Inventory

AWS Systems Manager Inventory provides visibility into your Amazon EC2 and on-premises computing environment. You can use Inventory to collect metadata from your managed instances. You can store this metadata in a central Amazon Simple Storage Service (Amazon S3) bucket, and then use built-in tools to query the data and quickly determine which instances are running the software and configurations required by your software policy, and which instances need to be updated. You can configure Inventory on all of your managed instances by using a one-click procedure. You can also configure and view inventory data from multiple AWS Regions and accounts.

In this lab we will enable Inventory which leverages State Manager to create an Association that runs the pre-defined document AWS-GatherSoftwareInventory on an interval that you specify. We will also configure a Resource Data Sync which sends the Inventory data to an S3 bucket for further processing and analysis.

  1. Navigate to Systems Manager > Node Management > Inventory

  2. Under the Dashboard tab select Setup Inventory

  3. Enter the following for Inventory Association Configuration Details:

    • For Name keep the default: Inventory-Association

    • For Targets select Choose all instances - (You can scope the State Manager Association down to specific targets if this was a real world scenario)

    • For Schedule keep the default of 30 minutes

    • For Parameters keep all defaults

    • For Advanced leave this unchecked, we will configure this separately

  4. Choose Setup Inventory

  5. Select View Details (top right inside the green success banner)

    • Alternatively, navigate to State Manager and drill into the details of the Association named Inventory-Association

  6. The Inventory Association Details will be the first place to go for troubleshooting. Navigate to resources and you will see all targets registered with the Association and a direct link to their Run Command output

  7. Navigate to Systems Manager > Node Management > Inventory

    • You can now see data is being populated into the Dashboard
    • NOTE: This step may take several minutes to begin populating data within the dashboard

  8. Now we will configure the Resource Data Sync which will ship the inventory data to an S3 bucket for further processing

  9. Make an S3 bucket before creating the Resource Data Sync

    • NOTE: If you did the Distributor Lab and created a bucket for Systems Manager usage then just use that and create an Inventory prefix so your data remains organized. If you did not do the Distributor Lab, proceed with the following steps:

    • Navigate to the S3 console

    • Select Create Bucket

    • For the Bucket name enter: YOURFIRSTNAME-sm-workshop

    • For Region select US-East (N. Virginia)

    • Keep all defaults including Block all public access

    • Choose Create Bucket

    • Select your newly created bucket to access the configuration details

    • Navigate to the Permissions tab

    • Navigate to Bucket Policy and select Edit

    • Copy and paste the policy below into the bucket policy, replace ENTERYOURBUCKET with your Bucket Name, and select Save changes

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "SSMBucketPermissionsCheck",
            "Effect": "Allow",
            "Principal": {
                "Service": "ssm.amazonaws.com"
            },
            "Action": "s3:GetBucketAcl",
            "Resource": "arn:aws:s3:::ENTERYOURBUCKET"
        },
        {
            "Sid": " SSMBucketDelivery",
            "Effect": "Allow",
            "Principal": {
                "Service": "ssm.amazonaws.com"
            },
            "Action": "s3:PutObject",
            "Resource": [
                "arn:aws:s3:::ENTERYOURBUCKET/inventory/*"
            ],
            "Condition": {
                "StringEquals": {
                    "s3:x-amz-acl": "bucket-owner-full-control"
                }
            }
        }
    ]
}

  1. Navigate back to Inventory > Resource Data Sync

  2. Select Create resource data sync

  3. Configuration details

    • For Sync name enter YOURNAME-inventory-s3-sync

    • For Bucket name enter the name of the bucket you created previously

    • For Bucket prefix enter inventory

    • For Bucket region enter This region (us-east-1)

    • For KMS Key ARN - optional leave this blank for the purpose of the demo

    • Choose Create

  4. Switch back to your bucket and you can now see the data being synced