State Manager

Systems Manager: State Manager

In State Manager, an association is the result of binding configuration information that defines the state you want your instances to be in to the instances themselves. This information specifies when and how you want instance-related operations to run that ensure your Amazon EC2 and hybrid infrastructure is in an intended or consistent state.

An association defines the state you want to apply to a set of targets. An association includes three components and one optional set of components:

  • A document that defines the state.
  • Target(s).
  • A schedule.
  • (Optional) Runtime parameters.

When you performed the Setup Inventory actions, you created an association in State Manager.

3.4 Review Association Status

  1. Under Instances & Nodes in the navigation bar, select State Manager. At this point, the Status may show that the inventory activity has not yet completed.
    1. Choose the single Association id that is the result of your Setup Inventory action. The name should be Inventory-Association.
    2. Examine each of the available tabs of data under the Association ID heading.

Inventory is accomplished through the following:

  • The activities defined in the AWS-GatherSoftwareInventory command document.

  • The parameters provided in the Parameters section are passed to the document at execution.

  • The targets are defined in the Targets section. In this example there is a single target, the tag key-value pair Environment:OELabIPM.

  • The schedule for this activity is defined under Specify schedule and Specify with to use a CRON/Rate expression on a 30 minute interval.

  • There is the option to specify Output options.

    If you change the command document, the Parameters section will change to be appropriate to the new command document.

  1. Navigate to Managed Instances under Instances & Nodes in the navigation bar. An Association Status has been established for the inventoried instances under management.
  2. Choose one of the Instance ID links and select the Inventory tab. The Inventory tab is now populated based on the parameters defined previously. You can track associations and their last activity under the Associations tab.
  3. Navigate to Compliance under Instances & Nodes in the navigation bar. Here you can view the overall compliance status of your managed instances in the Compliance resources summary and the individual compliance status of systems in the Details overview for resources section below.

The inventory activity can take up to 10 minutes to complete. While waiting for the inventory activity to complete, you can proceed with the next section.

Systems Manager: Compliance

You can use AWS Systems Manager Configuration Compliance to scan your fleet of managed instances for patch compliance and configuration inconsistencies. You can collect and aggregate data from multiple AWS accounts and Regions, and then drill down into specific resources that aren’t compliant.

By default, Configuration Compliance displays compliance data about Systems Manager Patch Manager patching and Systems Manager State Manager associations. You can also customize the service and create your own compliance types based on your IT or business requirements. You can also port data to Amazon Athena and Amazon QuickSight to generate fleet-wide reports.