What is AWS Systems Manager?

AWS Systems Manager (SSM) is a centralized hub for managing AWS infrastructure at scale — operational data, automating operational tasks, and managing configuration compliance. No need for SSH/RDP access to instances. Key capabilities: (1) Session Manager: secure browser-based shell/RDP access to EC2 and on-premises servers — no open inbound ports (22/3389), no bastion hosts, full audit trail in CloudTrail and S3; (2) Parameter Store: secure, hierarchical storage for configuration data and secrets: /myapp/prod/db-password (String, StringList, or SecureString encrypted by KMS). Free tier for standard parameters. IAM-controlled access. Version history. SDK integration; (3) Secrets Manager: fully managed secrets service with automatic rotation (built-in rotation for RDS, Redshift, DocumentDB; custom Lambda rotators). More expensive than Parameter Store but includes rotation. Cross-account access. SDK integration for automatic secret retrieval; (4) Run Command: remotely execute shell scripts or PowerShell on EC2 instances/on-premises. No SSH needed. Audit in CloudTrail; (5) Patch Manager: automate OS and application patching across instances. Define patch baselines, maintenance windows. Patch compliance reporting; (6) State Manager: maintain consistent configuration state (ensure SSM agent running, CloudWatch agent configured); (7) Automation: runbooks for common operational tasks (start/stop instances, create AMIs, remediate findings); (8) OpsCenter: centralized view of operational issues; (9) Fleet Manager: manage large fleets of instances. SSM Agent pre-installed on AWS AMIs; required on-premises.