hidekazu-konishi.com
AWS History and Timeline regarding AWS Systems Manager - Overview, Functions, Features, Summary of Updates, and Introduction to SSM
First Published:
Last Updated:
This time, I created a historical timeline of AWS Systems Manager(SSM) which has had name changes and various functions have been integrated over the years.
However, unlike last time, this time I am focusing only on the main features of SSM, omitting changes in prices and minor updates.
Also, I have summarized the "Current Overview, Functions, Features of AWS Systems Manager" as of the time of writing this article.
Background and Method of Creating AWS Systems Manager Historical Timeline
The reason for creating the history timeline of AWS Systems Manager (SSM) this time is because various functions that form the basis of SSM have been announced, integrated, and renamed over the years, and the current functions of SSM are also very extensive. Therefore, I wanted to summarize the information of SSM with the following approach.- Organize the transition of features included in SSM while following the history of the appearance and integration of services that form the basis of SSM
- Summarizing the feature list and characteristics of SSM
There may be slight variations in the dates on the timeline due to differences in the timing of announcements or article postings in the references used.
The content posted is limited to major features related to the current AWS Systems Manager and necessary for the feature list and overview description.
In other words, please note that the items on this timeline are not all updates to AWS Systems Manager features, but are representative updates that I have picked out.
AWS Systems Manager Historical Timeline (Updates from October 29, 2014)
Now, this is the timeline about the features of AWS Systems Manager.The history of AWS Systems Manager is a little over seven years as of the time of writing this article, but the integration of features and the associated name changes are complex, and new features have been announced almost every year since it became the current AWS Systems Manager.
* You can sort the table by clicking on the column name.
Date | Summary |
---|---|
2014-10-29 | An interface implemented as a VMM console add-on to manage AWS resources such as Amazon EC2 instances from Microsoft SCVMM, AWS System Manager for Microsoft System Center Virtual Machine Manager (SCVMM) is announced. References: New Microsoft System Center Virtual Machine Manager Add-In |
2014-11-06 | Amazon Simple Systems Manager(SSM) API Version becomes 2014-11-06. References: Tech Blog with curated related content AWS SDK for PHP 3.x - Amazon Simple Systems Manager(SSM)2014-11-06 Class: AWS.SSM — AWS SDK for JavaScript AWS Systems Manager API Reference API Version 2014-11-06 |
2015-01-21 | AWS Systems Manager for Microsoft System Center Virtual Machine Manager(SCVMM) is updated. It now allows importing of existing virtual machines and launching new Amazon EC2 instances without using the AWS Management Console. References: System Center Virtual Machine Manager Add-In Update – Import & Launch Instances |
2015-02-17 | A method is introduced for Windows Amazon EC2 instances to join a domain at startup using the EC2Config and EC2 SSM (Simple Systems Manager) API, which allows PowerShell script execution on Windows instances, installation, repair, and uninstallation of MSI packages. References: Seamlessly Join EC2 Instances to a Domain |
2015-10-26 | EC2 Run Command is announced, which allows the installation of software, execution of scripts and Microsoft PowerShell commands, and configuration of Windows Update settings on Windows instances using the AWS Management Console, AWS CLI, AWS SDK, and AWS Tools for Windows PowerShell. References: New EC2 Run Command – Remote Instance Management at Scale |
2016-05-12 | EC2 Run Command is updated, and the Simple Systems Manager(SSM) agent for Linux becomes available. References: EC2 Run Command Update – Manage & Share Commands and More |
2016-12-01 | Amazon EC2 Systems Manager is announced as a series of services to manage Windows or Linux hosts running on Amazon EC2 instances, adding and integrating the following features, including EC2 Run Command. Run Command, State Manager, Parameter Store, Maintenance Window, Software Inventory, Patch Management, Automation, Integration with AWS Config References: Tech Blog with curated related content Introducing EC2 Systems Manager for automated configuration management of EC2 and on-premises systems EC2 Systems Manager – Configure & Manage EC2 and On-Premises Systems * Amazon Simple Systems Manager(SSM) is positioned as an agent installed on instances to execute management by EC2 Systems Manager. References: How to Simplify Security Assessment Setup Using Amazon EC2 Systems Manager and Amazon Inspector |
2017-11-29 | AWS Systems Manager, which provides tools extended to Amazon EC2 and other AWS services, is announced, incorporating the features of Amazon EC2 Systems Manager and adding the following new features. Resource Groups, Insights (Compliance Dashboard, integration of existing CloudWatch Dashboard and Personal Health Dashboard (PHD) within the SSM console) References: AWS Systems Manager – A Unified Interface for Managing Your Cloud and Hybrid Resources |
2018-09-11 | The AWS Systems Manager Session Manager feature is added. References: Introducing AWS Systems Manager Session Manager |
2019-06-07 | AWS Systems Manager OpsCenter feature is added. References: Introducing AWS Systems Manager OpsCenter to enable faster issue resolution |
2019-11-19 | AWS Systems Manager Explorer feature is added. References: Introducing AWS Systems Manager Explorer |
2019-11-25 | AWS AppConfig is added as one of the features of AWS Systems Manager. References: Simplify application configuration with AWS AppConfig |
2020-01-06 | AWS Systems Manager Change Calendar feature is added. References: Introducing AWS Systems Manager Change Calendar |
2020-12-15 | AWS Systems Manager Application Manager feature is added. References: Introducing AWS Systems Manager Application Manager |
2020-12-15 | AWS Systems Manager Change Manager feature is added. References: Introducing AWS Systems Manager Change Manager |
2020-12-15 | AWS Systems Manager Fleet Manager feature is added. References: Introducing AWS Systems Manager Fleet Manager |
2021-05-10 | AWS Systems Manager Incident Manager feature is added. References: Introducing Incident Manager from AWS Systems Manager |
2022-05-27 | AWS Systems Manager Session Manager now supports port forwarding to remote hosts. References: AWS Systems Manager announces support for port forwarding to remote hosts using Session Manager |
2022-09-30 | AWS Systems Manager can now control tasks using Amazon CloudWatch metrics. References: AWS Systems Manager adds CloudWatch Alarms to control tasks |
About the Abbreviation "SSM" for AWS Systems Manager
From the timeline above, the abbreviation "SSM", which is still used as a short name for AWS Systems Manager, comes from the predecessor API, agent - Amazon Simple Systems Manager(SSM).Examples of AWS Resources with Remnants of SSM
- Service Endpoint (ssm.[region name].amazonaws.com)
- AWS CLI (aws ssm [command])
- AWS SDK (Class: AWS.SSM)
- IAM (policy name, action name, ARN, etc.)
- AWS CloudFormation (AWS::SSM::[resource name], etc.)
- AWS Config (AWS::SSM::[resource name], etc.)
- AWS Systems Manager Features (SSM Agent, SSM Parameters, etc.)
About the Relationship of the Services Appearing in the Timeline
Relationship with the Current AWS Systems Manager
The services that are the origin of the current AWS Systems Manager and were later integrated are, in the order they appear in the timeline, Amazon Simple Systems Manager(SSM) API, EC2 Run Command, Simple Systems Manager(SSM) Agent, and Amazon EC2 Systems Manager.On the other hand, AWS Systems Manager for Microsoft System Center Virtual Machine Manager(SCVMM), which first appeared with the name "AWS System Manager", is still introduced as a tool for Amazon EC2.
Relationship between EC2Config and SSM Agent
EC2Config, which appears in the timeline, is a tool installed on Amazon EC2 instances before Windows Server 2016 to automate initial setup tasks.It has now been replaced by EC2Launch for Windows Server 2016 and 2019, and EC2Launch v2 which widely supports from Windows Server 2008 SP2 to Windows Server 2022.
In 2015, remote execution of OS commands was done using EC2Config on Windows Amazon EC2 instances (in the latest versions of EC2Config, EC2Launch, and EC2Launch v2, the SSM agent is installed as part of the functionality, and the OS command execution function has also been transitioned to Run Command).
However, EC2Config did not support Linux Amazon EC2 instances, so the Simple Systems Manager(SSM) agent appeared as an agent for remote execution of OS commands on Linux Amazon EC2 instances.
Current Overview, Functions, Features of AWS Systems Manager
Here I introduce the current overview, functions, features of AWS Systems Manager.AWS Systems Manager is divided into four core feature groups (Operation Management, Application Management, Change Management, Node Management), and multiple features are categorized in each.
Operations Management
Explorer
AWS Systems Manager Explorer provides a dashboard that aggregates OpsData (operation data) across your AWS account and AWS regions, helping you visualize and identify operational issues that need to be addressed. The data sources for OpsData include the following.- OpsItems (operational tasks) of AWS Systems Manager OpsCenter
- AWS Systems Manager Patch Manager
- Amazon EC2
- AWS Trusted Advisor
- AWS Compute Optimizer
- Cases of AWS Support Center
- AWS Config
- AWS Security Hub
OpsCenter
AWS Systems Manager OpsCenter provides the functionality to aggregate, standardize, investigate, and correct operational issues in OpsItems (operational tasks) related to AWS resources, provide relevant data for problem resolution, and provide Runbooks of AWS Systems Manager Automation.Since OpsCenter is integrated with the previously mentioned AWS Systems Manager Explorer, an environment where you can check OpsItems of OpsCenter and OpsData of Explorer containing OpsItems is created simultaneously.
By using OpsCenter, you can centrally check the following relevant data that is useful for investigation and correction.
- Details of events, resources, accounts
- Past OpsItems with similar characteristics
- Changes and relationships of related AWS Config
- AWS CloudTrail logs
- Amazon CloudWatch alarms
- AWS CloudFormation stacks
- Other quick links to access logs and metrics
- List of Runbooks and recommended Runbooks
- Additional information passed to OpsCenter through AWS services
CloudWatch Dashboard
This is a shortcut to access the Amazon CloudWatch Dashboard, which is managed and displayed within the Amazon CloudWatch console, from the AWS Systems Manager console. It is useful when you need to use the Amazon CloudWatch Dashboard while using the features of AWS Systems Manager.Personal Health Dashboard (PHD)
This is a shortcut to access the Personal Health Dashboard from the AWS Systems Manager console. It is useful when you need to use the Personal Health Dashboard while using the features of AWS Systems Manager.Incident Manager
AWS Systems Manager Incident Manager is an incident management console designed to mitigate and recover incidents that affect applications.Incident Manager provides the following features to be used in each phase of the incident plan and the incident lifecycle.
[Flow of incident lifecycle]
Incident plan: 0Incident lifecycle: 1 → 2 → 3 → 4 → Back to 1
0. Incident Plan
In the incident plan, we use the following features of the Incident Manager to create a response plan.- Contact
Set up the contact information and contact channels (Email, SMS, voice) of the responders to be contacted when an incident occurs. - Escalation Plan
Set the order of the contacts to be called next if a contact does not receive an incident. - Runbook
Define what can be automated among the response procedures to investigate and mitigate the impact when an incident occurs as the Runbook (Automation Document) of AWS Systems Manager Automation. - AWS Chatbot
Choose and set up Amazon Chime or Slack used by the responder for continuous incident updates from AWS Chatbot. - Response Plan
Create a response plan in case of an incident using the aforementioned contact, escalation plan, runbook, AWS Chatbot. - Creation of an Incident
Create an incident based on the response plan created above from either Amazon CloudWatch, Amazon EventBridge, or Incident Manager and set it so that the response plan is executed when an incident occurs.
1. Alerts and Engagement
We monitor incidents with Amazon CloudWatch, Amazon EventBridge, and execute the response plan when an incident occurs.Based on the response plan, escalation to the responder and update notification of incident information by AWS Chatbot are carried out.
2. Triage
The responder assigns priorities to incidents in the following impact assessment.1. Significant impact
2. Large impact
3. Moderate impact
4. Minor impact
5. No impact
3. Investigation and Mitigation
Useful information for investigating incidents is provided in the metrics and timeline of the Incident Manager's incident detail page, and the execution of investigation procedures and impact mitigation response procedures predefined in the Runbook of AWS Systems Manager Automation are carried out.4. Post-Incident Analysis
After completing the incident response, we record the situation of the incident and response by answering questions in the incident analysis feature of Incident Manager.The questions used in incident analysis are defined in the AWS standard or a predefined analysis template.
Answer questions related to incident overview, impact, metrics, timeline, actions (improvements), etc. defined in this analysis template, and use the analysis to promote improvement.
Important points in the description of incident analysis questions are to take advantage of the benefits of incident impact analysis, understanding the root cause of the problem, dealing with the root cause through improvements, improving incident response, and sharing information learned from incidents within the organization. The purpose is to not to mention people's names, not to blame.
Application Management
Application Manager
AWS Systems Manager Application Manager is a feature that allows centralized management of multiple AWS applications from a single console, such as monitoring and executing actions.The categories that can be added to the Application Manager dashboard are applications (custom applications, Launch Wizard, CloudFormation stack, AppRegistry applications) and container clusters (Amazon ECS clusters, Amazon EKS clusters).
The information that can be displayed on the Application Manager dashboard includes the following:
- Overview of applications
- Details of each resource
- Compliance information by AWS Systems Manager State Manager
- Monitoring by Amazon CloudWatch Application Insights
- OpsItems by AWS Systems Manager OpsCenter
- Logs of Amazon CloudWatch Logs
- Runbook of AWS Systems Manager Automation
AppConfig
AWS AppConfig is a service that manages, validates, and safely deploys and monitors configuration data and settings used in applications hosted on Amazon EC2 instances, AWS Lambda, containers, mobile applications, IoT devices, etc.The configuration data and settings used by AWS AppConfig can be obtained from the configuration store hosted by AWS AppConfig, Amazon S3, AWS Systems Manager Parameter Store, AWS Systems Manager Document Store.
You can also retrieve them from AWS CodeCommit, GitHub, Bitbucket Pipelines using AWS CodePipeline.
Parameter Store
AWS Systems Manager Parameter Store provides secure hierarchical storage to manage settings data and sensitive information such as passwords, database strings, AMI ID, license codes, etc., as parameters.Parameter values can be stored as plain text or encrypted data, and are referenced by unique parameter names in scripts, commands, SSM documents, configurations, automation workflows, etc.
The AWS Systems Manager Parameter Store is very similar in features to the AWS Secrets Manager, but has the following main differences:
- It does not have integration features with database services including Aurora, RDS, Redshift, DocumentDB
- It does not have automatic rotation functionality for authentication information with database services and others
- Standard parameters of standard throughput can be used for free
Therefore, without implementing secret acquisition in the AWS Secrets Manager library, you can obtain AWS Secrets Manager secrets from the AWS Systems Manager Parameter Store.
Change Management
Change Manager
AWS Systems Manager Change Manager is a change management framework for requesting, approving, implementing, and reporting application configuration and operational changes.It also supports integration with AWS services such as Amazon CloudWatch alarms, AWS Systems Change Calendar, AWS Organizations, and AWS Single Sign-On.
Automation
AWS Systems Manager Automation is a feature that automates common and repetitive IT operations and management tasks.AWS Systems Manager Automation executes a procedure book in JSON or YAML format, called a Runbook (formerly: Automation document), which defines actions for AWS resources in one or more steps.
In the Runbook, you can define actions such as script execution, AWS API execution, AWS Lambda function execution, AWS StepFunctions execution, AWS Systems Manager runCommand execution, AWS Systems Manager Automation execution, AWS CloudFormation stack creation, Amazon EC2 instance startup, AMI creation, conditional branching (step jump) execution, manual approval, etc.
Change Calendar
AWS Systems Manager Change Calendar is a feature that provides schedule information for determining the feasibility of actions by setting a schedule in a date and time range and referring to it from AWS Systems Manager Automation Runbook, etc.The types of calendars that can be created are as follows:
- Open by default
A type that creates events where actions are not executed for calendars where actions are executed by default - Closed by default
A type that creates events where actions are executed for calendars where actions are not executed by default
Maintenance Windows
AWS Systems Manager Maintenance Windows is a feature that schedules time frames for executing tasks such as installing patches and updates for management and maintenance across multiple instances.By automatically executing tasks in the time frame specified by Maintenance Windows, you can minimize the impact of operational and infrastructure failures.
The schedule for maintenance windows is set using Cron/Rate format or Cron/Rate schedule builder created from the console.
The tasks for the maintenance window can be selected from AWS Systems Manager Run Command, AWS Systems Manager Automation, AWS Step Functions, and AWS Lambda, and the target instances for the tasks can be selected by tagging, resource groups, or manual selection.
Node Management
Fleet Manager
AWS Systems Manager Fleet Manager is a function for fleet management, such as performance, file system, process, user and group information management within the OS, and access management using IAM roles and policies, on managed instances where the SSM agent has been installed, such as on-premises and EC2 instances.Servers handled in on-premises or clouds other than AWS can be managed as managed instances in Fleet Manager by registering them with the Hybrid Activations described later.
Furthermore, by enabling the advanced instance layer on the managed instances of servers handled in on-premises or clouds other than AWS that have been registered in Fleet Manager, you can have remote access via the browser or AWS CLI in the Session Manager described later.
Hybrid Activations
AWS Systems Manager Hybrid Activations is a function to manage servers handled in on-premises or clouds other than AWS as managed instances in Fleet Manager.You can register a server as a managed instance in Fleet Manager by creating a hybrid activation in the Systems Manager console or AWS CLI, and then running the registration command using the activation code and activation ID on the activation target server where the SSM agent has been installed.
Session Manager
AWS Systems Manager Session Manager is a function to execute interactive remote connections via a browser-based or AWS CLI.Preparation of a jump host, management of SSH keys, and opening of inbound ports are not necessary, and it is possible to audit session activities with AWS CloudTrail, and to record session data logs with Amazon CloudWatch Logs or Amazon S3, which helps improve access management and auditability of servers.
In the case of remote access to servers handled in on-premises or clouds other than AWS via Session Manager, it is necessary to register with Hybrid Activations and manage as a managed instance in Fleet Manager, and to enable an advanced instance layer.
Run Command
AWS Systems Manager Run Command is a function to automate remote execution of general management tasks such as registry editing, user management, and software and patch installation on Amazon EC2 instances or servers handled in on-premises or clouds other than AWS.Preparation of a jump host, management of SSH keys, and opening of inbound ports are not necessary, and it is possible to audit session activities with AWS CloudTrail, and to record session data logs with Amazon CloudWatch Logs or Amazon S3, which helps improve access management and auditability of servers.
The difference between Session Manager and Run Command is that while Session Manager provides free command line operations of login users through interactive remote connections similar to SSH connections, Run Command only performs predefined command executions.
Patch Manager
AWS Systems Manager Patch Manager is a feature that automates the process of patch application for operating systems and applications on Amazon EC2 instances or servers managed on-premises or in non-AWS clouds.Patch application rules for Patch Manager are specified by a patch baseline, and it's possible to set up rules such as approval/denial lists for patch application, rules to automatically approve within a few days from the release of the patch, and more.
The target for patch application is specified by adding servers managed on-premises or in non-AWS clouds as Amazon EC2 instances or as managed instances in Fleet Manager to a patch group with tags or instance IDs.
Patch application based on this patch baseline is executed by AWS Systems Manager Run Command.
On the other hand, AWS Systems Manager Maintenance Windows, which was mentioned earlier, can specify Run Command as a task, so you can also execute patch application from Patch Manager by specifying a Run Command task from Maintenance Windows and targeting the tags that have been specified for the patch group at a preset time frame.
State Manager
AWS Systems Manager State Manager is a feature that manages configuration by defining server configuration, virus protection definitions, firewall settings, applications, etc. on Amazon EC2 instances or servers managed on-premises or in non-AWS clouds as a state to consistently maintain.Targets for state application can be selected from methods like tagging, resource groups, individual selection, or targeting all managed instances.
For servers managed on-premises or in non-AWS clouds, it is necessary to register with Hybrid Activations and manage them as managed instances in Fleet Manager.
The state to be applied to the target is defined in an SSM document that describes configuration management tasks such as application installation, Amazon CloudWatch configuration, execution of AWS Systems Manager Automation, execution of PowerShell and shell scripts.
By creating associations of these targets, SSM documents, and schedules (Cron/Rate format), you can automatically execute configuration management tasks.
Compliance
AWS Systems Manager Compliance is a feature that collects patch application status from AWS Systems Manager Patch Manager and configuration information from associations in AWS Systems Manager State Manager, and reports compliance or discrepancies with standard compliance or custom compliance.Inventory
AWS Systems Manager Inventory is a feature that collects metadata related to instances and software, such as applications, files, network settings, services, registries, server roles, updates, and other system properties, from servers managed on-premises or in non-AWS clouds as Amazon EC2 instances or as managed instances in Fleet Manager.You can manage applications, licenses, file lists, etc. using the collected data.
Distributor
AWS Systems Manager Distributor is a feature that, in conjunction with other AWS Systems Manager features such as Run Command and State Manager, manages the lifecycle of packages such as version management of software to be used on servers managed on-premises or in non-AWS clouds as Amazon EC2 instances or as managed instances in Fleet Manager, scheduled deployment, and more.References:
Tech Blog with curated related content
AWS Systems Manager for Microsoft System Center VMM - Amazon Elastic Compute Cloud
Plugins for Microsoft System Center – Amazon Web Services
Configure a Windows instance using the EC2Config service
Configure a Windows instance using EC2Launch
Configure a Windows instance using EC2Launch v2
AWS Documentation - AWS Systems Manager
Summary
This time, I looked at the history of AWS Systems Manager as a timeline, including the integration and renaming of features and services named "Systems Manager", as well as a list and overview of the current AWS Systems Manager features.When we actually trace the history, we can see that even if the name is the same, such as AWS Systems Manager for Microsoft SCVMM, there are tools that seem to be independent from the current AWS Systems Manager, the origin of the name SSM, and when and what features are available in SSM.
While there have been various changes, the common concept that comes to mind for AWS services and features with the name "Systems Manager" is "centralized operation management, remote execution, and automation".
It is expected that AWS Systems Manager will continue to provide tools that realize "centralized operation management, remote execution, and automation" not only for Amazon EC2 but also for other AWS services.
I would like to continue to watch the trends of what kind of features and tools AWS Systems Manager will provide in the future.
By the way, there is also a timeline for the entire history of AWS services, including services other than AWS Systems Manager, so please take a look if you are interested.
AWS History and Timeline - Almost All AWS Services List, Announcements, General Availability(GA)
Written by Hidekazu Konishi
Copyright © Hidekazu Konishi ( hidekazu-konishi.com ) All Rights Reserved.