Fleet Manager

This section is currently a work-in-progress.

Systems Manager Fleet Manager is a unified user interface (UI) experience that helps you remotely manage your server fleet running on AWS, or on premises. With Fleet Manager, you can view the health and performance status of your entire server fleet from one console. You can also gather data from individual instances to perform common troubleshooting and management tasks from the console. This includes viewing folder and file contents, Windows registry management, operating system user management, and more.

In this lab, you will:

  • Configure EC2 instances for Fleet Manager
  • Configure Session Manager preferences
  • Use Fleet Manager tools

Pre-Requisites

You must complete the following capability lab sections before proceeding with Change Manager:

If you have not completed these sections, go back and complete the sections listed above before proceeding.

Configure EC2 instances for Fleet Manager

Fleet Manager uses Run Command and Session Manager, capabilities of AWS Systems Manager, for various user management operations. To use the Fleet Manager tools to the fullest extent, the instance profile attached to your managed instances must provide permissions for Session Manager to use this feature. Also, AWS Key Management Service (AWS KMS) encryption must be enabled in your session preferences to use Fleet Manager features.

Create the KMS Key

  1. Open the AWS Key Management Service (KMS) console at https://console.aws.amazon.com/kms/

  2. In the navigation pane, choose Customer managed keys

  3. Choose Create key

  4. On the Configure key page, leave the default value of Symmetric for the Key type and choose Next

  5. On the Add labels page, for Alias enter session-manager, and choose Next

  6. On the Define key administrative permissions page, select your IAM role TeamRole, and choose Next

  7. On the Define key usage permissions page, select the EC2 IAM instance profile role SM-Workshop-ManagedInstancesRole, and choose Next

  8. On the Review page, choose Finish

  9. Once the KMS key is created, note the Amazon Resource Name (ARN) of the KMS key and copy the value

Configure the EC2 IAM Instance Profile role

  1. Open the AWS Identity and Access Management (IAM) console at https://console.aws.amazon.com/iam/home
  2. In the navigation pane, choose Roles
  3. Select the SM-Workshop-ManagedInstancesRole role from the list
  4. On the Summary page, choose Add inline policy
  5. On the Create policy page, choose the JSON tab
  6. Replace the default content with the following. Important: replace key-name with the ARN of the custom KMS key you created previously
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "kms:Decrypt"
            ],
            "Resource": "key-name"
        }
    ]
}
![](./media/fleet-manager-policy.en.png)
  1. Choose Review policy
  2. On the Create policy page, for Name enter KMS-Permissions, and choose Create policy

Launch Windows EC2 instance

You can use Fleet Manager to view log data stored on your instances. For Windows instances, you can view Windows event logs and copy their details from the console. Also, you can use Fleet Manager to manage the registry on your Windows instances. To use these tools later, you will launch a Windows EC2 instance.

  1. Open the AWS Systems Manager console at https://console.aws.amazon.com/ec2

  2. In the navigation pane, select Instances

  3. Choose Launch instances

  4. On the Step 1: Choose an Amazon Machine Image (AMI) page, choose the AMI for Microsoft Windows Server 2019 Base. Note: The AMI ID may differ.

  5. On the Step 2: Choose an Instance Type page, choose t2.medium, and choose Next: Configure Instance Details

  6. On the Step 3: Configure Instance Details page, for IAM role choose SM-Workshop-ManagedInstancesRole, and choose Next: Add Storage

  7. Accept the defaults and select Next: Add Tags

  8. On the Step 5: Add Tags page, choose Add Tag, for Key enter Name, for Value enter Windows, choose Next: Configure Security Group

  9. On the Step 6: Configure Security Group page, choose Select an existing security group and then select the Security Group named default with the description default VPC security group

  10. Choose Review and Launch

  11. Choose Launch

  12. Choose Proceed without a key pair from the drop-down menu and select the box for I acknowledge that I will not be able to connect to this instance unless I already know the password built into this AMI

    • We do not need to launch our EC2 instances with key pairs as we can remotely connect later in the workshop using Session Manager.
  13. Choose Launch Instances

Configure Session Manager Preferences

  1. Open the AWS Systems Manager console at https://console.aws.amazon.com/systems-manager

  2. In the navigation pane, choose Session Manager

  3. Choose the Preferences tab, and then choose Edit

  4. For KMS encryption, choose Enable KMS encryption

  5. For KMS key option, choose Select a KMS key and select the custom KMS key you created previously alias/session-manager

  6. Choose Save

Use Fleet Manager tools

You can use Fleet Manager to perform various tasks on your instances from the console, including viewing the local file system, monitoring instance performance, view Windows event logs, user management, and Windows registry management

Viewing the file system

You can use Fleet Manager to view information about the folder and file data stored on the volumes attached to your managed instances. For example, you can view the name, size, extension, owner, and permissions for your folders and files. Up to 10,000 lines of file data can be previewed as text from the Fleet Manager console. You can also use this feature to tail files. When using tail to view file data, the last 10 lines of the file are displayed initially. As new lines of data are written to the file, the view is updated in real-time. As a result, you can review log data from the console, which can improve the efficiency of your troubleshooting and systems administration.

To view the file system and text of files with Fleet Manager

  1. Open the AWS Systems Manager console at https://console.aws.amazon.com/systems-manager/

  2. In the navigation pane, choose Fleet Manager.

  3. Choose the button next to one of the instances you created in the Lab Setup section

  4. Choose View details

  5. In the Tools menu, choose File system

  6. In the search field, enter var and select the var folder

  7. In the search field, enter log and select the log folder

  8. Select the amazon folder

  9. Select the ssm folder

  10. Select amazon-ssm-agent.log, choose Actions, and choose Preview as text

  11. Choose Tail file to view the logs in real-time

Monitoring instance performance

In this section, we view performance data about the EC2 instances in real-time. The performance data is retrieved from performance counters.

The following performance counters are available in Fleet Manager:

  • CPU utilization
  • Disk input/output (I/O) utilization
  • Network traffic
  • Memory usage

To view performance data with Fleet Manager

  1. Open the AWS Systems Manager console at https://console.aws.amazon.com/systems-manager/

  2. In the navigation pane, choose Fleet Manager.

  3. Choose the button next to one of the instances you created in the Lab Setup section

  4. Choose View details

  5. In the Tools menu, choose Performance counters

View Windows event logs

You can use Fleet Manager to view log data stored on your instances. For Windows instances, you can view Windows event logs and copy their details from the console. To help you search events, filter Windows event logs by Event level, Event ID, Event source, and Time created.

To view Windows event logs with Fleet Manager

  1. Open the AWS Systems Manager console at https://console.aws.amazon.com/systems-manager/

  2. In the navigation pane, choose Fleet Manager.

  3. Choose the button next to the Windows EC2 instance you created in the Launch Windows EC2 instance section

  4. Choose View details

  5. In the Tools menu, choose Windows event logs

  6. Choose the Log name that contains the events you want to view

  7. Choose the button next to the Log name you want to view, and then select View events

  8. Choose the button next to the event you want to view, and then select View event details

User management

You can use Fleet Manager to manage operating system (OS) user accounts on your instances. For example, you can create and delete users and groups. Additionally, you can view details like group membership, user roles, and status.

In this section, we create a local user and add the user to an existing group.

To create an OS user account and to add an OS user account to an existing group with Fleet Manager

  1. Open the AWS Systems Manager console at https://console.aws.amazon.com/systems-manager/

  2. In the navigation pane, choose Fleet Manager.

  3. Choose the button next to the Windows EC2 instance you created in the Launch Windows EC2 instance section

  4. Choose View details

  5. In the Tools menu, choose Users and groups

  6. Choose Create new user

  7. On the Create new user page, do the following:

    • For Name, enter Developer
    • For Description, optionally enter a description such as A user account for developers
    • Leave Set password disabled. We will set the users password later.
    • Choose Create new user

  8. On the Instance ID page, choose Instance actions, and choose Reset password

  9. For User name enter Developer, and choose Submit

  10. Enter a password for the Developer user and choose Done

  11. Select the Developer user from the list of Local users, and choose Add user to group

  12. On the Developer: Add user to group page, choose Power Users and Remote Desktop Users from the drop-down menu, and choose Add to group

  13. Choose the Groups tab, choose Power Users, choose the 1 to view the current list of members

Windows registry management

In this section, we view two Windows registry keys using Fleet Manager.

  • HKEY_LOCAL_MACHINE\SOFTWARE\Amazon\MachineImage
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AmazonSSMAgent\Version

From the Fleet Manager console you can also create, update, and delete registry entries and values.

Important In a real-world environment, we recommend creating a backup of the registry, or taking a snapshot of the root Amazon Elastic Block Store (Amazon EBS) volume attached to your instance before you modify the registry. Serious problems can occur if you modify the registry incorrectly. These problems might require you to reinstall the operating system, or restore the root volume of your instance from a snapshot. AWS does not guarantee that these problems can be solved. Modify the registry at your own risk. You are responsible for all registry changes, and ensuring you have backups.

To view a Windows registry entry with Fleet Manager

  1. Open the AWS Systems Manager console at https://console.aws.amazon.com/systems-manager/

  2. In the navigation pane, choose Fleet Manager.

  3. Choose the button next to the Windows EC2 instance you created in the Launch Windows EC2 instance section

  4. Choose View details

  5. In the Tools menu, choose Windows registry

  6. To view the first registry key, HKEY_LOCAL_MACHINE\SOFTWARE\Amazon, perform the following steps:

    • Choose HKEY_LOCAL_MACHINE
    • Choose SOFTWARE
    • Choose Amazon
    • Choose MachineImage
  7. To view the second registry key, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AmazonSSMAgent\Version, perform the following steps:

    • Choose HKEY_LOCAL_MACHINE
    • Choose SYSTEM
    • Choose CurrentControlSet
    • Choose Services
    • Choose AmazonSSMAgent
    • Choose Version

AWS Blog Posts

User Guide Documentation: