Slide 1

Slide 1 text

AWS Systems Manager

Slide 2

Slide 2 text

AWS Systems Manager • Explorer • OpsCenter • Incident Manager • Application Manager • AppConfig • Parameter Store • Change Manager • Automation • Maintenance Windows • Fleet Manager • Compliance • Inventory • Session Manager • Run Command • State Manager • Patch Manager • Distributor

Slide 3

Slide 3 text

AWS Systems Manager • Operations Management • Explorer • OpsCenter • Incident Manager • Application Management • Application Manager • AppConfig • Parameter Store • Change Management • Change Manager • Automation • Maintenance Windows • Node Management • Fleet Manager • Compliance • Inventory • Session Manager • Run Command • State Manager • Patch Manager • Distributor

Slide 4

Slide 4 text

AWS Systems Manager • Operations Management • Explorer • OpsCenter • Incident Manager • Application Management • Application Manager • AppConfig • Parameter Store • Change Management • Change Manager • Automation • Maintenance Windows • Node Management • Fleet Manager • Compliance • Inventory • Session Manager • Run Command • State Manager • Patch Manager • Distributor

Slide 5

Slide 5 text

Session Manager Node management

Slide 6

Slide 6 text

Any workload that has some form of network connectivity, […] requires multiple layers of defense to help protect from […] network-based threats AWS Well-Architected Framework

Slide 7

Slide 7 text

Session Manager VPC Private subnet Public subnet Target Instance Bastion Security group Security group allow ssh from 0.0.0.0/0 allow ssh from Bastion User

Slide 8

Slide 8 text

Session Manager VPC Private subnet Public subnet Target Instance Security group no open ssh port User

Slide 9

Slide 9 text

What do I need? • SSM Agent • Installed by default on Amazon Linux, macOS, Ubuntu, Windows • Supports Linux, Windows, macOS • EC2 or Hybrid (“advanced instances”) • IAM Role with AmazonSSMManagedInstanceCore policy • Or custom policy

Slide 10

Slide 10 text

How does it work?

Slide 11

Slide 11 text

How does it work?

Slide 12

Slide 12 text

Advanced Features • Use IAM permissions to control access

Slide 13

Slide 13 text

Advanced Features • Use IAM permissions to control access • Port forwarding

Slide 14

Slide 14 text

Advanced Features • Use IAM permissions to control access • Port forwarding + SSH (and SCP)

Slide 15

Slide 15 text

Advanced Features • Use IAM permissions to control access • Port forwarding + SSH (and SCP) • Logging and auditing • CloudTrail • S3 • CloudWatch Logs • EventBridge (based on CloudTrail)

Slide 16

Slide 16 text

Automation Change Management

Slide 17

Slide 17 text

[Using automated runbooks] ensures consistency, speeds responses, and reduces errors caused by manual processes. AWS Well-Architected Framework

Slide 18

Slide 18 text

Runbooks (aka Automation Documents) Automation Runbook Automation Action Automation Action Automation Action Actions: • Flow control • Call AWS APIs and wait for properties • Interact with Instances, AMIs and CloudFormation Stacks • Run Automations or Commands • Execute Lambda Functions or Step Functions • Execute scripts (python or powershell)

Slide 19

Slide 19 text

How does it work?

Slide 20

Slide 20 text

No content

Slide 21

Slide 21 text

No content

Slide 22

Slide 22 text

No content

Slide 23

Slide 23 text

Advanced usages • Trigger based on events • EventBridge • State Manager • Maintenance Window • Target groups of instances • Use rate controls • Run across regions and accounts

Slide 24

Slide 24 text

OpsCenter Operations Management

Slide 25

Slide 25 text

Have processes to address observed events, [incidents], [problems]. AWS Well-Architected Framework

Slide 26

Slide 26 text

OpsCenter Amazon EventBridge OpsCenter AWS Security Hub Amazon EC2 Auto Scaling AWS Personal Health Dashboard AWS CloudTrail Amazon CloudWatch Incident Manager Amazon Devops Guru Automation Related Resources User AWS Management Console Amazon Simple Notification Service (Amazon SNS)

Slide 27

Slide 27 text

No content

Slide 28

Slide 28 text

No content

Slide 29

Slide 29 text

No content

Slide 30

Slide 30 text

No content

Slide 31

Slide 31 text

No content

Slide 32

Slide 32 text

Advanced Features • Dedeplucation • Operational Data • IAM Access Control

Slide 33

Slide 33 text

Parameter Store Application Management

Slide 34

Slide 34 text

Use environment variables for infrequent changes […]. Use AWS System Manager Parameter Store for dynamic configuration […] Store sensitive data using AWS Secrets Manager. AWS Well-Architected Framework Serverless Lens

Slide 35

Slide 35 text

Parameter Store Private Parameters AWS Management Console AWS Command Line Interface (AWS CLI) AWS Tools and SDKs References Public Parameters Global Infrastructure AMI Container Image AWS Secrets Manager Amazon EC2 Consumers Amazon ECS AWS Tools and SDKs AWS CloudFormation AWS CodeBuild AWS Management Console

Slide 36

Slide 36 text

No content

Slide 37

Slide 37 text

No content

Slide 38

Slide 38 text

Advanced Features • Change notifications (EventBridge) • Standard and Advanced Tier • Parameter Policies (expiration, no-change notification)

Slide 39

Slide 39 text

AWS Systems Manager Overview

Slide 40

Slide 40 text

AWS Systems Manager • Operations Management • Explorer • OpsCenter • Incident Manager • Application Management • Application Manager • AppConfig • Parameter Store • Change Management • Change Manager • Automation • Maintenance Windows • Node Management • Fleet Manager • Compliance • Inventory • Session Manager • Run Command • State Manager • Patch Manager • Distributor

Slide 41

Slide 41 text

Thank you! Ben Bridts [email protected] @BenBridts | @WeAreCloudar www.cloudar.be