🔐
AWS SCS-C01
  • Practice Test Scores
  • Domain 1 - Incident Response
    • Incident Response
    • Exposed AWS Access Keys
    • Compromised EC2 Instance
    • How do you report abuse of AWS resources?
    • GuardDuty
    • Penetration Testing
  • Domain 2 - Logging & Monitoring
    • Some Basics
    • Inspector
    • Security Hub
    • AWS WAF
    • Systems Manager
    • Systems Manager Features
    • CloudWatch Logs
    • Athena
    • CloudTrail
    • Config
    • Trusted Advisor
    • CloudTrail Log File Integrity
    • Macie
    • S3 Event Notifications
    • VPC Flow Logs
    • Centralized Logging Architecture
  • Domain 3 - Infrastructure Security
    • Bastion Hosts
    • Site-to-Site VPN
    • VPC Peering
    • VPC Endpoints
    • Network ACL
    • Firewall vs IPS vs IDS
    • EBS
    • CloudFront
    • Shield
    • Mitigating DDoS Attacks
    • EC2 Key Pair Troubleshooting
    • EC2 Tenancy
    • Artifact
    • Lambda@Edge
    • Simple Email Service (SES)
    • DNS Support in VPC
  • Domain 4 - Identity & Access Management
    • Organizations
    • IAM Policy Evaluation Logic
    • Understanding IAM Policies
    • IAM Tutorial: Delegate access across AWS accounts using IAM roles
    • External ID
    • iptables
    • IAM policy elements: Version
    • IAM policy elements: Variables and tags
    • Policy elements: Principal and NotPrincipal
    • IAM policy elements: Condition
    • Security Token Service (STS)
    • Identity federation in AWS
    • Enabling SAML for your AWS resources
    • Single Sign-On
    • Cognito
    • Directory Service
    • Trusts in Active Directory
    • Example S3 Bucket Policies
    • Cross-account access to S3 buckets using Resource-based policies and IAM policies
    • S3 Access Control Lists (ACLs)
    • Presigned URLs
    • S3 Versioning
    • S3 Cross-Region Replication (CRR)
    • S3 Object Lock
    • Configuring MFA-protected API access
    • IAM Permission Boundaries
  • Domain 5 - Data Protection
  • CloudHSM
  • Key Management Service (KMS)
  • Symmetric CMKs vs Asymmetric CMKs
  • Data Key Caching
  • Deleting KMS CMKs
  • Default KMS Key Policy
  • Managing access to KMS CMKs
  • KMS CMK Key Types
  • Rotating KMS CMKs
  • Example Key Policies for KMS Questions
  • KMS Grants
  • KMS CLI Commands
  • Importing key material in KMS
  • KMS Condition Keys
  • Migrating Encrypted KMS Data Across Regions
  • KMS Encryption Context
  • CloudHSM vs KMS
  • S3 Data Encryption
  • Application Load Balancer (ALB)
  • ELB Listeners Part 1
  • ELB Listeners Part 2
  • AWS Certificate Manager (ACM)
  • Glacier
  • DynamoDB Encryption
  • AWS Secrets Manager
  • Summaries
    • Domain 1
    • Domain 2
    • Domain 3
    • Domain 4
    • Domain 5
Powered by GitBook
On this page
  • Sessions Manager
  • Run Command
  • Patch Manager
  • Parameter Store

Was this helpful?

  1. Domain 2 - Logging & Monitoring

Systems Manager Features

Sessions Manager

  • Session Manager is a fully managed Systems Manager capability that lets you manage your EC2 instances, on-premises instances and VMs through an interactive one-click browser-based shell or through the AWS Command Line Interface (AWS CLI).

  • Some benefits:

    • Centralized access control to instances using IAM policies - Administrators have a single place to grant and revoke access to instances.

    • No open inbound ports and no need to manage bastion hosts or SSH keys.

    • One-click access to instances from the console and CLI.

    • Port forwarding - Redirect any port inside your remote instance to a local port on a client.

    • Cross-platform support for Windows, Linux, and macOS.

    • Logging and auditing session activity using CloudTrail and CloudWatch Logs.

Run Command

  • Systems Manager Run Command lets you remotely and securely manage the configuration of your managed instances.

  • It enables you to automate common administrative tasks and perform ad hoc configuration changes at scale.

  • For example, it can be used to: install or bootstrap applications, build a deployment pipeline, capture log files when an instance is terminated from an Auto Scaling group and join instances to a Windows domain, etc.

Patch Manager

  • Systems Manager Patch Manager automates the process of patching managed instances with both security related and other types of updates.

  • You can scan instances to see only a report of missing patches (scan) or you can scan and automatically install all missing patches (scan and install).

  • A patch baseline defines which patches are approved for installation on your instances - You can specify approved or rejected patches one by one. Also, the rejected list overrides both the rules and the approve list.

  • Systems Manager Maintenance Windows let you define a schedule for when to perform potentially disruptive actions on your instances such as patching an operating system, updating drivers, or installing software or patches.

Parameter Store

  • Systems Manager Parameter Store provides secure, hierarchical storage for configuration data management and secrets management.

  • You can store data such as passwords, database strings, Amazon Machine Image (AMI) IDs, and license codes as parameter values.

  • You can store values as plain text or encrypted data.

  • You can reference Systems Manager parameters in your scripts, commands, SSM documents, and configuration and automation workflows by using the unique name that you specified when you created the parameter.

PreviousSystems ManagerNextCloudWatch Logs

Last updated 4 years ago

Was this helpful?