Setting up Amazon Systems Manager for hybrid environments - Amazon Systems Manager
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Setting up Amazon Systems Manager for hybrid environments

This section describes the setup tasks that account and system administrators perform for a hybrid environment. A hybrid environment includes on-premises servers, edge devices, and virtual machines (VMs) that are configured for Amazon Systems Manager, including VMs in other cloud environments. After these steps are complete, users who have been granted permissions by the Amazon Web Services account administrator can use Systems Manager to configure and manage their organization's on-premises machines.

Note
  • Systems Manager supports edge devices that are configured as on-premises machines, including Amazon IoT devices and non-Amazon IoT devices. The process for setting up these types of edge devices is described here.

    Systems Manager also supports edge devices that use Amazon IoT Greengrass Core software. The setup process and requirements for Amazon IoT Greengrass core devices is different than Amazon IoT and non-Amazon edge devices. To get started with Amazon IoT Greengrass devices, see Setting up Amazon Systems Manager for edge devices.

  • macOS isn't supported for Systems Manager hybrid environments.

If you plan to use Systems Manager to manage Amazon Elastic Compute Cloud (Amazon EC2) instances, or to use both Amazon EC2 instances and your own resources in a hybrid environment, follow the steps in Setting up Amazon Systems Manager for EC2 instances first.

Configuring your hybrid environment for Systems Manager allows you to do the following:

  • Create a consistent and secure way to remotely manage your hybrid workloads from one location using the same tools or scripts.

  • Centralize access control for actions that can be performed on your machines by using Amazon Identity and Access Management (IAM).

  • Centralize auditing and your view into the actions performed on your machines by recording all actions in Amazon CloudTrail.

    For information about using CloudTrail to monitor Systems Manager actions, see Logging Amazon Systems Manager API calls with Amazon CloudTrail.

  • Centralize monitoring by configuring Amazon EventBridge and Amazon Simple Notification Service (Amazon SNS) to send notifications about service execution success.

    For information about using EventBridge to monitor Systems Manager events, see Monitoring Systems Manager events with Amazon EventBridge.

About managed nodes

After you finish configuring your on-premises servers, edge devices, and VMs for Systems Manager as described in this section, your hybrid machines are listed in the Amazon Web Services Management Console and described as managed nodes. In the console, the IDs of your hybrid managed nodes are distinguished from Amazon EC2 instances with the prefix "mi-". Amazon EC2 instance IDs use the prefix "i-".

For more information, see Managed nodes.

About instance tiers

Systems Manager offers a standard-instances tier and an advanced-instances tier for managed nodes in your hybrid environment. The standard-instances tier allows you to register a maximum of 1,000 on-premises machines per Amazon Web Services account per Amazon Web Services Region. If you need to register more than 1,000 on-premises machines in a single account and Region, then use the advanced-instances tier. Advanced instances also allow you to connect to your hybrid machines by using Amazon Systems Manager Session Manager. Session Manager provides interactive shell access to your managed nodes.

For more information, see Configuring instance tiers.