Automated operations with AWS Systems Manager - Amazon Web Services (AWS) Tutorial

- [Instructor] Systems Manager has a suite of tools for managing your AWS resources at scale. Let's begin with automation. Automation is at the heart of Systems Manager, allowing you to transition from manual one-off fixes to repeatable processes. Automation is achieved using documents known as runbooks. These are templates that perform tasks such as stopping an EC2 instance, updating software, or remediating a security finding. You can access runbooks from two places. Go to Automation and click Execute runbook, or go to Documents. AWS provides many out-of-the-box documents for common tasks like restarting EC2 instances and creating snapshots. You can also create custom documents. Each document is made up of steps and parameters, making it easy to standardize and reuse. Let's walk through running an automation document. Clicking the Execute automation button will provide various options, including simple rate control and manual execution, as well as multi-account and multi-region execution. Scrolling down, you will find the input parameters required for the runbook. This runbook changes the standby state of an EC2 instance in an autoscaling group. So the required input parameter is the instance ID of the EC2 instance. You also have two other optional input parameters. Click Execute when you're ready. As you can see, execution is straightforward. You choose the execution type, provide any required input parameters, and execute the runbook. Now let's talk about Patch Manager for automated patching. Keeping your servers up-to-date with the latest patches is critical for both security and compliance. Patch Manager automates the patching process for your EC2 instances and managed instances. To get started, you will need to create a patch policy. It is a configuration that allows you to automate scanning and installing patches. Begin by providing a name. I'll call mine as non-prod-patch-policy. You can choose to only scan for missing patches, or scan and install the patches. Then you can define the scheduling and reboot options. The patch policy requires a baseline, which is a set of rules defining which patches are approved for installation. It allows you to specify which operating systems, applications, and patch severity levels to include or exclude. AWS has a recommended predefined baseline for each operating system, which you can find in the documentation. Alternatively, you can choose a custom baseline for each operating system. Next, you have the option to write logs to an S3 bucket. You can then choose to deploy only in the current region or include other regions. You can choose to deploy on all managed nodes. A managed node is a machine installed with the systems manager agent. You can also specify a resource group, tags, or manually specify the instances. You have some more options that allow you to control the concurrency and error rate, add IAM policies and roles, so managed instances have the required permissions. Finally, review your selections and create the patch policy. That's about automation runbooks and Patch Manager, but Systems Manager goes beyond these two capabilities. Some other important features include distributor that allows you to package and deploy software, such as agents or updates to your managed nodes. Inventory collects and stores metadata about your managed nodes, including details like installed applications, system configurations, and network settings. Run Command allows you to remotely execute scripts or commands on your managed instances. Session Manager provides secure browser-based or CLI access to your managed nodes without requiring SSH or RDP. State Manager helps you automatically apply and enforce desired configurations, such as installing software or updating settings, ensuring your instances always remain compliant. These features combined with Automation, Documents, and Patch Manager make Systems Manager a powerful platform for automating, securing, and scaling your AWS operations. What if you want to go further to automatically detect when resources drift out of compliance and remediate them instantly? That's where AWS Config comes in. In the following video, we'll see how AWS Config can automatically evaluate your environment and trigger automated remediation whenever something falls out of line.