AWS Systems Manager FAQs
Explorer
What is AWS Systems Manager Explorer?
AWS Systems Manager Explorer is a customizable operations dashboard for your resources on AWS and in multicloud and hybrid environments. Explorer displays an aggregated view of operations data from across your AWS accounts and Regions. Explorer provides context into how operational issues are distributed across your business units or applications, how they trend over time, and how they vary by category.
How does Explorer relate to OpsCenter?
One type of data displayed by Explorer are OpsItems from OpsCenter. OpsItems help you manage, investigate, and remediate operational issues. Explorer provides an aggregated view of your OpsItems alongside other relevant operations data across accounts and Regions. OpsItems can still be managed and remediated through OpsCenter.
How do I view my OpsData across accounts and Regions?
You can view your OpsData across accounts and Regions by setting up a resource data sync from the Explorer settings page. The resource data sync collects all OpsData from the accounts and Regions you have specified and aggregates them into a single view.
AppConfig
What is AWS AppConfig?
AWS AppConfig is a feature of AWS Systems Manager that allows you to quickly validate and roll out configurations across an application of any size, whether hosted on Amazon EC2 instances, containers, AWS Lambda functions, mobile apps, or IoT devices, in a controlled and monitored way. AWS AppConfig enables you to validate configuration data to make sure it is syntactically and semantically correct according to your definitions before deploying it to your application. AWS AppConfig allows you to follow deployment best practices by rolling out configuration at a pace that you define while monitoring for errors, including using multiple values within feature flags to target specific or limited user cohorts. In case of errors, AWS AppConfig can roll back the changes to minimize impact to the application’s users.
Who should use AWS AppConfig?
AWS AppConfig is designed for System administrators, DevOps teams, and developers who want to roll out configuration changes across their applications in a managed and monitored way, similar to the way they manage code, but without the need for deploying code when a configuration value changes, thus helping to mitigate the risk of outages. AWS AppConfig is for any size or type of company or organization that has targets (hosts, servers, AWS Lambda functions, containers, mobile devices, IoT devices, etc.) for configurations.
What is a configuration?
A configuration is a collection of one or more application settings that your application uses to modify its behavior at runtime. You can store your configurations as AWS Systems Manager Documents or Parameters.
What is a validator?
A validator is either a schema or a pointer to an AWS Lambda function that AWS AppConfig uses to enable you to test that your configuration is syntactically or semantically correct according to your definitions.
What is a deployment strategy?
A deployment strategy is a plan for how configuration data propagates to an application. A deployment strategy includes controls for targeting specific or limited user cohorts for initial feature rollout, defining the speed at which a configuration rolls out, the percentage of application instances that should receive updated configuration at various intervals, and the amount of time AWS AppConfig should monitor the overall application to help you ensure the configuration changes did not introduce an adverse effect.
How is AWS AppConfig different from AWS Config?
AWS Config enables you to assess, audit, and evaluate the configurations of your AWS resources while AWS AppConfig lets you manage application configuration. You should use AWS Config to get a detailed view of the configuration of AWS resources in your account and identify how the resources were configured in the past and how the configurations change over time. AWS AppConfig is meant for your applications running on AWS resources or on-premises servers. With AWS AppConfig, you can validate changes in application configuration and set deployment strategies to safely deploy updated configurations to applications at run-time.
Fleet Manager
Why should I use Fleet Manager?
AWS Systems Manager Fleet Manager streamlines your remote server management process in the following ways:
- With Fleet Manager’s centralized graphical user interface (GUI), you can easily manage your fleet of servers running on AWS and on premises.
- Fleet Manager is operating system (OS) agnostic. You can use Fleet Manager to perform common OS operations on Windows, Linux, and Mac-based servers.
- With Fleet Manager, you can run these OS operations seamlessly through the Systems Manager console, by choosing pre-built automation runbooks or bringing your own automation runbooks.
What features does Fleet Manager provide?
AWS Systems Manager Fleet Manager provides the following capabilities to manage your servers remotely:
- File system and log exploration: Use the Systems Manager console to browse through disks, folders, and files, including file-based logs, on servers.
- Performance counter monitoring: Monitor common server performance metrics, such as CPU utilization, network traffic, disk usage, and memory utilization.
- Windows Event management: View and troubleshoot Windows Events logs without the need to install additional agents.
- User and group administration: View a list of users and/or groups with access to a server and change their permissions.
- Registry operations: View and modify registry values on your Windows servers.
What is the cost of using Fleet Manager?
AWS Systems Manager Fleet Manager is available at no additional charge for servers running on AWS. For on-premises instance management using an AWS Systems Manager agent, you are charged based on the public pricing.
Compliance
What is AWS Systems Manager configuration compliance?
AWS Systems Manager lets you scan your managed instances for patch compliance and configuration inconsistencies. You can collect and aggregate data from multiple AWS accounts and Regions, and then drill down into specific resources that aren’t compliant. By default, AWS Systems Manager displays data about patching and associations. You can also customize the service and create your own compliance types based on your requirements.
Can I track changes to my configuration over time?
Using an integration with AWS Config, you can monitor an instance's compliance with a desired configuration through AWS Config rules. This capability allows security experts and compliance auditors to have a complete audit trail of instance configuration changes, as well as receive proactive notifications in the event of non-compliance.
Can I create my own compliance checks?
Yes. You can create your own compliance types that can be recorded through the API. Based on your business requirements, you can create your own checks and then record the compliance through AWS Systems Manager to track non-compliant instances. You can also view this compliance information across accounts and Regions by creating a resource data sync.
Inventory
Can I view or query inventory data from across AWS accounts or Regions?
Yes, you can sync inventory data from multiple accounts and Regions to the same Amazon S3 bucket. You can then use Amazon Athena, Amazon QuickSight, or your own business intelligence (BI) tools to query inventory data across accounts and Regions.
Session Manager
Does Session Manager require the use of the AWS Systems Manager Agent?
Yes. Getting started with Session Manager requires the use of the latest version of the SSM Agent. The SSM Agent is open-sourced and on GitHub.
Distributor
How much does Distributor cost?
Distributor pricing can be found on the Systems Manager Pricing page.
Does Distributor require the use of the SSM Agent?
Yes. Getting started with Distributor requires the use of the latest version of the SSM Agent. The SSM Agent is open-sourced and available on GitHub. The SSM Agent is also installed by default on Amazon Linux, Amazon Linux 2, Windows, and Ubuntu AMIs.