Getting started with Compliance - Amazon Systems Manager
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Getting started with Compliance

To get started with Compliance, a capability of Amazon Systems Manager, complete the following tasks.

Task For more information

Compliance works with patch data in Patch Manager and associations in State Manager. (Patch Manager and State Manager are also both capabilities of Amazon Systems Manager.) Compliance also works with custom compliance types on managed nodes that are managed using Systems Manager. Verify that you have completed the setup requirements for your Amazon Elastic Compute Cloud (Amazon EC2) instances and non-EC2 machines in a hybrid and multicloud environment.

Setting up Systems Manager unified console for an organization

Update Systems Manager SSM Agent (SSM Agent) on your managed nodes to the latest version.

Working with SSM Agent

If you plan to monitor patch compliance, verify that you've configured Patch Manager. You must perform patching operations by using Patch Manager before Compliance can display patch compliance data.

Amazon Systems Manager Patch Manager

If you plan to monitor association compliance, verify that you've created State Manager associations. You must create associations before Compliance can display association compliance data.

Amazon Systems Manager State Manager

(Optional) Configure the system to view compliance history and change tracking.

Viewing compliance configuration history and change tracking

(Optional) Create custom compliance types.

Assign custom compliance metadata using the Amazon CLI

(Optional) Create a resource data sync to aggregate all compliance data in a target Amazon Simple Storage Service (Amazon S3) bucket.

Creating a resource data sync for Compliance