Run Command provides a simple way of automating common administrative tasks like remotely executing shell scripts or PowerShell commands, installing software updates, or making changes to the configuration of OS, software, EC2 and instances and servers in your on-premises data center.
State Manager helps you define and maintain consistent OS configurations such as firewall settings and anti-malware definitions to comply with your policies. You can monitor the configuration of a large set of instances, specify a configuration policy for the instances, and automatically apply updates or configuration changes.
Inventory helps you collect and query configuration and inventory information about your instances and the software installed on them. You can gather details about your instances such as installed applications, DHCP settings, agent detail, and custom items. You can run queries to track and audit your system configurations.
Maintenance windows let you define a recurring window of time to run administrative and maintenance tasks across your instances. This ensures that installing patches, updates, or making other configuration changes do not disrupt business critical operations, which helps improve your application availability.
AWS Systems Manager helps you securely distribute and install software packages, such as software agents. Systems Manager Distributor allows you to centrally store and systematically distribute software packages while you maintain control over versioning. You can use Distributor to create and distribute software packages and then install them using Systems Manager Run Command and State Manager. Distributor can also use Identity and Access Management (IAM) policies to control who can create or update packages in your account. You can use the existing IAM policy support for Systems Manager Run Command and State Manager to define who can install packages on your hosts.
Patch Manager helps you select and deploy operating system and software patches automatically across large groups of instances. You can define a maintenance window for patches to be applied only during set times that fit your needs. These capabilities are helpful to ensure your software is always up to date and meets your compliance policies.
The Automation feature simplifies common maintenance and deployment tasks, such as updating Amazon Machine Images (AMI). With the Automation feature in Systems Manager, you can apply patches, update drivers and agents, or bake applications in to your AMI using a streamlined, repeatable, and auditable process.
AWS Systems Manager Parameter Store provides a way to manage your configuration data, whether plain-text data such as database strings or secrets such as passwords. This allows you to separate your secrets and configuration data from your code. Parameters can be tagged and organized into hierarchies, helping you manage parameters more easily. For example, you can use the same parameter name, "db-string", with a different hierarchical path, "dev/db-string” or “prod/db-string", to store different values. Systems Manager is integrated with AWS Key Management Service (KMS), allowing you to automatically encrypt the data you store. You can also control user and resource access to parameters using AWS Identity and Access Management (IAM). Parameters can be referenced through other AWS services, such as Amazon Elastic Container Service, AWS Lambda, and AWS CloudFormation.