What is AWS Systems Manager Distributor?

Distributor is an AWS Systems Manager feature that enables you to securely store and distribute software packages in your organization. You can use Distributor with existing Systems Manager features like Run Command and State Manager to control the lifecycle of the packages running on your instances.

What is AWS Systems Manager patch manager?

AWS Systems Manager helps you select and deploy operating system and software patches automatically across large groups of Amazon EC2 or on-premises instances. Through patch baselines, you can set rules to auto-approve select categories of patches to be installed, such as operating system or high severity patches, and you can specify a list of patches that override these rules and are automatically approved or rejected. You can also schedule maintenance windows for your patches so that they are only applied during preset times. Systems Manager helps ensure that your software is up-to-date and meets your compliance policies.

What is AWS Systems Manager run command?

AWS Systems Manager provides you safe, secure remote management of your instances at scale without logging into your servers, replacing the need for bastion hosts, SSH, or remote PowerShell. It provides a simple way of automating common administrative tasks across groups of instances such as registry edits, user management, and software and patch installations. Through integration with AWS IAM, you can apply granular permissions to control the actions users can perform on instances. All actions taken with Systems Manager are recorded by AWS CloudTrail, allowing you to audit changes throughout your environment.

What is Session Manager?

Session Manager is a fully managed service that provides you with an interactive browser-based shell and CLI experience. It helps provide secure and auditable instance management without the need to open inbound ports, maintain bastion hosts, and manage Secure Shell (SSH) keys. Session Manager helps to enable compliance with corporate policies that require controlled access to instances, increase security and auditability of instance access, while providing the simplicity and cross-platform instance access to end users.

What is AWS Systems Manager inventory?

AWS Systems Manager collects information about your instances and the software installed on them, helping you to understand your system configurations and installed applications. You can collect data about applications, files, network configurations, Windows services, registries, server roles, updates, and any other system properties. The gathered data enables you to manage application assets, track licenses, monitor file integrity, discover applications not installed by a traditional installer, and more.

What is AWS Systems Manager Fleet Manager?

With AWS Systems Manager Fleet Manager, you can streamline your remote server management process. Fleet Manager helps you to easily manage and troubleshoot your fleet of servers running on AWS and on premises. You can drill down to individual servers to perform a variety of system administration tasks, including disk and file exploration, log management, Windows Registry operations, and user management, without needing to remotely connect to your virtual machines.

What is an AWS Systems Manager maintenance window?

AWS Systems Manager lets you schedule windows of time to run administrative and maintenance tasks across your instances. This ensures that you can select a convenient and safe time to install patches and updates or make other configuration changes, improving the availability and reliability of your services and applications.

What is AWS Systems Manager Change Manager?

AWS Systems Manager Change Manager is a change management capability. With Change Manager, you can request, approve, implement, and report on operational changes to your application configuration and infrastructure. Change Manager streamlines change processes with pre-approved change workflows and automated approvals. It integrates with AWS Systems Manager Automation to make changes, tying the implementation directly to the change request. Change Manager integrates with both AWS Systems Manager Change Calendar to block changes during specified periods and Amazon CloudWatch to automatically roll back changes based on alarms. From Change Manager, you can review changes made across your organization, helping you to identify which changes are pending approval and to audit the results of completed changes.

What is AWS Systems Manager Application Manager?

AWS Systems Manager Application Manager helps DevOps engineers investigate and remediate issues with their resources on AWS and in multicloud and hybrid environments in the context of their applications.

What is AWS Systems Manager state manager?

AWS Systems Manager provides configuration management, which helps you maintain consistent configuration of your Amazon EC2 or on-premises instances. With Systems Manager, you can control configuration details such as server configurations, anti-virus definitions, firewall settings, and more. You can define configuration policies for your servers through the AWS Management Console or use existing scripts, PowerShell modules, or Ansible playbooks directly from GitHub or Amazon S3 buckets. Systems Manager automatically applies your configurations across your instances at a time and frequency that you define. You can query Systems Manager at any time to view the status of your instance configurations, giving you on-demand visibility into your compliance status.

What is Incident Manager?

Incident Manager helps you prepare for incidents with automated response plans. Response plans execute runbook actions, track incident updates, and enable chat-based collaboration while automatically notifying the appropriate people to respond.

What is AWS Systems Manager OpsCenter?

OpsCenter is a Systems Manager capability that provides a central location where operations engineers, IT professionals, and others can view, investigate, and resolve operational issues related to their environment. OpsCenter is designed to reduce mean time to resolution (MTTR) for impacted AWS and hybrid cloud resources. OpsCenter aggregates and standardizes operational issues, referred to as OpsItems, while providing contextually relevant data that helps with diagnosis and remediation. Information includes Config changes, AWS CloudTrail logs, resource description, AWS CloudWatch alarms, related OpsItems, and related resources. You can use our public APIs to create OpsItems from any source or use OpsItems integrated with Amazon CloudWatch Events. This means you can configure CloudWatch to automatically create OpsItems for any AWS service that publishes events to CloudWatch Events. You can create the following types of OpsItems leveraging manual or automated configurations: Resource failures, such as an Amazon EC2 Auto Scaling group failure to launch an instance or a Systems Manager Automation execution failure Resource performance issues, such as a throttling event for Amazon DynamoDB or degraded Amazon EBS volume performance Health alerts from various AWS services, such as scheduled maintenance for an Amazon Relational Database Service (RDS) instance or EC2 instance AWS Security Hub security alerts Resource state changes, such as an Amazon EC2 instance state change from running to stopped Any other work item that needs someone’s attention

What are Amazon CloudWatch Dashboards?

With Amazon CloudWatch Dashboards , you can create reusable dashboards that allow you to monitor your your resources on AWS and in multicloud and hybrid environments in one location. Metric data is kept for a period of fifteen months, enabling you to view up-to-the-minute data and also historical data.

What is AWS Systems Manager parameter store?

AWS Systems Manager provides a centralized store to manage your configuration data, whether plain-text data such as database strings or secrets such as passwords. This allows you to separate your secrets and configuration data from your code. Parameters can be tagged and organized into hierarchies, helping you manage parameters more easily. For example, you can use the same parameter name, "db-string", with a different hierarchical path, "dev/db-string” or “prod/db-string", to store different values. Systems Manager is integrated with AWS Key Management Service (KMS) , allowing you to automatically encrypt the data you store. You can also control user and resource access to parameters using AWS Identity and Access Management (IAM) . Parameters can be referenced through other AWS services, such as Amazon Elastic Container Service (ECS) , AWS Lambda , and AWS CloudFormation .

What is AWS Systems Manager automation?

AWS Systems Manager allows you to safely automate common and repetitive IT operations and management tasks across your resources on AWS and in multicloud and hybrid environments. With Systems Manager, you can create JSON documents that specify a specific list of tasks or use community published documents. These documents can be executed directly through the AWS Management Console , CLIs , and SDKs , scheduled in a maintenance window, or triggered based on changes to your resources on AWS and in multicloud and hybrid environments through Amazon CloudWatch Events. You can track the execution of each step in the documents as well as require approvals for each step. You can also incrementally roll out changes and automatically halt when errors occur.

What is AWS Systems Manager configuration compliance?

AWS Systems Manager lets you scan your managed instances for patch compliance and configuration inconsistencies. You can collect and aggregate data from multiple AWS accounts and Regions, and then drill down into specific resources that aren’t compliant. By default, AWS Systems Manager displays data about patching and associations . You can also customize the service and create your own compliance types based on your requirements.

What is AWS Systems Manager Explorer?

AWS Systems Manager Explorer is a customizable operations dashboard for your resources on AWS and in multicloud and hybrid environments. Explorer displays an aggregated view of operations data from across your AWS accounts and Regions. Explorer provides context into how operational issues are distributed across your business units or applications, how they trend over time, and how they vary by category.

What is AWS AppConfig?

AWS AppConfig is a feature of AWS Systems Manager that allows you to quickly validate and roll out configurations across an application of any size, whether hosted on Amazon EC2 instances, containers, AWS Lambda functions, mobile apps, or IoT devices, in a controlled and monitored way. AWS AppConfig enables you to validate configuration data to make sure it is syntactically and semantically correct according to your definitions before deploying it to your application. AWS AppConfig allows you to follow deployment best practices by rolling out configuration at a pace that you define while monitoring for errors, including using multiple values within feature flags to target specific or limited user cohorts. In case of errors, AWS AppConfig can roll back the changes to minimize impact to the application’s users.

What are the benefits of using Distributor?

Distributor helps you scale software package rollouts by enabling standardization of package distribution. By using Distributor with AWS Systems Manager Run Command and State Manager, you eliminate the need to build and maintain your own package distribution and installation tooling. Distributor also simplifies software package management by using a centralized repository for all of your packages. Distributor supports the use of IAM policies, providing full control over who can create and update packages. Distributor also helps enable secure software package distribution because your packages are encrypted in storage and all communication between Distributor and your instance is signed and encrypted.

Who should use AWS Systems Manager?

If you use multiple AWS services, AWS Systems Manager provides you with a centralized and consistent way to gather operational insights and carry out routine management tasks. You can use AWS Systems Manager to perform routine operations, track your development, test, and production environments, and proactively act on events or other operational incidents. AWS Systems Manager provides an operations complement to the more developer-focused tools you use, such as code editors and integrated development environments (IDEs). Similar to an IDE, AWS Systems Manager integrates a broad range of operations tools.

Why should I use AWS Systems Manager state manager?

Ensuring that the infrastructure that is powering your applications is consistent is a challenge. AWS Systems Manager allows you to create policies, reapply these policies to prevent configuration drift, and monitor the status of your intended state.

Does AWS provide any predefined commands?

Yes. There are predefined commands available which are designed to help with commonly used administrative tasks. For Windows you can run a PowerShell or Shell command or script, configure Windows Update settings, and deploy an MSI application and more. For Linux you run any Shell command or script, and remotely update an installed agent. You can also create custom commands to perform common tasks required for your environment.

What are the benefits of using Session Manager?

Session Manager improves your security posture by not requiring you to open inbound ports, or to maintain SSH keys or certificates on your instances. It also centralizes access to instances using AWS IAM. Once you enable Session Manager, you can connect to any Linux or Windows EC2 instance and track each user who started a session on each instance. You can audit which user accessed an instance and when using AWS CloudTrail, and log every command executed on an instance to Amazon S3 or Amazon CloudWatch Logs. Finally, with Session Manager you don’t need upfront investments to operate and maintain bastion hosts.

Why should I use AWS Systems Manager maintenance windows?

AWS Systems Manager maintenance windows help improve availability and reliability of your workloads by automatically performing tasks in a well-defined window of time, significantly reducing the impact of any operational or infrastructure failures.

What tasks can I automate?

You can automate any task that involves interaction with AWS and on-premises resources. Built-in action types let you easily interact with Amazon EC2 instances, AWS CloudFormation stacks, and more. Action types are available to invoke AWS Systems Manager run command, Python and PowerShell scripts, and AWS Lambda functions.

What are the benefits of using Change Manager?

With AWS Systems Manager Change Manager, you can improve the safety and governance of changes to application configuration and infrastructure, reducing the risk of service disruption. Change Manager helps to make operational changes safer by tracking required approvals and implementing only approved changes. Finally, Change Manager provides a consistent way to record and audit changes made across your organization, the intent of the changes, and who approved and implemented those changes, helping you to increase accountability.

Why should I use AWS Systems Manager parameter store?

It is a best practice to store configuration data and secrets separately from your code. You can use AWS Systems Manager parameter store to quickly store and reference configuration and sensitive information. Rather than storing data in config files or referencing them in plain text, you can store and obtain this information in your applications or scripts. Additionally, you control who has access to parameters so that only the right set of users has access to the appropriate information.

How are Amazon CloudWatch Dashboards integrated with AWS Systems Manager?

Your existing CloudWatch Dashboards are now available directly through AWS Systems Manager. You can also create new CloudWatch Dashboards directly from Systems Manager. Using CloudWatch Dashboards, you can build your own custom operational dashboards to reflect the health of an application component, an application tier, or general areas of operational ownership.

What is a response plan?

A response plan describes the contacts to notify – such as an on-call application team – and a set of procedures to follow to investigate and mitigate in response to an alarm (or set of alarms). The steps in the procedure, which can be manual or automated, are represented as a Systems Manager Automation document.

How do I specify when I want to patch an instance?

You can use an AWS Systems Manager maintenance window to define when patching occurs. AWS Systems Manager provides you the ability to define one or more recurring windows of time during which it is acceptable for your own maintenance to occur. By defining these windows and associating your instances with them, it is easier for you to ensure that any maintenance activities you perform on your instances that may affect the availability of a workload are done during a well-defined window of time.

Can I collect customized information from an Amazon EC2 instance or an on-premises instance?

Yes, you can create custom inventory types to collect additional system properties, which can be gathered by the instance itself or recorded using the API. Some examples include JSON-formatted results from PowerShell or other applications, and information statically stored in JSON files such as rack-info.

How do I get started using Application Manager?

To get started with AWS Systems Manager Application Manager, go to the AWS Systems Manager console and navigate to the Application Management category in the left navigation pane. Choose the Application Manager link to get started.

An OpsItem is an AWS resource-related operational event that needs a user’s attention, and potentially an investigation and resolution. It could be a resource-related failure, a maintenance notification, security alert, or a performance issue. An OpsItem includes relevant information that aids with investigation and resolution of the underlying event, such as impacted resources, similar past events, and recommended runbooks. High EC2 instance CPU utilization, AWS CodeDeploy Deployment Failed, or EC2 Automation Execution failed are some examples of common OpsItems.

OpsData is operations data displayed by the Explorer dashboard. OpsData comes from a variety of sources including EC2, OpsCenter, and Patch Manager. You can view and manage OpsData sources from the Explorer settings page.

Why should I use Fleet Manager?

AWS Systems Manager Fleet Manager streamlines your remote server management process in the following ways: With Fleet Manager’s centralized graphical user interface (GUI), you can easily manage your fleet of servers running on AWS and on premises. Fleet Manager is operating system (OS) agnostic. You can use Fleet Manager to perform common OS operations on Windows, Linux, and Mac-based servers. With Fleet Manager, you can run these OS operations seamlessly through the Systems Manager console, by choosing pre-built automation runbooks or bringing your own automation runbooks.

Can I track changes to my configuration over time?

Using an integration with AWS Config , you can monitor an instance's compliance with a desired configuration through AWS Config rules. This capability allows security experts and compliance auditors to have a complete audit trail of instance configuration changes, as well as receive proactive notifications in the event of non-compliance.

Who should use AWS AppConfig?

AWS AppConfig is designed for System administrators, DevOps teams, and developers who want to roll out configuration changes across their applications in a managed and monitored way, similar to the way they manage code, but without the need for deploying code when a configuration value changes, thus helping to mitigate the risk of outages. AWS AppConfig is for any size or type of company or organization that has targets (hosts, servers, AWS Lambda functions, containers, mobile devices, IoT devices, etc.) for configurations.

What are the benefits of using OpsCenter?

OpsCenter enables users to reduce their MTTR for operational issues, in some cases by over 50%. OpsCenter enables standardization and aggregation of operational issues (OpsItems) across various resources in a single place. Additionally, it brings together contextual information and operational tooling required to investigate and remediate issues. This reduces the time it takes engineers to navigate different tools to get relevant information. Working from a single location also minimizes the chances of manual errors, and reduces training time for newly hired engineers.

Can I make bulk changes across my environments?

Yes. You can act against large groups of instances by targeting using tag based queries. You can propagate changes safely across your environments by setting up rate control, which allows you to specify simultaneous execution batches with error thresholds.

How do I customize the patching process?

AWS Systems Manager provides a fully automated patching process. You can easily customize the patching process by writing your own AWS Systems Manager command or automation document.

How do I create my policies?

Policies can be easily created through AWS Systems Manager documents. In addition, you also have predefined configurations that you can use for installing applications, joining instances to domain and so on.

Who should use Session Manager?

Any AWS customer who wants to improve their security and audit posture, reduce operational overhead by centralizing access control on instances, and reduce inbound instance access will benefit from Session Manager. Information Security experts who want to monitor and track instance access and activity, and close down inbound ports on instances, or enable connecting to instances without a public IP will benefit from Session Manager. Administrators who want to grant and revoke access from a single place and want to provide one solution for Windows and Linux instances to users will benefit as well. Finally, operators can get started quickly by using the browser to click to start a session and then selecting an instance, or use the CLI, without having to provide SSH keys.

How do I view the compliance levels of my instances?

With AWS Systems Manager you can view patch compliance information, which tells you the detailed results of the patching process. You can easily get aggregate compliance details per instance. In addition, you can drill in further and for each instance you can determine which patches are installed, missing, not applicable, and which failed to install.

What is a change request?

You can create a change request for each operational change to be made using AWS Systems Manager Change Manager. A change request can include information about the change such as the intent, the runbook to be used, and any specified rollback procedures. A change request also maintains a timeline of its lifecycle events such as submission, approval, implementation, and completion.

How do you store sensitive data?

A secure string is any sensitive data that needs to be stored and referenced in a secure manner. If you have data that you do not want users to reference in clear text or have access to data that can be tampered with or misused, you should use secure strings in AWS Systems Manager parameter store. You can encrypt your sensitive data using your own AWS KMS key or your user account default key provided by AWS KMS.

How does Application Manager work with other AWS services?

AWS Systems Manager Application Manager is integrated with multiple AWS services, including Amazon CloudWatch for monitoring, AWS CloudTrail for auditing, AWS Config for tracking infrastructure configuration changes, AWS CloudFormation to provision CloudFormation stacks, and other AWS Systems Manager features such as runbook automation.

An incident is any unplanned interruption or reduction in quality of services. Response plans control how incidents are automatically started based on Amazon CloudWatch alarms or Amazon EventBridge events. You can also start incidents manually in Incident Manager.

Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

AWS Systems Manager FAQs

General

Open all

What is AWS Systems Manager?

AWS Systems Manager helps you centrally view, manage, and operate nodes at scale in AWS, on-premises, and multicloud environments. Systems Manager provides various tools to help you complete common node tasks. These tools include:

Use Patch Manager to apply patches to nodes such as security updates.
Session Manager provides secure node management without the need to open inbound ports, maintain bastion hosts, or manage SSH keys.
Using Run Command you can remotely and securely manage the configuration of your managed nodes. A managed node is any Amazon Elastic Compute Cloud (Amazon EC2) instance or non-EC2 machine in your hybrid and multicloud environment that has been configured for Systems Manager.

What types of nodes does Systems Manager operate?

You can use Systems Manager to manage nodes such as Amazon EC2 instances, Virtual Machines on other clouds, on-premises servers, and other devices with a CPU. A managed node means the SSM Agent is installed on the machine and the agent can communicate with the Systems Manager service. Once managed, you can leverage the full suite of Systems Manager tools to patch nodes with security updates, securely connect to nodes without managing SSH keys or bastion hosts, automate operational commands at scale, and gain comprehensive visibility across your entire fleet.

I’ve been using Systems Manager to operate my cloud. With the launch of the new node management experience in Systems Manager, will I still have access to the existing tools such as Patch Manager?

Yes - you will still have access to the existing tools and capabilities such as Patch Manager, Session Manager, and Automation. Learn more by visiting Systems Manager Documentation.

Why should I use Systems Manager?

Systems Manager helps you scale operational efficiency by simplifying node management, making it easier to manage nodes running anywhere. Easily install software, apply patches, remediate issues, and gain full visibility across your entire fleet.

How do I manage my nodes in hybrid and multicloud environments?

To get started managing nodes in hybrid and multicloud environments, customers need to set up Systems Manager and install the SSM Agent on non-AWS nodes. You can refer to Documentation to follow the setup process.

Can I view my nodes across Regions and AWS accounts?

Yes, whatever nodes you have, including EC2 instances and hybrid servers (see the full list above), AWS Systems Manager gives you a comprehensive, centralized view to easily manage all of your nodes at scale. To set up Systems Manager for an AWS Organizations, you must have access to the management account for your organization and another account in your organization to use as a delegated administrator. To manage your nodes, you'll use the delegated administrator account.

Get started

Partners

Learn more about AWS Systems Manager partners

Visit the Partners page

Console

Select your cookie preferences

AWS Systems Manager FAQs

Page topics

General

What is AWS Systems Manager?

What types of nodes does Systems Manager operate?

I’ve been using Systems Manager to operate my cloud. With the launch of the new node management experience in Systems Manager, will I still have access to the existing tools such as Patch Manager?

Why should I use Systems Manager?

How do I manage my nodes in hybrid and multicloud environments?

Can I view my nodes across Regions and AWS accounts?

Get started

Learn more about AWS Systems Manager partners

Ready to get started?

Select your cookie preferences

AWS Systems Manager FAQs

Page topics

General

What is AWS Systems Manager?

What types of nodes does Systems Manager operate?

I’ve been using Systems Manager to operate my cloud. With the launch of the new node management experience in Systems Manager, will I still have access to the existing tools such as Patch Manager?

Why should I use Systems Manager?

How do I manage my nodes in hybrid and multicloud environments?

Can I view my nodes across Regions and AWS accounts?

Get started

Learn more about AWS Systems Manager partners

Ready to get started?

Ending Support for Internet Explorer