Skip to content
Gallery
12. Deployment & Management
AWS CloudFormation
AWS Elastic Beanstalk
AWS Systems Manager
AWS Config
AWS Secret Manager
AWS OpsWorks
AWS Resource Access Manager
RPO, RTO, & DR Strategies
More
Share
Explore

icon picker
AWS Systems Manager

Systems Manager capabilities
AWS Systems Manager is the operations hub for your AWS applications and resources and a secure end-to-end management solution for
hybrid and multicloud
environments that enables secure operations at scale.
AWS Systems Manager (Systems Manager) was formerly known as "Amazon Simple Systems Manager (SSM)" and "Amazon EC2 Systems Manager (SSM)".

How Systems Manager works

The following diagram describes how some Systems Manager capabilities perform actions on your resources. The diagram doesn't cover all capabilities. Each enumerated interaction is described before the diagram.
Access Systems Manager – Use one of the available options for
accessing Systems Manager
.
Choose a Systems Manager capability – Determine which capability can help you perform the action you want to perform on your resources. The diagram shows only a few of the capabilities that IT administrators and DevOps personnel use to manage their applications and resources.
Verification and processing – Systems Manager verifies that your user, group, or role has the required AWS Identity and Access Management (IAM) permissions to perform the action you specified. If the target of your action is a managed node, the Systems Manager Agent (SSM Agent) running on the node performs the action. For other types of resources, Systems Manager performs the specified action or communicates with other AWS services to perform the action on behalf of Systems Manager.
Reporting – Systems Manager, SSM Agent, and other AWS services that performed an action on behalf of Systems Manager report status. Systems Manager can send status details to other AWS services, if configured.
Systems Manager operations management capabilities – If enabled, Systems Manager operations management capabilities such as Explorer, OpsCenter, and Incident Manager aggregate operations data or create artifacts in response to events or errors with your resources. These artifacts include operational work items (OpsItems) and incidents. Systems Manager operations management capabilities provide operational insight into your applications and resources and automated remediation solutions to help troubleshoot problems.
image.png

Working with SSM Agent

AWS Systems Manager Agent (SSM Agent) is Amazon software that runs on Amazon Elastic Compute Cloud (Amazon EC2) instances, edge devices, on-premises servers, and virtual machines (VMs). SSM Agent makes it possible for Systems Manager to update, manage, and configure these resources. The agent processes requests from the Systems Manager service in the AWS Cloud, and then runs them as specified in the request. SSM Agent then sends status and execution information back to the Systems Manager service by using the
Amazon Message Gateway Service
(ssmmessages). (In AWS Regions launched before 2024, status and execution information might also be sent back by the
Amazon Message Delivery Service
(service prefix: ec2messages).)
If you monitor traffic, you will see that your managed nodes communicate with ssmmessages.* endpoints and possibly ec2messages.* endpoints.
How Systems Manager works
Working with SSM Agent
Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.