All Notes
AWS
AWS
  • AIM
  • General Stuff about AWS
  • AWS Global Infrastructure
  • Interacting with AWS
  • AWS Identity and Access Management
    • AWS Organizations
    • Users
    • Policies and Permissions
    • Groups and Roles
    • Federation
    • Access Control (via available tools)
    • AWS Cognito
    • AWS IAM Identity Center
  • Networking and Content Delivery in AWS
    • AWS VPC
    • AWS Route 53
    • Elastic Load Balancing
    • AWS CloudFront
    • Amazon API Gateway
  • AWS Storage Services
    • Amazon EBS
    • Amazon EFS
    • Amazon FSx
    • S3
    • AWS Databases Services
      • Amazon RDS
      • Amazon DymanoDB
      • Amazon Elasticache
      • Amazon RedShift
      • Amazon DocumentDB
  • AWS Compute Services
    • EC2
    • Elastic BeanStalk
    • AWS Lambda
    • Container Services
      • ECR and ECS
      • EKS
      • AppRunner
  • Other AWS Services
    • CloudFormation
    • AWS Key Management Services (KMS)
    • AWS Secrets Manager
    • AWS Certificate Manager (ACM)
    • AWS Messaging Services
      • AWS SNS (Simple Notification Service)
      • AWS Simple Queue Service (SQS)
    • AWS Systems Manager
      • Application Management
      • Node Management
    • Logging and Monitoring
      • AWS CloudTrail
      • AWS CloudWatch
    • AWS Macie
    • AWS Inspector
    • AWS GuardDuty
Powered by GitBook
On this page
  1. Other AWS Services
  2. AWS Systems Manager

Node Management

PreviousApplication ManagementNextLogging and Monitoring

Last updated 6 months ago

As noted previously, Systems Session Manager is a service that is used to provide cli based access to EC2 workloads without the need to expose it on the internet or without the requirement of bastion host or jump host. It is part of Node Management sub service of AWS Systems Manager

AWS SSM Session Manager is an excellent feature to connect to and manage all hybrid infrastructure remotely without having to use SSH for Linux or RDP for Windows instances. It provides the added bonus of security, as IT Teams don't need SSH/RDP ports open and access control to who can establish shell sessions using IAM policies. It also allows for logging and auditing of all activity during a shell session via Session Manager.

For this to work, an SSM agent either needs to be preinstalled or needs to be installed on the EC2 instance. It is compatible with both Windows as well as Linux

The steps to setup the same are laid out in detail .

SSM agent allows administrators to remotely execute commands, automate tasks, and manage configuration settings on those instances. It provides a secure and efficient way to perform various operational tasks, such as software patching, inventory management, and software installation with the highest privileges on the EC2 instances

Note that to connect Virtual Machines in other cloud providers i.e., Non-AWS Virtual machines or on-prem machines, Hybrid Activations can also be used. However, it requires Key activation for SSM Agent when installed on them. It can as summarized below:

Note all of the instances that have AWS SSM agent installed can be collectively managed into Fleet Manager

Another important feature to understand the types of automation that can be done is to check SSM Documents (present under Shared Resources -> Documents ). A sample SSM Document format can look like as shown below:

here