What is AWS Systems Manager?

AWS Systems Manager (formerly known as SSM) is an AWS service that you can use to view and control your infrastructure on AWS. Using the Systems Manager console, you can view operational data from multiple AWS services and automate operational tasks across your AWS resources. Systems Manager helps you maintain security and compliance by scanning your managed nodes and reporting on (or taking corrective action on) any policy violations it detects.

A managed node is any machine configured for Systems Manager. Systems Manager supports Amazon Elastic Compute Cloud (Amazon EC2) instances, edge devices, and on-premises servers and virtual machines (VMs), including VMs in other cloud environments. For operating systems, Systems Manager supports Windows Server, macOS, Raspberry Pi OS (formerly Raspbian), and multiple distributions of Linux.

With Systems Manager, you can associate AWS resources by assigning resource tags. You can then view operational data for these resources as a resource group. Resource groups help you monitor and troubleshoot your resources.

For example, you can assign a resource tag of “Operation=Standard OS Patching" to the following resources:

  • A group of AWS IoT Greengrass core devices
  • A group of Amazon EC2 instances
  • A group of on-premises servers in your own facility
  • A Systems Manager patch baseline that specifies which patches to apply to your managed instances
  • An Amazon Simple Storage Service (Amazon S3) bucket to store patching operation log output
  • A Systems Manager maintenance window that specifies the schedule for the patching operation

After tagging your resources, you can view the patch status of those resources in a Systems Manager consolidated dashboard. If a problem arises with any of the resources, you can take corrective action immediately.

Capabilities in Systems Manager

Systems Manager is comprised of individual capabilities, which are grouped into five categories: Operations Management, Application Management, Change Management, Node Management, and Shared Resources.

This collection of capabilities is a powerful set of tools and features that you can use to perform many operational tasks. For example:

  • Group AWS resources together by any purpose or activity you choose, such as application, environment, Region, project, campaign, business unit, or software lifecycle.
  • Centrally define the configuration options and policies for your managed nodes.
  • Centrally view, investigate, and resolve operational work items related to AWS resources.
  • Automate or schedule a variety of maintenance and deployment tasks.
  • Use and create runbook-style SSM documents that define the actions to perform on your managed instances.
  • Run a command, with rate and error controls, that targets an entire fleet of managed nodes.
  • Securely connect to a managed node without having to open an inbound port or manage SSH keys.
  • Separate your secrets and configuration data from your code by using parameters, with or without encryption, and then reference those parameters from other AWS services.
  • Perform automated inventory by collecting metadata about your managed nodes. Metadata can include information about applications, network configurations, and more.
  • View consolidated inventory metadata from multiple AWS Regions and AWS accounts that you manage.
  • See which resources in your account are out of compliance and take corrective action from a centralized dashboard.
  • View active summaries of metrics and alarms for your AWS resources.

Systems Manager simplifies resource and application management, shortens the time to detect and resolve operational problems, and helps you operate and manage your AWS infrastructure securely at scale.

Systems Manager supported AWS Regions

Systems Manager is available in the AWS Regions listed in Systems Manager service endpoints in the Amazon Web Services General Reference. Before starting your Systems Manager configuration process, we recommend that you verify the service is available in each of the AWS Regions you want to use it in.

For on-premises servers and VMs in your hybrid environment, we recommend that you choose the Region closest to your data center or computing environment.

Systems Manager pricing

Some Systems Manager capabilities charge a fee. For more information, see AWS Systems Manager Pricing.

Systems Manager service name history

AWS Systems Manager (Systems Manager) was formerly known as “Amazon Simple Systems Manager (SSM)” and “Amazon EC2 Systems Manager (SSM)”. The original abbreviated name of the service, “SSM”, is still reflected in various AWS resources, including a few other service consoles. Some examples:

  • Systems Manager Agent: SSM Agent
  • Systems Manager parameters: SSM parameters
  • Systems Manager service endpoints: ssm.region.amazonaws.com
  • AWS CloudFormation resource types: AWS::SSM::Document
  • AWS Config rule identifier: EC2_INSTANCE_MANAGED_BY_SSM
  • AWS Command Line Interface (AWS CLI) commands: aws ssm describe-patch-baselines
  • AWS Identity and Access Management (IAM) managed policy names: AmazonSSMReadOnlyAcces
  • Systems Manager resource ARNs: arn:aws:ssm:region:account-id:patchbaseline/pb-07d8884178EXAMPLE



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Rakesh Tripathi

Rakesh Tripathi

Consulting Engineer, Software Developer, Infra, Quora