AWS Systems Manager
User Guide

AWS Systems Manager Configuration Compliance

You can use AWS Systems Manager Configuration Compliance to scan your fleet of managed instances for patch compliance and configuration inconsistencies. You can collect and aggregate data from multiple AWS accounts and Regions, and then drill down into specific resources that aren’t compliant. By default, Configuration Compliance displays current compliance data about Systems Manager Patch Manager patching and Systems Manager State Manager associations. Systems Manager Compliance offers the following additional benefits and features:

  • View compliance history and change tracking for Patch Manager patching data and State Manager associations by using AWS Config.

  • Customize Systems Manager Compliance to create your own compliance types based on your IT or business requirements.

  • Remediate issues by using Systems Manager Run Command, State Manager, or Amazon CloudWatch Events.

  • Port data to Amazon Athena and Amazon QuickSight to generate fleet-wide reports.

Configuration Compliance is offered at no additional charge. You only pay for the AWS resources that you use.

Note

Systems Manager integrates with Chef InSpec. InSpec is an open-source, runtime framework that enables you to create human-readable profiles on GitHub or Amazon S3. Then you can use Systems Manager to run compliance scans and view compliant and noncompliant instances. For more information, see Using Chef InSpec Profiles with Systems Manager Compliance.