AWS Systems Manager
User Guide

What Is AWS Systems Manager?

AWS Systems Manager is an AWS service that you can use to view and control your infrastructure on AWS. Using the Systems Manager console, you can view operational data from multiple AWS services and automate operational tasks across your AWS resources. Systems Manager helps you maintain security and compliance by scanning your managed instances and reporting on (or taking corrective action on) any policy violations it detects.

A managed instance is a machine that has been configured for use with Systems Manager. Systems Manager also helps you configure and maintain your managed instances. Supported machine types include Amazon EC2 instances, on-premises servers, and virtual machines (VMs), including VMs in other cloud environments. Supported operating system types include Windows Server, multiple distributions of Linux, and Raspbian.

Using Systems Manager, you can associate AWS resources together by applying the same identifying resource tag to each of them. You can then view operational data for these resources as a resource group, to help monitor and troubleshoot.

For example, you can assign a resource tag of "Operation=North Region OS Patching" to all of the following resources:

  • A group of Amazon EC2 instances

  • A group of on-premises servers in your own facility

  • A Systems Manager patch baseline that specifies which patches to apply to your managed instances

  • An Amazon S3 bucket to store patching operation log output

  • A Systems Manager maintenance window that specifies the schedule for the patching operation

After tagging the resources, you can view a consolidated dashboard in Systems Manager that reports the status of all the resources that are part of the patching operation in your North region. If a problem arises with any of these resources, you can take corrective action immediately.

Capabilities in Systems Manager

Systems Manager is comprised of individual capabilities, which are grouped into four categories: Operations Management, Actions & Change, Instances & Nodes, and Shared Resources.

This collection of capabilities is a powerful set of tools and features that you can use to perform many operational tasks. For example:

  • Group AWS resources together by any purpose or activity you choose, such as application, environment, region, project, campaign, business unit, or software lifecycle.

  • Centrally define the configuration options and policies for your managed instances.

  • Centrally view, investigate, and resolve operational work items related to AWS resources.

  • Automate or schedule a variety of maintenance and deployment tasks.

  • Use and create runbook-style SSM documents that define the actions to perform on your managed instances.

  • Run a command, with rate and error controls, that targets an entire fleet of managed instances.

  • Securely connect to a managed instance with a single click, without having to open an inbound port or manage SSH keys.

  • Separate your secrets and configuration data from your code by using parameters, with or without encryption, and then reference those parameters from a number of other AWS services.

  • Perform automated inventory by collecting metadata about your Amazon EC2 and on-premises managed instances. Metadata can include information about applications, network configurations, and more.

  • View consolidated inventory data from multiple AWS Regions and accounts that you manage.

  • Quickly see which resources in your account are out of compliance and take corrective action from a centralized dashboard.

  • View active summaries of metrics and alarms for your AWS resources.

Systems Manager simplifies resource and application management, shortens the time to detect and resolve operational problems, and helps you operate and manage your AWS infrastructure securely at scale.

Note

AWS Systems Manager was formerly known as Amazon Simple Systems Manager (SSM) and Amazon EC2 Systems Manager (SSM). For more information, see Systems Manager Service Name History.

Video: What is AWS Systems Manager?

View a video introduction to Systems Manager (Duration: 1:42)

View more AWS videos on the Amazon Web Services YouTube Channel.

Systems Manager Supported Regions

AWS Systems Manager is available in the AWS Regions listed in the AWS Systems Manager Supported Regions table in the AWS General Reference. Before starting your Systems Manager configuration process, we recommend that you ensure the service is available in each of the AWS Regions you want to use it in.

For on-premises servers and VMs in your hybrid environment, we recommend that you choose the Region closest to your data center or computing environment.

Systems Manager Pricing

Some Systems Manager capabilities charge a fee. For more information, see AWS Systems Manager Pricing.

Systems Manager Service Name History

AWS Systems Manager (Systems Manager) was formerly known as "Amazon Simple Systems Manager (SSM)" and "Amazon EC2 Systems Manager (SSM)". The original abbreviated name of the service, "SSM", is still reflected in various AWS resources, including a few other service consoles. Some examples:

  • Systems Manager Agent: SSM Agent

  • Systems Manager parameters: SSM parameters

  • Systems Manager service endpoints: ssm.us-east-2.amazonaws.com

  • AWS CloudFormation resource types: AWS::SSM::Document

  • AWS Config rule identifier: EC2_INSTANCE_MANAGED_BY_SSM

  • AWS CLI commands: aws ssm describe-patch-baselines

  • AWS Identity and Access Management (IAM) managed policy names: AmazonSSMReadOnlyAccess

  • Systems Manager resource ARNs: arn:aws:ssm:us-east-2:111222333444:patchbaseline/pb-07d8884178EXAMPLE

Related Content

The following resources can help you work directly with Systems Manager.

The following related resources can help you as you work with this service.

  • Classes & Workshops – Links to role-based and specialty courses as well as self-paced labs to help sharpen your AWS skills and gain practical experience.

  • AWS Developer Tools – Links to developer tools, SDKs, IDE toolkits, and command line tools for developing and managing AWS applications.

  • AWS Whitepapers – Links to a comprehensive list of technical AWS whitepapers, covering topics such as architecture, security, and economics and authored by AWS Solutions Architects or other technical experts.

  • AWS Support Center – The hub for creating and managing your AWS Support cases. Also includes links to other helpful resources, such as forums, technical FAQs, service health status, and AWS Trusted Advisor.

  • AWS Support – The primary web page for information about AWS Support, a one-on-one, fast-response support channel to help you build and run applications in the cloud.

  • Contact Us – A central contact point for inquiries concerning AWS billing, account, events, abuse, and other issues.

  • AWS Site Terms – Detailed information about our copyright and trademark; your account, license, and site access; and other topics.