AWS Systems Manager
User Guide

Getting Started with Configuration Compliance

To get started with Configuration Compliance, complete the following tasks.

Task For More Information

Configuration Compliance works with Patch Manager patch data, State Manager associations, and custom compliance types on Systems Manager managed instances. Verify that your Amazon EC2 instances and hybrid machines are configured as managed instances by verifying Systems Manager prerequisites.

Systems Manager Prerequisites

Update SSM Agent on your managed instances to the latest version.

Installing and Configuring SSM Agent

If you plan to monitor patch compliance, verify that you've configured Systems Manager Patch Manager. You must perform patching operations by using Patch Manager before Configuration Compliance can display patch compliance data.

AWS Systems Manager Patch Manager

If you plan to monitor association compliance, verify that you've created State Manager associations. You must create associations before Configuration Compliance can display association compliance data.

AWS Systems Manager State Manager

(Optional) Configure the system to view compliance history and change tracking.

Viewing Compliance Configuration History and Change Tracking

(Optional) Create custom compliance types.

Configuration Compliance Walkthrough (AWS CLI)

(Optional) Create a Resource Data Sync to aggregate all compliance data in a target Amazon S3 bucket.

Create a Resource Data Sync for Configuration Compliance