System Manager

• We need to install SSM agent on the host we want to control
• Come default with Amazon Linux2 AMI and some ubuntu AMIs
• If an instance can’t be controlled with SSM, it’s probably issue with agent or incorrect IAM permissions.
• EC2 instance must have correct IAM role to allow SSM actions

Fleet Manager

• If you successfully configured and SSM agent is running in your instances, you can manage and see your instances in fleet manager.

Resources Group

• You can create different group for different tag values for your instances. For e.g, you can create a group for dev instances and another group for prod instances.

SSM - Documents

• Documents are like ansible playbooks that contains a set of commands to be executed in an instance.
• format can be in YAML or JSON. There are also pre-defined documents owned by AWS.
• we can execute Documents using SSM - Run Command function.

SSM - Run Command

• run command across multiple instances ( using Resources Group )
• no need ssh access from SSM. the ssm agent will run these commands in instances.
• Integrated with IAM and Cloud Trail
• Command output can be shown in console, sent to s3 or cloudwatch logs
• send notifications to SNS about status ( In progress, Success, Failed )
• can be invoked from eventbridge.