AWS Systems Manager seamlessly operates with both Windows and Linux OS and integrates with CloudWatch metrics, CloudWatch Dashboard, and AWS Config. Moreover, it enables the creation of resource groups spanning various AWS services, allowing for aggregated operational data viewing and facilitating monitoring, troubleshooting, and resource group-specific actions.
Common use cases and best practices for AWS Systems Manager capabilities are listed below:
Automation
Create self-service Automation runbooks for infrastructure.
Leverage AWS Systems Manager’s Automation feature to simplify the process of generating Amazon Machine Images (AMIs) from the AWS Marketplace or custom AMIs. This can be achieved using public Systems Manager documents (SSM documents) or by creating custom workflows tailored to your specific needs.
Two recommended Automation runbooks for building and maintaining AMIs are AWS-UpdateLinuxAmi and AWS-UpdateWindowsAmi.
Inventory
Audit Application Configurations Over Time with Inventory
Use AWS Systems Manager’s Inventory in conjunction with AWS Config to conduct comprehensive audits of your application configurations as they evolve over time.
Maintenance Windows
Scheduled Maintenance for Node Management
Define a routine schedule for executing potentially disruptive actions on your nodes, including activities like operating system (OS) patching, driver updates, or software installations.
For guidance on choosing between State Manager and Maintenance Windows, both key capabilities of AWS Systems Manager, refer to “Choosing between State Manager and Maintenance Windows.”
Parameter Store
Centralised Management of Global Configuration Settings
Employ Parameter Store, a pivotal feature within AWS Systems Manager, to centrally manage and maintain global configuration settings.
Patch Manager
Efficient Patch Rollouts and Enhanced Fleet Compliance
Make use of Patch Manager, an integral component of AWS Systems Manager, to orchestrate the deployment of patches across your fleet of instances while also gaining enhanced visibility into fleet compliance.
To bolster your security posture, integrate Patch Manager with AWS Security Hub for real-time compliance alerts and monitoring of patching status.
Optimise Patch Compliance Scans
It is advisable to employ only one method at a time for scanning managed nodes for patch compliance to prevent accidental overwriting of compliance data.
Run Command
Effortless Instance Management without SSH Access
Harness the power of EC2 Run Command within AWS Systems Manager for managing instances at scale without the need for SSH access.
Secure and Controlled Command Execution
Audit all API calls related to Run Command by utilising AWS CloudTrail. To maintain data security, avoid including sensitive information in plaintext when sending commands via Run Command. Utilise SecureString parameters for encryption of sensitive data used in Systems Manager operations.
Staged Command Execution and Access Control
Employ the targets and rate control features in Run Command for executing staged command operations and ensure fine-grained access permissions through AWS Identity and Access Management (IAM) policies.
Session Manager
Comprehensive Session Activity Auditing
Audit session activity within your AWS account by making use of AWS CloudTrail.
Session Data Logging and Access Control
Log session data in your AWS account via Amazon CloudWatch Logs or Amazon S3, enabling tighter control over user session access to instances. Additionally, you can manage access to commands within a session and customise SSM-user account administrative permissions.
State Manager
Regular SSM Agent Updates and Tags for Node Management
Ensure that SSM Agent is updated at least once a month by utilising the pre-configured AWS-UpdateSSMAgent document. For Windows instances, upload PowerShell or DSC modules to Amazon S3 and use AWS-InstallPowerShellModule.
Employ tags to create application groups for your nodes and target nodes using the Targets parameter instead of specifying individual node IDs. Automate the remediation of findings generated by Amazon Inspector using Systems Manager.
Centralized Configuration Repository and Document Sharing
Utilize a centralised configuration repository for your SSM documents and share these documents across your organisation for streamlined management.
Managed Nodes
Time Accuracy for Optimal Operations
Accurate time references are essential for Systems Manager to perform operations effectively. Ensure that your node’s date and time settings are correct, as discrepancies may lead to errors or incomplete functionality, and can result in nodes not being included in your managed nodes lists.
Case Study: A Global Cloud Solutions and Services Company Enhances Scalability and Efficiency with AWS Systems Manager
Client: A Global Cloud Solutions and Services Company
A technology services company that specialises in helping organisations across 120 countries adopt modern technologies and manage them efficiently. They focus on creating solutions for hybrid and multi-cloud environments.
Requirement: Finding Scalability on AWS Systems Manager
The client faced a significant challenge in managing multi-cloud environments at scale reliably and cost-effectively. Manually handling activities across hundreds of thousands of different compute instances was resource-intensive and delayed issue resolution. They needed a solution that could run both on-premises and on the cloud and wanted a single tool for managing their suite of solutions.>
Challenges
Manual management of hundreds of thousands of compute instances.
Delays in issue resolution due to human intervention.
Need for a solution that could operate on-premises and in the cloud.
Desire for a unified tool to manage their suite of solutions.
Process: Supporting Automation, Staff Productivity, and Transparency on AWS
The client began using AWS Systems Manager in 2015 for various products and extended its use to other cloud environments in 2019. Since 2019, the client has utilised AWS Systems Manager to power patching activities across all major cloud providers they support. They perform mass patching at scale, covering over 62,000 VMs across all their managed services. VM Management automates traditionally manual tasks like patching, agent distribution, server diagnostics, and issue remediation. It significantly reduces labour, costs, and errors associated with manual tasks, enhancing security and efficiency.
SmartTickets, a component in VM Management, handled thousands of incidents and automated responses using AWS Systems Manager, saving time and reducing costs for the company. They also used Amazon CloudWatch for monitoring and observability and automated runbooks for real-time monitoring and alerts.
AWS Systems Manager provides a single-pane view of environments, improving customer visibility and decision-making.
Result: Taking Automation to the Next Level on AWS
The client plans to develop custom runbooks with customers and further automate responses and resolutions using AWS Systems Manager. They have successfully solved industry challenges by saving time, cutting costs, and reducing complexity for both their customers and themselves.
Key Takeaway
The client leveraged AWS Systems Manager to streamline and automate their operations, resulting in improved efficiency, cost reduction, and enhanced customer satisfaction. With automation, they can swiftly respond to and resolve issues, meeting customer expectations effectively.
How Beinex Can Help You
Beinex is an AWS consulting partner, and we empower customers to host their BI solutions and much more on the cloud. Our cloud migration experts bring in best-in-class stability and reliability by understanding your business strategy and working closely with you to deploy AWS infrastructure as a service.
Back
