Server Fleet Management at Scale
Server Fleet Management at Scale

Considerations

Server Fleet Configuration

To use your existing server fleet with this solution, you must complete the following prerequisite tasks:

  • Create an instance profile role with the required AWS Systems Manager permissions

  • Verify that your Amazon Elastic Compute Cloud (Amazon EC2) instances meet Systems Manager requirements

  • Install AWS Systems Manager Agent (SSM Agent)

  • Create Environment and Patch Group with the Managed Instances Tag Value that you specified during initial configuration. The Environment tag runs the Amazon Inspector assessments and runs Systems Manager inventory daily. The Patch Group tag by default is run weekly and directs Systems Manager OS patching for the instances.

Systems Manager uses the tag key to identify applicable Amazon EC2 instances. When an appropriately tagged instance is launched, Systems Manager performs the following tasks:

  • Installs or updates the Amazon Inspector agent

  • Creates the Systems Manager associations between the servers and Systems Manager documents to ensure the servers are continuously evaluated against defined baselines

  • Adds the servers to a patch management regimen to ensure the servers are patched regularly

  • Adds the servers to a group that Amazon Inspector will use to regularly run vulnerability assessments

Note that this solution is designed to work with the latest version of the SSM Agent. For more information on configuring and installing the SSM Agent on your instances, see Installing and Configuring SSM Agent.

Regional Deployments

This solution uses Amazon Inspector which is available in specific AWS Regions only. If you deploy this solution in a region that does not support this service, the Amazon Inspector resources will not be deployed.

While AWS Systems Manager is available in the AWS GovCloud (US) Region, some solution features are not available in that region. We recommend that you deploy this solution in regions that support all solution features.

Currently, Systems Manager is not available in EU West 3 (Paris) Region, however you can successfully deploy the Server Fleet Manager at Scale solution in this region. All Systems Manager resources can be located in the Amazon EC2 dashboard.