AWS Systems Manager helps you manage your EC2 instances and On-Premise systems at scale. You can easily get operations insights about the state of your infrastructure. It helps to detect instance issues easily and it could be a patching automation solution to enhance compliance. This article will provide a high-level plan to implement AWS SSM monitoring for ON-PREM Windows servers. You could create custom SSM RUN documents to monitor various services, files, and certificates.
How does it work?
AWS Systems Manager is an agent-based solution where you need to install the SSM agent on On-premise physical servers, virtual machines, and cloud instances. This agent makes it possible for the Systems Manager to update, manage, and configure these resources effectively. The agent processes requests from the Systems Manager service in the AWS Cloud, and then run them as specified in the request. SSM Agent then sends status and execution information back to the Systems Manager service by using the Amazon Message Delivery Service. Using the custom run documents, we can monitor the various items on the windows and Linux servers.
For this solution, we need to onboard a couple more services for the notification part.
1.Amazon Event Bridge
Amazon Event Bridge is a serverless event bus that makes it easier to build event-driven applications at scale using events generated from your applications, integrated Software-as-a-Service (SaaS) applications, and AWS services. SSM run document failed alerts can be fed in to event bridge to send the alerts to the defined targets.
Event bridge also can invoke other SSM run documents to remediate the failed run documents.
2.Amazon SNS (Simple Notification Service)
Amazon Simple Notification Service (Amazon SNS) is a fully managed messaging service for both application-to-application (A2A) and application-to-person (A2P) communication.
The A2A pub/sub functionality provides topics for high-throughput, push-based, many-to-many messaging between distributed systems, microservices, and event-driven serverless applications. The A2P functionality enables you to send messages to users at scale via SMS, mobile push, and email. Failed run documents events from SSM can be fed in to SNS using event bridge to notify the DevOps engineers.
The overall monitoring solutions will look like below.
In the next artcile, we will go through step by step process to implement this solution. We will also see how to create custom SSM documents and make use of it.
Hope this artcile is informative to you.
Leave a Reply