What is Amazon Systems Manager? - Amazon Systems Manager
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

What is Amazon Systems Manager?

Amazon Systems Manager (formerly known as SSM) is an Amazon service that you can use to view and control your infrastructure on Amazon. Using the Systems Manager console, you can view operational data from multiple Amazon services and automate operational tasks across your Amazon resources. Systems Manager helps you maintain security and compliance by scanning your managed nodes and reporting on (or taking corrective action on) any policy violations it detects.

A managed node is any machine configured for Systems Manager. Systems Manager supports Amazon Elastic Compute Cloud (Amazon EC2) instances, edge devices, and on-premises servers and virtual machines (VMs), including VMs in other cloud environments. For operating systems, Systems Manager supports Windows Server, macOS, Raspberry Pi OS (formerly Raspbian), and multiple distributions of Linux.

With Systems Manager, you can associate Amazon resources by assigning resource tags. You can then view operational data for these resources as a resource group. Resource groups help you monitor and troubleshoot your resources.

For example, you can assign a resource tag of "Operation=Standard OS Patching" to the following resources:

  • A group of Amazon IoT Greengrass core devices

  • A group of Amazon EC2 instances

  • A group of on-premises servers in your own facility

  • A Systems Manager patch baseline that specifies which patches to apply to your managed instances

  • An Amazon Simple Storage Service (Amazon S3) bucket to store patching operation log output

  • A Systems Manager maintenance window that specifies the schedule for the patching operation

After tagging your resources, you can view the patch status of those resources in a Systems Manager consolidated dashboard. If a problem arises with any of the resources, you can take corrective action immediately.

Capabilities in Systems Manager

Systems Manager is comprised of individual capabilities, which are grouped into five categories: Operations Management, Application Management, Change Management, Node Management, and Shared Resources.

This collection of capabilities is a powerful set of tools and features that you can use to perform many operational tasks. For example:

  • Group Amazon resources together by any purpose or activity you choose, such as application, environment, Region, project, campaign, business unit, or software lifecycle.

  • Centrally define the configuration options and policies for your managed nodes.

  • Centrally view, investigate, and resolve operational work items related to Amazon resources.

  • Automate or schedule a variety of maintenance and deployment tasks.

  • Use and create runbook-style SSM documents that define the actions to perform on your managed instances.

  • Run a command, with rate and error controls, that targets an entire fleet of managed nodes.

  • Securely connect to a managed node without having to open an inbound port or manage SSH keys.

  • Separate your secrets and configuration data from your code by using parameters, with or without encryption, and then reference those parameters from other Amazon services.

  • Perform automated inventory by collecting metadata about your managed nodes. Metadata can include information about applications, network configurations, and more.

  • View consolidated inventory metadata from multiple Amazon Web Services Regions and Amazon Web Services accounts that you manage.

  • See which resources in your account are out of compliance and take corrective action from a centralized dashboard.

  • View active summaries of metrics and alarms for your Amazon resources.

Systems Manager simplifies resource and application management, shortens the time to detect and resolve operational problems, and helps you operate and manage your Amazon infrastructure securely at scale.

Note

Amazon Systems Manager was formerly known as Amazon Simple Systems Manager (SSM) and Amazon EC2 Systems Manager (SSM). For more information, see Systems Manager service name history.

Systems Manager supported Amazon Web Services Regions

Systems Manager is available in the Amazon Web Services Regions listed in Systems Manager service endpoints in the Amazon Web Services General Reference. Before starting your Systems Manager configuration process, we recommend that you verify the service is available in each of the Amazon Web Services Regions you want to use it in.

For on-premises servers and VMs in your hybrid environment, we recommend that you choose the Region closest to your data center or computing environment.

Systems Manager pricing

Some Systems Manager capabilities charge a fee. For more information, see Amazon Systems Manager Pricing.

Systems Manager service name history

Amazon Systems Manager (Systems Manager) was formerly known as "Amazon Simple Systems Manager (SSM)" and "Amazon EC2 Systems Manager (SSM)". The original abbreviated name of the service, "SSM", is still reflected in various Amazon resources, including a few other service consoles. Some examples:

  • Systems Manager Agent: SSM Agent

  • Systems Manager parameters: SSM parameters

  • Systems Manager service endpoints: ssm.region.amazonaws.com.cn

  • Amazon CloudFormation resource types: AWS::SSM::Document

  • Amazon Config rule identifier: EC2_INSTANCE_MANAGED_BY_SSM

  • Amazon Command Line Interface (Amazon CLI) commands: aws ssm describe-patch-baselines

  • Amazon Identity and Access Management (IAM) managed policy names: AmazonSSMReadOnlyAccess

  • Systems Manager resource ARNs: arn:aws-cn:ssm:region:account-id:patchbaseline/pb-07d8884178EXAMPLE

Related API references

Related content

  • The following resources can help you work directly with Systems Manager.

    The following related resources can help you as you work with this service.

    • Classes & Workshops – Links to role-based and specialty courses, in addition to self-paced labs to help sharpen your Amazon skills and gain practical experience.

    • Amazon Developer Tools – Links to developer tools, SDKs, IDE toolkits, and command line tools for developing and managing Amazon applications.

    • Amazon Whitepapers – Links to a comprehensive list of technical Amazon whitepapers, covering topics such as architecture, security, and economics and authored by Amazon Solutions Architects or other technical experts.

    • Amazon Web Services Support Center – The hub for creating and managing your Amazon Web Services Support cases. Also includes links to other helpful resources, such as forums, technical FAQs, service health status, and Amazon Trusted Advisor.

    • Amazon Web Services Support – The primary webpage for information about Amazon Web Services Support, a one-on-one, fast-response support channel to help you build and run applications in the cloud.

    • Contact Us – A central contact point for inquiries concerning Amazon billing, account, events, abuse, and other issues.

    • Amazon Site Terms – Detailed information about our copyright and trademark; your account, license, and site access; and other topics.