What is AWS Systems Manager?
AWS Systems Manager is a centralized management platform for AWS resources and on-premise servers. The service provides a unified interface for patch management, automation, configuration management, and secure remote access to your infrastructure.
Systems Manager solves the problem of fragmented server management. Instead of using different tools for patching, configuration, and access, the service provides an integrated solution with audit trail and IAM integration.
Core Features
- Patch Manager for automated patching according to defined schedules
- Parameter Store for secure storage of configuration values and secrets
- Session Manager for secure shell access without SSH ports
- Run Command for executing commands on multiple instances simultaneously
- Automation for complex runbooks with approval workflows
Typical Use Cases
Automated Patching: Define maintenance windows and patch baselines to automatically keep EC2 instances up to date without manual intervention.
Secure Configuration Management: Store database passwords, API keys, and configuration parameters centrally in Parameter Store and reference them in CloudFormation, Lambda, or EC2.
Secure Server Access: Session Manager replaces bastion hosts and SSH keys with browser-based sessions featuring complete audit logging and IAM-based access control.
Benefits
- Many features available for free
- Unified management of cloud and on-premise resources
- Complete audit log of all actions
- Deep integration with other AWS services
Integration with innFactory
As an AWS Reseller, innFactory supports you with AWS Systems Manager: patch strategy implementation, automation runbook development, migration from bastion hosts to Session Manager, and CI/CD pipeline integration.
Typical Use Cases
Frequently Asked Questions
What does Systems Manager cost?
Many features are free: Patch Manager, Session Manager, Inventory, Run Command. Parameter Store has a free tier. Costs apply for Advanced Parameters, OpsCenter, and Change Manager above certain usage levels.
Can I manage on-premise servers with this?
Yes, by installing the SSM Agent, on-premise servers and VMs can be registered as managed instances. They then receive the same management capabilities as EC2 instances.
What is the difference to Secrets Manager?
Parameter Store stores configuration values and secrets with optional encryption. Secrets Manager specializes in secrets with automatic rotation and higher costs. For simple secrets, Parameter Store is often sufficient.
How does Session Manager work?
Session Manager enables browser-based shell access to EC2 instances without open SSH ports. All sessions are logged and can be stored in S3 or CloudWatch. IAM controls access permissions.