AWS Systems Manager FAQs

AWS AppConfig is a feature of AWS Systems Manager that allows you to quickly validate and roll out configurations across an application of any size, whether hosted on Amazon EC2 instances, containers, AWS Lambda functions, mobile apps, or IoT devices, in a controlled and monitored way. AWS AppConfig enables you to validate configuration data to make sure it is syntactically and semantically correct according to your definitions before deploying it to your application. AWS AppConfig allows you to follow deployment best practices by rolling out configuration at a pace that you define while monitoring for errors. In case of errors, AWS AppConfig can roll back the changes to minimize impact to the application’s users.

AWS AppConfig is designed for System administrators, DevOps teams, and developers who want to roll out configuration changes across their applications in a managed and monitored way, similar to the way they manage code, but without the need for deploying code when a configuration value changes, thus helping to mitigate the risk of outages. AWS AppConfig is for any size or type of company or organization that has targets (hosts, servers, AWS Lambda functions, containers, mobile devices, IoT devices, etc.) for configurations.

A configuration is a collection of one or more application settings that your application uses to modify its behavior at runtime. You can store your configurations as AWS Systems Manager Documents or Parameters.

A validator is either a schema or a pointer to an AWS Lambda function that AWS AppConfig uses to enable you to test that your configuration is syntactically or semantically correct according to your definitions. 

A deployment strategy is a plan for how configuration data propagates to an application. A deployment strategy includes controls for defining the speed at which a configuration rolls out, the percentage of application instances that should receive updated configuration at various intervals, and the amount of time AWS AppConfig should monitor the overall application to help you ensure the configuration changes did not introduce an adverse effect.

An application configuration is data that influences the behavior of an application and does not require compilation; configuration is an abstraction that can change at runtime. For example, we can control a feature release by populating a configuration value to a specific date and time. If the value needs to change, say to a new date and time, an administrator can change the configuration value, with no compiling required, and the application applies the new configuration at runtime. Both application configuration and code should include safety mechanisms to prevent errors in a production environment. We recommend that you use AWS AppConfig to apply safety mechanisms when deploying new configurations and AWS CodeDeploy when deploying new code.

AWS Config enables you to assess, audit, and evaluate the configurations of your AWS resources while AWS AppConfig lets you manage application configuration. You should use AWS Config to get a detailed view of the configuration of AWS resources in your account and identify how the resources were configured in the past and how the configurations change over time. AWS AppConfig is meant for your applications running on AWS resources or on-premises servers. With AWS AppConfig, you can validate changes in application configuration and set deployment strategies to safely deploy updated configurations to applications at run-time.

AWS Systems Manager Fleet Manager streamlines your remote server management process in the following ways:

• With Fleet Manager’s centralized graphical user interface (GUI), you can easily manage your fleet of servers running on AWS and on premises.
• Fleet Manager is operating system (OS) agnostic. You can use Fleet Manager to perform common OS operations on Windows, Linux, and Mac-based servers. 
• With Fleet Manager, you can run these OS operations seamlessly through the Systems Manager console, by choosing pre-built automation runbooks or bringing your own automation runbooks. 

AWS Systems Manager Fleet Manager provides the following capabilities to manage your servers remotely:

• File system and log exploration: Use the Systems Manager console to browse through disks, folders, and files, including file-based logs, on servers. 
• Performance counter monitoring: Monitor common server performance metrics, such as CPU utilization, network traffic, disk usage, and memory utilization.
• Windows Event management: View and troubleshoot Windows Events logs without the need to install additional agents. 
• User and group administration: View a list of users and/or groups with access to a server and change their permissions.
• Registry operations: View and modify registry values on your Windows servers.

AWS Systems Manager Fleet Manager is available at no additional charge for servers running on AWS. For on-premises instance management using an AWS Systems Manager agent, you are charged based on the public pricing.

AWS Systems Manager lets you scan your managed instances for patch compliance and configuration inconsistencies. You can collect and aggregate data from multiple AWS accounts and Regions, and then drill down into specific resources that aren’t compliant. By default, AWS Systems Manager displays data about patching and associations. You can also customize the service and create your own compliance types based on your requirements. 

Using an integration with AWS Config, you can monitor an instance's compliance with a desired configuration through AWS Config rules. This capability allows security experts and compliance auditors to have a complete audit trail of instance configuration changes, as well as receive proactive notifications in the event of non-compliance.

Yes. You can create your own compliance types that can be recorded through the API. Based on your business requirements, you can create your own checks and then record the compliance through AWS Systems Manager to track non-compliant instances. You can also view this compliance information across accounts and Regions by creating a resource data sync.

Yes, you can sync inventory data from multiple accounts and Regions to the same Amazon S3 bucket. You can then use Amazon Athena, Amazon QuickSight, or your own business intelligence (BI) tools to query inventory data across accounts and Regions. 

Yes. Getting started with Session Manager requires the use of the latest version of the SSM Agent. The SSM Agent is open-sourced and on GitHub.

Distributor pricing can be found on the Systems Manager Pricing page.

Yes. Getting started with Distributor requires the use of the latest version of the SSM Agent. The SSM Agent is open-sourced and available on GitHub. The SSM Agent is also installed by default on Amazon Linux, Amazon Linux 2, Windows, and Ubuntu AMIs.