SSM Agent

Question 1

Capabilities - Automation

Answer 1

Automation - automate common and repetitive IT operations and management tasks across AWS resources

Step - defined as in initiated action performed in the automation execution on a per target basis you can execute the entire systems manager automation document in one action, or choose to execute one step at a time.

Automation document defines the automation work flow.
Can be scheduled.

Automation action - the action determines the inputs behavior and outputs of the step

Automation Queue - a queue to hold automations if you run more than 25 automations simultaneously

Question 2

Resource groups

Answer 2

A collection of AWS resources that are all in the same AWS region, and that match criteria provided by a query

Use groups as a basis for viewing and monitoring configuration insights in systems manager

Question 3

Built-in insights

Answer 3

Shows detailed information about a single resource group

Includes information from recent API calls through cloud Trail, recent configuration changes through config, instance software inventory listings, instance patch compliance views, and instance configuration compliance views

Question 4

Systems manager activation

Answer 4

Enable hybrid and cross cloud management. Register any server weather, physical or virtual to be managed by systems manager.

Question 5

Inventory manager

Answer 5

Automate the process of collecting software inventory from managed instances

Specify the type of metadata to collect the instances from where the meta-data should be collected and the schedule for metadata collection

Question 6

Configuration compliance

Answer 6

Scans for patch compliance and configuration inconsistencies

View compliance history, and change tracking for patch manager patching data and state manager associations by using AWS config

Create your own compliance types

Question 7

Run command

Answer 7

Remotely and securely manage the configuration of your managed instances at scale

Managed instances - any EC2 instance or on premise server or virtual machine in your hybrid environment that is configured for systems manager

Question 8

Session manager

Answer 8

Manage your EC2 instances through an interactive, one, click browser-based shell, or through the AWS CLI

Use session manager to tunnel SSH & SCP traffic between a client and a server

Question 9

Distributor

Answer 9

Package your own software or prepackaged software

Then

Distribute or deploy packages via one time using the run command or on a schedule using systems manager state manager

Question 10

Patch manager

Answer 10

Automate patching, your managed instances

Scan for and apply missing patches to instances

For security patches, patch baselines include rules for auto approving patches within days of their release

Select and apply Microsoft application patches automatically

Includes common vulnerability, identifiers (CVE ID)

Configure actions to be performed before and after installing patches

Question 11

Incident manager

Answer 11

Console to manage and monitor all incidents relating to AWS resources that your applications are using

Used to mitigate and recover from production incidents

Notify responders of impact, highlights, relevant, troubleshooting data, provides collaboration tools to return normal operations quickly

Automated response plans

Allows responder team escalation

Question 12

Compliance

Answer 12

Automatically scanned your fleet of manage nodes for compliance and configuration inconsistencies

Collects and aggregate data from multiple AWS accounts, and AWS regions

Displays compliance data about patch manager patching and state manager associations

Create your own compliance types

Question 13

Fleet manager

Answer 13

Remotely manage your nodes

View the health and performance status of your entire fleet from a single UI console

Gathers data from individual devices, external servers, and Amazon EC2 instances to perform common troubleshooting in management task, straight from the council, without manually connect into the resource

View the directories and file contents of your nodes/instances, windows registry management, operating system, user management, etc.

Question 14

State manager

Answer 14

Hey service at autumn is the process of keeping your EC2 and hybrid infrastructure in a state that you define

Question 15

Parameter store

Answer 15

meter Store
Provides secure, hierarchical storage for configuration data and secrets management.
о
You can store values as plain text or encrypted data with SecureString.
о
Parameters work with Systems Manager capabilities such as Run Command, State Manager, and Automation.

Question 16

Ops center

Answer 16

• OpsCenter
• OpsCenter helps you view, investigate, and resolve operational issues related to your environment from a central location.
• OpsCenter complements existing case management systems by enabling integrations via
Amazon Simple Notification Service (SNS) and public AWS SDKs. By aggregating information from AWS Config, AWS CloudTrail logs, resource descriptions, and Amazon CloudWatch Events, OpsCenter helps you reduce the mean time to resolution (MTTR) of incidents, alarms, and operational tasks.

Question 17

Change manager

Answer 17

• Change Manager
An enterprise change management framework for requesting, approving, implementing, and reporting on operational changes to your application configuration and infrastructure.
• From a single delegated administrator account, if you use AWS Organizations, you can manag changes across multiple AWS accounts and across AWS Regions. Alternatively, using a local account, you can manage changes for a single AWS account.
ㅇ
Can be used for both AWS and on-premises resources.

For each change template, you can add up to five levels of approvers. When it’s time to implement an approved change, Change Manager runs the Automation runbook that is specified in the associated change request.

Question 18

Maintenance window

Answer 18

laintenance Window
Set up recurring schedules for managed instances to execute administrative tasks like installing patches and updates without interrupting business-critical operations.
Supports running four types of tasks:
Systems Manager Run Command commands
• Systems Manager Automation workflows
. AWS Lambda functions
• AWS Step Functions tasks

Question 19

Systems manager document (SSM)

Answer 19

Defined the actions, assistant manager performs

Types of SSM documents:
command document - used by the run command to execute commands; used by state manager to apply a configuration

Policy document - used to enforce policies 

Automation document - used to perform common maintenance and deployment tasks 

Package document - includes packaged software assets to install managed instances 

Question 20

Monitoring

Answer 20

Monitoring
• SSM Agent writes information about executions, scheduled actions, errors, and health statuses to log files on each instance. For more efficient instance monitoring, you can configure either SSM Agent itself or the CloudWatch Agent to send this log data to CloudWatch Logs.
• Using CloudWatch Logs, you can monitor log data in real-time, search and filter log data by creating one or more metric filters, and archive and retrieve historical data when you need it.
• Log System Manager API calls with CloudTrail.

Question 21

Security

Answer 21

Systems manager is linked directly to IAM for access controls