2. Customer challenges
Traditional IT toolset
not built for cloud
scale infrastructure
Maintaining
enterprise-wide
visibility is challenging
Deploying multiple
products is a
significant overhead
Licensing costs &
complexity
Managing cloud and hybrid environments using
a traditional toolset is complex and costly
3. Introducing Amazon EC2 Systems Manager
A set of capabilities that...
...enable automated configuration...
...and ongoing management of systems at scale...
...across all of your Windows and Linux workloads...
...running in Amazon EC2 or on-premises…
...at no charge; only pay for AWS resources you manage
4. Why should I care?
Support for hybrid
Architecture
Cross-platform Scalable
Secure Easy-to-write
automation
Expected Reduction
in Total Cost of
Ownership (TCO)
8. Remotely and securely manage servers or virtual machines at
scale running in your data center or in AWS
Lock down SSH and RDP access to machines – improve security
posture
Execute commands across multiple instances simultaneously
Support for AWS and on-premises infrastructure
Granular permissions to control access through AWS Identity &
Access Management
Logging using AWS CloudTrail
Run Command: Overview
9. Bootstrap, Configure and
Manage Software
provides predefined commands
for both Linux and Windows
Simplify bootstrapping of varied
software / agents
Run Command: Use Cases
Operating System
Configuration
Perform operating system changes
Manage local users & permissions
Support for PowerShell and Linux
commands
10. Configure Diagnostics &
Monitoring
Check the health of services and
remotely stop/start processes
Monitor and action instance stats
such as disk system usage
Run Command: Use Cases
Centrally Gather Configuration
Information
Execute custom commands or
scripts that check for updates
Configure and act upon log or
other instance data
11. Define and maintain consistent configuration of operating
systems and applications running in your data center or in AWS
Control configuration details such as anti-virus settings, iptables, etc.
Define your own schedules for deployment reviews
Compare actual deployments against specified configuration policy
State Manager reapplies policies if state drift is detected
Query State Manager to view status of deployments at aggregate or
at an instance level
State Manager: Overview
12. Maintain a Consistent
Configuration
Specify and automatically
maintain the desired configuration
Automatically apply configuration
changes, settings or patches
State Manager: Use Cases
Reduce Configuration Drift
Periodically reapply policies to your
instances
Query the status of your
configurations at any time
13. Bootstrap and Auto-
remediation
Bootstrap applications through
State Formation – CloudFormation
integration
Set up AWS Config Rules to
trigger an association from a
Lambda function to remediate the
instance
State Manager: Use Cases
Configure Applications in an
AutoScaling Group
Bootstrap instances on launch in
an AutoScaling group
Ensure these instances are
configured throughout lifecycle
14. Provides visibility into the software catalogue and configuration
for your Amazon EC2 instances and on-premises servers
Gather detail on a variety of attributes, such as:
Installed applications & OS details
AWS components and agents
Network configuration
Inventory attributes are stored in AWS Config for auditing
Assess compliance of configurations using AWS Config Rules
Inventory: Overview
15. Discover and Audit your
Software
Collect detailed information on the
software in your instances
Measure usage of licensed
software across your fleet
Inventory: Use Cases
Security & Incident Analysis
Historical record of inventory
changes over time
proactive notification if your
configurations become non-compliant
16. Define one or more recurring windows of time during which it is
acceptable for any disruptive operation to occur
Associate your instances with defined maintenance windows
Create different maintenance windows for different groups of servers
Works with both Amazon EC2 and on-premises infrastructure
Maintenance Window: Overview
17. Automatically perform tasks in
defined windows of time
Define a maintenance window
using cron or rate expressions
Schedule maintenance so it doesn't
overlap key business periods
Maintenance Window: Use Cases
Prioritise tasks and define
timeout criteria
Facilitate prioritization of key tasks
during maintenance windows
Execute tasks with specific IAM
roles for granular security control
18. CRON/Task Scheduler
Replacement
Move from instance-based
scheduling to service-initiated
scheduling
Single location for job history and
logs
CloudWatch Events support for
task status and results
Maintenance Window: Use Cases
19. Automated tool that helps you simplify your Windows operating
system patching process
Select the patches you want to deploy
Control timing for patch roll-outs and instance reboots
Define auto-approval rules for patches
Ability to black-list or white-list specific patches
Schedule the automatic roll out through maintenance windows
Patch Manager: Overview
20. Automate Patch Approvals
Define patch baselines by
products, categories & severities
Define approval rules and
exceptions
Patch Manager: Use Cases
Manage Patch Compliance
Get up to date information on
patch compliance
Identify instances with missing
patches
21. Simplifies common maintenance and deployment tasks, such as
updating Amazon Machine Images (AMIs)
Patch, update agents, or bake applications into your AMIs
Build workflows to accomplish complex tasks
Use pre-defined workflows or build your own
Automation: Overview
22. Maintain and Update your AMIs
Integrates with CloudWatch for
proactive notifications
Use in conjunction with
Maintenance Windows
Automation: Use Cases
Include Applications in your AMIs
Bake applications into an image
Incorporate Automation as part of
your change management process
23. Centralized store to manage your configuration data, including plain-text
data or secrets, encrypted through AWS Key Management System (KMS)
Critical information stored securely within your environment
Integrates with AWS IAM, AWS KMS, AWS CloudTrail
Access control at parameter-level or even at API level
Re-use across your AWS configuration and automation workflows
Amazon EC2 Systems Manager capabilities (Run Command,
Automation, State Manager, etc.)
AWS services (Amazon ECS, AWS Lambda, etc.)
Parameter Store: Overview
24. Easy configuration of
applications
Create env-specific parameters
and reference in workflow
Perform config-management at
scale without plain-text passwords
Parameter Store: Use Cases
Secure domain join
Create secure string parameter
with domain join password
Control access to specific users
and refer using simple syntax
25. Secure application deployment
Improve security posture by not hardcoding configuration
secrets in source code using CodeDeploy or Code Pipeline
Deploy containerized apps by using parameters in Amazon
ECS task definitions
Parameter Store: Use Cases