWS consulting partner, and we empower customers to host their BI solutions and much more on the cloud. Our cloud migration experts bring in best-in-class stability and reliability by understanding your business strategy and working closely with you to deploy AWS infrastructure as a service.