- https://docs.aws.amazon.com/systems-manager/latest/userguide/what-is-systems-manager.html
- service that you can use to view and control your infrastructure on AWS. Using the Systems Manager console, you can view operational data from multiple AWS services and automate operational tasks across your AWS resources.
- Systems Manager helps you maintain security and compliance by scanning your managed instances and reporting on (or taking corrective action on) any policy violations it detects (ex: patch needed, etc.)
- Supported operating system types include Windows Server, multiple distributions of Linux, and Raspbian – in-cloud, on-premises and other cloud environments (Azure, etc.)
- Benefits:
§ Centralizing workflows using unified set of tools and scripts
§ Access to CloudTrail, CloudWatch, SNS
- Systems Manager Console / SDK / CLI / AWS Tools for PowerShell can be used to schedule System
Manager actions
- SSM Agent
§ gets installed on managed instances / servers in hybrid environments;
§ performs specified tasks
§ reports to Systems Manager
§ comes as part of newer Windows Server AMI / manual install for Linux
§ has public endpoints – accessible via the internet; can also be accessed via AWS infra; need to set up Security Groups etc.
§ IAM user permissions, IAM Instance Profiles (EC2) / IAM Service Role (for on-premise instances) are required
Parameter Store
- https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html
- provides secure, hierarchical storage for configuration data management and secrets management. You can store data such as passwords, database strings, Amazon Machine Image (AMI) IDs, and license codes as parameter values. You can store values as plain text or encrypted data. You can reference Systems Manager parameters in your scripts, commands, SSM documents, and configuration and automation workflows by using the unique name that you specified when you created the parameter
- secure, scalable, hosted secrets management service with no servers to manage.
- can also reference parameters in a number of other AWS services, including the following:
§ Amazon Elastic Compute Cloud (Amazon EC2)
§ Amazon Elastic Container Service (Amazon ECS)
§ AWS Secrets Manager
§ Can have the Parameter Store pull in secrets stored in Secrets Manager, i.e. act as a proxy between an application referencing a parameter and the secret tha the parameter needs
§ AWS Lambda
§ AWS CloudFormation
§ AWS CodeBuild
§ AWS CodePipeline
§ AWS CodeDeploy
- Configure integration with the following AWS services for encryption, notification, monitoring, and auditing:
§ AWS Key Management Service (AWS KMS)
§ Amazon Simple Notification Service (Amazon SNS)
§ Amazon CloudWatch
- SSM Agent
§ gets installed on managed instances / servers in hybrid environments;
§ performs specified tasks
§ reports to Systems Manager
§ comes as part of newer Windows Server AMI / manual install for Linux
§ has public endpoints – accessible via the internet; can also be accessed via AWS infra; need to set up Security Groups etc.
§ IAM user permissions, IAM Instance Profiles (EC2) / IAM Service Role (for on-premise instances) are required
- https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html
- provides secure, hierarchical storage for configuration data management and secrets management. You can store data such as passwords, database strings, Amazon Machine Image (AMI) IDs, and license codes as parameter values. You can store values as plain text or encrypted data. You can reference Systems Manager parameters in your scripts, commands, SSM documents, and configuration and automation workflows by using the unique name that you specified when you created the parameter
- secure, scalable, hosted secrets management service with no servers to manage.
- can also reference parameters in a number of other AWS services, including the following:
§ Amazon Elastic Compute Cloud (Amazon EC2)
§ Amazon Elastic Container Service (Amazon ECS)
§ AWS Secrets Manager
§ Can have the Parameter Store pull in secrets stored in Secrets Manager, i.e. act as a proxy between an application referencing a parameter and the secret tha the parameter needs
§ AWS Lambda
§ AWS CloudFormation
§ AWS CodeBuild
§ AWS CodePipeline
§ AWS CodeDeploy
- Configure integration with the following AWS services for encryption, notification, monitoring, and auditing:
§ AWS Key Management Service (AWS KMS)
§ Amazon Simple Notification Service (Amazon SNS)
§ Amazon CloudWatch
§ AWS CloudTrail
No comments:
Post a Comment