Amazon EC2 Systems Manager is a flexible and easy to use management service that enables enterprises to securely manage and administer their workloads, running on-premises or in AWS, using a single unified AWS experience. EC2 Systems Manager is designed to be highly automation focused to enable configuration and management of instances at a large scale, while making it really simple to write and maintain automation artifacts.
It is another service which going to kill slowly others by extending support to on-premises servers. The beauty of this service is, it is absolutely free as long as you meet the pre-requisites. It covers all we need like patching, compliance management, automation, inventory etc. Interesting one is Parameter Store using which you can store your password encrypted reducing the manual overhead of storing and managing it in configuration files. It can be easily integrated with IAM and KMS.
Even though it is supported on-premises servers, it is going to be challenging as AWS needs to push all updates directly and also collect the inventory from each endpoint in corporate data centers. We end up with making many holes on the firewalls and also lot of traffic between AWS and our data centers. This will not only overload your network but also increases your AWS bill. It was good to have something site agents which can coordinate with agents in the sites and report back to the SSM services in the AWS cloud. This would avoid too much of client connecting directly to the AWS cloud over the link and will be easy to maintain the firewall rules as well. AWS does not recommend keeping many workloads on our premise as they want everything to be moved to the cloud so we may have to rule out anything like that in the future. Below diagram show how the service manager connects to the endpoints.
It is a strategic move as this would provide one more case to move the workload to the cloud as this would reduce the cost to like SCCM, IEM, HPCM, Flexera, etc.even though those tools have its own merits. This will force tools companies to get their tools to the AWS ecosystem. I believe AWS is leaving some vaccum for other tools to perform as AWS tools may not be as sophisticated as other dedicated vendors like Microsoft, IBM, HP etc. So that means if somebody wants to use our tools, yes it is available and you can meet standard requirements but there are other tools available in our ecosystem for you to use if you need additional functionalities.
Find some more facts below.
What are the supported OS?
It supports the windows from 2003 to 2016.
Instances must be running a supported version of Linux.
- 64-Bit and 32-Bit Systems
- Amazon Linux 2014.09, 2014.03 or later
- Ubuntu Server 16.0.4 LTS, 14.04 LTS, or 12.04 LTS
- Red Hat Enterprise Linux (RHEL) 6.5 or later
CentOS 6.3 or later
- 64-Bit Systems Only
- Amazon Linux 2015.09, 2015.03 or later
- Red Hat Enterprise Linux (RHEL) 7.x or later
- CentOS 7.1 or later
However, Patch Manager is only supported in Windows endpoints.
Available Regions
Please remember that we do not have this services available in all the regions. If you are looking for starting this for your hybrid environment
| Region Name | Region | Endpoint | Protocol |
| US East (N. Virginia) | us-east-1 | ssm.us-east-1.amazonaws.com | HTTPS |
| US East (Ohio) | us-east-2 | ssm.us-east-2.amazonaws.com | HTTPS |
| US West (N. California) | us-west-1 | ssm.us-west-1.amazonaws.com | HTTPS |
| US West (Oregon) | us-west-2 | ssm.us-west-2.amazonaws.com | HTTPS |
| Asia Pacific (Singapore) | ap-southeast-1 | ssm.ap-southeast-1.amazonaws.com | HTTPS |
| Asia Pacific (Sydney) | ap-southeast-2 | ssm.ap-southeast-2.amazonaws.com | HTTPS |
| Asia Pacific (Tokyo) | ap-northeast-1 | ssm.ap-northeast-1.amazonaws.com | HTTPS |
| Asia Pacific (Seoul) | ap-northeast-2 | ssm.ap-northeast-2.amazonaws.com | HTTPS |
| EU (Frankfurt) | eu-central-1 | ssm.eu-central-1.amazonaws.com | HTTPS |
| EU (Ireland) | eu-west-1 | ssm.eu-west-1.amazonaws.com | HTTPS |
| South America (São Paulo) | sa-east-1 | ssm.sa-east-1.amazonaws.com | HTTPS |
anoop.blog 