by Ananth Vaidyanathan, Sr. Product Manager, AWS

1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Ananth Vaidyanathan, Sr. Product Manager
March 2017
Amazon EC2 Systems Manager
Fleet Management Automation

2. Customer challenges
Traditional IT toolset
not built for cloud
scale infrastructure
Maintaining
enterprise-wide
visibility is challenging
Deploying multiple
products is a
significant overhead
Licensing costs &
complexity
Managing cloud and hybrid environments using
a traditional toolset is complex and costly

3. Introducing Amazon EC2 Systems Manager
A set of capabilities that...
...enable automated configuration...
...and ongoing management of systems at scale...
...across all of your Windows and Linux workloads...
...running in Amazon EC2 or on-premises…
...at no charge; only pay for AWS resources you manage

4. Why should I care?
Support for hybrid
Architecture
Cross-platform Scalable
Secure Easy-to-write
automation
Expected Reduction
in Total Cost of
Ownership (TCO)

5. Part of range of AWS services

6. Amazon EC2 Systems Manager – Components
Run Command State Manager Inventory Maintenance Window
Patch Manager Automation Parameter Store

7. Documents

8. Remotely and securely manage servers or virtual machines at
scale running in your data center or in AWS
 Lock down SSH and RDP access to machines – improve security
posture
 Execute commands across multiple instances simultaneously
 Support for AWS and on-premises infrastructure
 Granular permissions to control access through AWS Identity &
Access Management
 Logging using AWS CloudTrail
Run Command: Overview

9. Bootstrap, Configure and
Manage Software
 provides predefined commands
for both Linux and Windows
 Simplify bootstrapping of varied
software / agents
Run Command: Use Cases
Operating System
Configuration
 Perform operating system changes
 Manage local users & permissions
 Support for PowerShell and Linux
commands

10. Configure Diagnostics &
Monitoring
 Check the health of services and
remotely stop/start processes
 Monitor and action instance stats
such as disk system usage
Run Command: Use Cases
Centrally Gather Configuration
Information
 Execute custom commands or
scripts that check for updates
 Configure and act upon log or
other instance data

11. Define and maintain consistent configuration of operating
systems and applications running in your data center or in AWS
 Control configuration details such as anti-virus settings, iptables, etc.
 Define your own schedules for deployment reviews
 Compare actual deployments against specified configuration policy
 State Manager reapplies policies if state drift is detected
 Query State Manager to view status of deployments at aggregate or
at an instance level
State Manager: Overview

12. Maintain a Consistent
Configuration
 Specify and automatically
maintain the desired configuration
 Automatically apply configuration
changes, settings or patches
State Manager: Use Cases
Reduce Configuration Drift
 Periodically reapply policies to your
instances
 Query the status of your
configurations at any time

13. Bootstrap and Auto-
remediation
 Bootstrap applications through
State Formation – CloudFormation
integration
 Set up AWS Config Rules to
trigger an association from a
Lambda function to remediate the
instance
State Manager: Use Cases
Configure Applications in an
AutoScaling Group
 Bootstrap instances on launch in
an AutoScaling group
 Ensure these instances are
configured throughout lifecycle

14. Provides visibility into the software catalogue and configuration
for your Amazon EC2 instances and on-premises servers
 Gather detail on a variety of attributes, such as:
 Installed applications & OS details
 AWS components and agents
 Network configuration
 Inventory attributes are stored in AWS Config for auditing
 Assess compliance of configurations using AWS Config Rules
Inventory: Overview

15. Discover and Audit your
Software
 Collect detailed information on the
software in your instances
 Measure usage of licensed
software across your fleet
Inventory: Use Cases
Security & Incident Analysis
 Historical record of inventory
changes over time
 proactive notification if your
configurations become non-compliant

16. Define one or more recurring windows of time during which it is
acceptable for any disruptive operation to occur
 Associate your instances with defined maintenance windows
 Create different maintenance windows for different groups of servers
 Works with both Amazon EC2 and on-premises infrastructure
Maintenance Window: Overview

17. Automatically perform tasks in
defined windows of time
 Define a maintenance window
using cron or rate expressions
 Schedule maintenance so it doesn't
overlap key business periods
Maintenance Window: Use Cases
Prioritise tasks and define
timeout criteria
 Facilitate prioritization of key tasks
during maintenance windows
 Execute tasks with specific IAM
roles for granular security control

18. CRON/Task Scheduler
Replacement
 Move from instance-based
scheduling to service-initiated
scheduling
 Single location for job history and
logs
 CloudWatch Events support for
task status and results
Maintenance Window: Use Cases

19. Automated tool that helps you simplify your Windows operating
system patching process
 Select the patches you want to deploy
 Control timing for patch roll-outs and instance reboots
 Define auto-approval rules for patches
 Ability to black-list or white-list specific patches
 Schedule the automatic roll out through maintenance windows
Patch Manager: Overview

20. Automate Patch Approvals
 Define patch baselines by
products, categories & severities
 Define approval rules and
exceptions
Patch Manager: Use Cases
Manage Patch Compliance
 Get up to date information on
patch compliance
 Identify instances with missing
patches

21. Simplifies common maintenance and deployment tasks, such as
updating Amazon Machine Images (AMIs)
 Patch, update agents, or bake applications into your AMIs
 Build workflows to accomplish complex tasks
 Use pre-defined workflows or build your own
Automation: Overview

22. Maintain and Update your AMIs
 Integrates with CloudWatch for
proactive notifications
 Use in conjunction with
Maintenance Windows
Automation: Use Cases
Include Applications in your AMIs
 Bake applications into an image
 Incorporate Automation as part of
your change management process

23. Centralized store to manage your configuration data, including plain-text
data or secrets, encrypted through AWS Key Management System (KMS)
 Critical information stored securely within your environment
 Integrates with AWS IAM, AWS KMS, AWS CloudTrail
 Access control at parameter-level or even at API level
 Re-use across your AWS configuration and automation workflows
 Amazon EC2 Systems Manager capabilities (Run Command,
Automation, State Manager, etc.)
 AWS services (Amazon ECS, AWS Lambda, etc.)
Parameter Store: Overview

24. Easy configuration of
applications
 Create env-specific parameters
and reference in workflow
 Perform config-management at
scale without plain-text passwords
Parameter Store: Use Cases
Secure domain join
 Create secure string parameter
with domain join password
 Control access to specific users
and refer using simple syntax

25. Secure application deployment
 Improve security posture by not hardcoding configuration
secrets in source code using CodeDeploy or Code Pipeline
 Deploy containerized apps by using parameters in Amazon
ECS task definitions
Parameter Store: Use Cases

26. In summary...
Hybrid Cross-platform Scalable
Secure Easy-to-write
automation
Expected Reduction
in Total Cost of
Ownership (TCO)

27. Ananth Vaidyanathan
Sr. Product Manager
E: ananva@amazon.com
https://aws.amazon.com/ec2/systems-manager/