Quick Setup Host Management - AWS Systems Manager

Quick Setup Host Management

Use Quick Setup, a capability of AWS Systems Manager, to quickly configure required security roles and commonly used Systems Manager capabilities on your Amazon Elastic Compute Cloud (Amazon EC2) instances. You can use Quick Setup in an individual account or across multiple accounts and AWS Regions by integrating with AWS Organizations. These capabilities help you manage and monitor the health of your instances while providing the minimum required permissions to get started.

If you're unfamiliar with Systems Manager services and features, we recommend that you review the AWS Systems Manager User Guide before creating a configuration with Quick Setup. For more information about Systems Manager, see What is AWS Systems Manager?.

Note

You can't create multiple Quick Setup Host Management configurations that target the same AWS Region.

To set up host management, perform the following tasks in the AWS Systems Manager Quick Setup console.

To set up host management with Quick Setup

  1. Open the AWS Systems Manager console at https://console.aws.amazon.com/systems-manager/.

  2. In the navigation pane, choose Quick Setup.

    -or-

    If the AWS Systems Manager home page opens first, choose the menu icon ( ) to open the navigation pane, and then choose Quick Setup in the navigation pane.

  3. Choose Create.

  4. Choose Host management, and then choose Next.

  5. In the Configuration options section, choose the options that you want to allow for your configuration.

    • Update Systems Manager (SSM) Agent every two weeks – Enables Systems Manager to check every two weeks for a new version of the agent. If there is a new version, then Systems Manager automatically updates the agent on your managed node to the latest released version.

      We encourage you to choose this option to ensure that your nodes are always running the most up-to-date version of SSM Agent. For more information about SSM Agent, including information about how to manually install the agent, see Working with SSM Agent.

    • Collect inventory from your instances every 30 minutes – Enables Quick Setup to configure collection of the following types of metadata:

      • AWS components – EC2 driver, agents, versions, and more.

      • Applications – Application names, publishers, versions, and more.

      • Node details – System name, operating system (OS) name, OS version, last boot, DNS, domain, work group, OS architecture, and more.

      • Network configuration – IP address, MAC address, DNS, gateway, subnet mask, and more.

      • Services – Name, display name, status, dependent services, service type, start type, and more (Windows Server nodes only).

      • Windows roles – Name, display name, path, feature type, installed state, and more (Windows Server nodes only).

      • Windows updates – Hotfix ID, installed by, installed date, and more (Windows Server nodes only).

      For more information about Inventory, a capability of AWS Systems Manager, see AWS Systems Manager Inventory.

      Note

      The Inventory collection option can take up to 10 minutes to complete, even if you only selected a few nodes.

    • Scan Instances for missing patches daily – Enables Patch Manager, a capability of Systems Manager, to scan your nodes daily and generate a report in the Compliance page. The report shows how many nodes are patch-compliant according to the default patch baseline. The report includes a list of each node and its compliance status.

      For more information about patching operations and patch baselines, see AWS Systems Manager Patch Manager. To view compliance information, see the Systems Manager Compliance page.

    • Install and configure the CloudWatch agent – Installs the basic configuration of the unified CloudWatch agent on your Amazon EC2 instances. The agent collects metrics and log files from your instances for Amazon CloudWatch. This information is consolidated so you can quickly determine the health of your instances. For more information about the CloudWatch agent basic configuration, see CloudWatch agent predefined metric sets. There might be added cost. For more information, see Amazon CloudWatch pricing.

    • Update the CloudWatch agent once every 30 days – Enables Systems Manager to check every 30 days for a new version of the CloudWatch agent. If there is a new version, Systems Manager updates the agent on your instance. We encourage you to choose this option to ensure that your instances are always running the most up-to-date version of the CloudWatch agent.

  6. In the Targets section, choose whether to set up host management for your Entire organization, Custom organizational units (OUs), or the Current account you're signed in to:

    • Entire organization – In the Instance profile options section, choose whether you want to add the required IAM policies to the existing instance profiles attached to your instances, or to allow Quick Setup to create the IAM policies and instance profiles with the permissions needed for the configuration you choose.

      Note

      The Entire organization option is only available if you're configuring host management from your organization's management account.

    • Custom – In the Target OUs section, select the OUs where you want to set up host management. Next, in the Target Regions section, select the Regions where you want to set up host management. Then, in the Instance profile options section, choose whether you want to add the required IAM policies to the existing instance profiles attached to your instances, or to allow Quick Setup to create the IAM policies and instance profiles with the permissions needed for the configuration you choose.

    • Current account – Select Current Region or Choose Regions. Next, select how you want to target instances. Then, if you selected Current Region, continue to step 7. If you selected Choose Regions choose the Target Regions where you want to set up host management and then continue to step 7.

  7. Choose Create.