AWS Atlanta Meetup for April 2019 going over Systems Manager service and the different features and functions of the service including the Run command, Parameter Store, and Inventory

4. Store and manage access to secrets securely and at scale
AWS Systems Manager is a collection of capabilities for configuring and managing your
Amazon EC2 instances, on-premises servers and virtual machines, and other AWS
resources at scale.
Avoid dealing with secrets in their applications
AWS Systems Manager was formerly
known as "Amazon EC2 Systems
Manager" and "Amazon Simple
Systems Manager".
NOTE:

5. AWS Systems Manager
Console
AWS Command Line Interface
(CLI)
AWSTools for PowerShell AWS SDKs
NOTE:The systems manager agent is already pre-
installed on Amazon Linux instances

6. Automation:
Creating self-service runbooks that simplify creating AMIs
Using the AWS-UpdateLinuxAMI & AWS-UpdateWindowsAmi automation
documents to build and maintain AMIs
Inventory:
Use Systems Manager Inventory with AWS Config to audit your application
configurations over time
MaintenanceWindows:
Define a schedule to perform potentially disruptive actions on your instances such as
OS patching, driver updates, or software installations

7. Inventory:
Insights Dashboard:
Resource Groups: Run Command:
Session Manager:
Patch Manager:
Automation: State Manager:
MaintenanceWindow:Distributor:

8. Inventory:
Insights
Dashboard:
Resource Groups: Run Command:
Session Manager:
Patch Manager:
Automation: State Manager:
Maintenance
Window:
Distributor:
Automate IT operations and
management tasks through
scheduling, triggering through
alarm or directly
Allows for scheduling administrative
and maintenance tasks
Used for configuration management
Secure remote management
replacement need for bastion hosts
or SSH
Helps Deploy OS and software
patches across EC2 or on-prem
Allows you to group your
resources logically
AggregatesCloudTrail,
CloudWatch,TrustedAdvisor,
and more into one dashboard
A listing of your instances and
the software installed on them

9. Run command takes less time:
Run command Operations are fully audited: Run makes Automating ComplexTasks easier:
Run command is better then SSH
Run can Manage Multiple Systems at the same time:
Run command has no keys to manage:

11. • Providing a scalable, secure, and hosted secrets
management service
• Provides the ability to separate sensitive data from code
versioned in source control
• Allows you to use hierarchies and track versions of stored
parameters
• Works with a variety of AWS services
• Parameters have the ability to be tagged and then
audited using other AWS services ( ie Config / CloudTrail /
IAM Conditions)
Parameter Store is offered at no additional charge

12. • Allows creation of resource groups
• Creates a graphical view
• Allows you to use hierarchies and track versions of stored
parameters
• You can use for on-premise instances and tag by rack
location
• Show the top applications by group
• Works with both Linux andWindows instances.
Inventory only collects metadata. It does not collect any personal or proprietary data.

13. https://www.meetup.com/AWS-Atlanta/contribute/

14. 1. Sign in to the AWS IAM console at https://console.aws.amazon.com/iam/.
2. In the left navigation pane, choose Roles, and then Create Role.
3. On the Attached permissions policy page, in the search bar type AmazonEC2RoleforSSM then from the
policy list select AmazonEC2RoleforSSM, and then choose Next:Review
4. On the Review page, in the Role name box type in EnablesEC2ToAccessSystemsManagerRole.
In the Role description box type in Enables an EC2 instance to access System Manager, Choose Create
role.
5. Open the Amazon EC2 console. From the EC2 console choose us-east-1 (virginia). (Systems Manager is
supported in all AWS Regions). Now choose Launch Instance.
6. Select the Amazon Linux AMI. Make sure you selectAmazon Linux base Linux base AMI dated 2017.09 or
later which includes the Systems Manager Agent by default.
7. On the Step 2: Choose an InstanceType page, choose the t2.micro instance type and then click Next:
Configure Instance Details.

15. 8. On the Step 3: Configure Instance Details page, In the IAM role dropdown choose the
EnablesEC2ToAccessSystemsManagerRole you created earlier. Leave everything else as default. Choose
Review and Launch.
9. On the Step 7: Review Instance Launch Page, choose Launch to Launch your Instance
10. Next the Select an existing keypair or create a new keypair dialog will appear.You will not need a
keypair to use Systems Manager to remotely run commands. From the Choose an existing pair
dropdown choose Proceed without a key pair and tick the I acknowledge that… checkbox.
Update the Systems Manager Agent

16. 11. Under the Shared Resources section on the left navigation bar, choose Manage Instances.
12. On the Manage instances page, in the Actions drop down select Run Command.
13. On the Run a command page, click in the search bar and select, Document name prefix, then click on
Equal, then type in AWS-UpdateSSMAgent.
Now click on the radio button on the left of AWS-UpdateSSMAgent.This document will upgrade
Systems Management agent on the instance.
Scroll down to the Targets panel and click the check box next to your managed EC2 instance.
Finally, scroll down and select Run.
14. Next you will see a page documenting your running command then and overall success in green.
Congrads, you have just run your first remote command using Systems Manager
To create and store your secret