Amazon Systems Manager Features

OpsCenter provides a central location where operations engineers and IT professionals can view, investigate, and resolve operational issues related to any Amazon Web Services resource. OpsCenter aggregates and standardizes operational issues, referred to as OpsItems, while providing contextually relevant data that helps with diagnosis and remediation. Engineers working on an OpsItem get access to information such as:

• Event, resource and account details
• Past OpsItems with similar characteristics
• Related Amazon Config changes
• Amazon CloudTrail logs
• Amazon CloudWatch alarms
• Stack information
• Other quick-links to access logs and metrics
• List of runbooks and recommended runbooks
• Other information passed to OpsCenter through Amazon Web Services services

This information helps engineers to investigate and remediate operational issues faster. Engineers can use OpsCenter to view and address issues using the Systems Manager console or via the Systems Manager OpsCenter APIs.

Amazon Systems Manager Explorer is a customizable dashboard, providing key insights and analysis into the operational health and performance of your Amazon Web Services environment. Explorer aggregates operational data to help you prioritize and identify where action may be required.

Amazon Web Services AppConfig helps you deploy application configuration in a managed and a monitored way just like code deployments, but without the need to deploy the code if a configuration value changes. Amazon Web Services AppConfig scales with your infrastructure so you can deploy configurations to any number of Amazon EC2 instances, containers, Amazon Lambda functions, mobile apps, IoT devices or on-premises instances. Amazon Web Services AppConfig enables you to update configurations by entering changes through the API or Console. Amazon Web Services AppConfig allows you to validate those changes semantically and syntactically to ensure configurations are aligned to their respective applications’ expectation, thus enabling you to help prevent potential outages. You can deploy your application configurations with similar best practices as code deployments, including staging roll-outs, monitoring alarms, and roll back changes should an error occur.

Run Command provides a simple way of automating common administrative tasks like remotely executing shell scripts or PowerShell commands, installing software updates, or making changes to the configuration of OS, software, EC2 and instances and servers in your on-premises data center.

State Manager helps you define and maintain consistent OS configurations such as firewall settings and anti-malware definitions to comply with your policies. You can monitor the configuration of a large set of instances, specify a configuration policy for the instances, and automatically apply updates or configuration changes.

Inventory helps you collect and query configuration and inventory information about your instances and the software installed on them. You can gather details about your instances such as installed applications, DHCP settings, agent detail, and custom items. You can run queries to track and audit your system configurations.

Maintenance windows let you define a recurring window of time to run administrative and maintenance tasks across your instances. This ensures that installing patches, updates, or making other configuration changes do not disrupt business critical operations, which helps improve your application availability.

Amazon Systems Manager Fleet Manager streamlines your remote management process for servers and edge devices. With Fleet Manager, you save time and money by managing and troubleshooting your fleet running in the cloud or on premise, without the need to remotely connect to them. You can drill down to individual nodes (services, devices, or other resources) to perform common system management tasks such as disk and file exploration, log management, Windows Registry operations, and user management from a console. In break-glass scenarios, you can quickly gain secure shell, CLI, and console-based Remote Desktop Protocol (RDP) access to your instances, from a console, to respond to issues faster.

Amazon Systems Manager helps you securely distribute and install software packages, such as software agents. Systems Manager Distributor allows you to centrally store and systematically distribute software packages while you maintain control over versioning. You can use Distributor to create and distribute software packages and then install them using Systems Manager Run Command and State Manager. Distributor can also use Identity and Access Management (IAM) policies to control who can create or update packages in your account. You can use the existing IAM policy support for Systems Manager Run Command and State Manager to define who can install packages on your hosts.

Patch Manager helps you select and deploy operating system and software patches automatically across large groups of instances. You can define a maintenance window for patches to be applied only during set times that fit your needs. These capabilities are helpful to ensure your software is always up to date and meets your compliance policies.

The Automation feature simplifies common maintenance and deployment tasks, such as updating Amazon Machine Images (AMI). With the Automation feature in Systems Manager, you can apply patches, update drivers and agents, or bake applications in to your AMI using a streamlined, repeatable, and auditable process.

Amazon Systems Manager Parameter Store provides a way to manage your configuration data, whether plain-text data such as database strings or secrets such as passwords. This allows you to separate your secrets and configuration data from your code. Parameters can be tagged and organized into hierarchies, helping you manage parameters more easily. For example, you can use the same parameter name, "db-string", with a different hierarchical path, "dev/db-string” or “prod/db-string", to store different values. Systems Manager is integrated with Amazon Key Management Service (KMS), allowing you to automatically encrypt the data you store. You can also control user and resource access to parameters using Amazon Identity and Access Management (IAM). Parameters can be referenced through other Amazon Web Services services, such as Amazon Elastic Container Service, Amazon Lambda, and Amazon CloudFormation.