Systems Manager
Solution Architect
Developer Associate
Security Specialty
- A suite of tools designed to let you view, control and automate both your AWS architecture and on-premises resources
- Features:
- Runbooks / Automation Documents: Can be used to control your instances or AWS resources
- Run Command: Executes commands on your hosts using the installed system agent. Can be done individually or at a fleet level
- Patch Management: Manages application versions
- Parameter Store: Securely stores system/secret values
- Hybrid Activations: Control your on-premises architecture
- Session Manager: Remotely connect and interact with your architecture through your web browser
Systems Manager Parameter Store
- Free service!
- Located within EC2
- Used to store sensitive configuration data, like license keys, database connection strings, etc. for use in other AWS services
- You can store as a string, a string list, or a secure string (which will be encrypted by KMS)
- Secure strings are not revealed unless your IAM user has the appropriate level of access in the AWS console.
- No key rortation is supported
- Maximum parameters capped at 10,000
Systems Manager Session Manager
- Enables secure remote login to EC2 instances
- Allows you to run an interactive Command Line on your instances
- An alternative to using SSH and RDP, but is more secure
- Browser Based
- Single solution for managing Linux and Windows
- No SSH, No bastion required
- Is the AWS Recommened approach for running interactive command line sessions on EC2 instances
- Can also be used for on premisis physical or virtual hosts
- Secured using TLS encryption and fully auditable
- Can control who can use Session Manager using IAM
- No ports to open on your network
- Session logs logged within CloudTrail, session history with Keystroke Logging sent to CloudWatch