What is AWS Systems Manager?
AWS Systems Manager gives you visibility and control of your infrastructure on AWS. Systems Manager provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources.
In simple terms, it’s a series of tools that allow us at Invotra to version parameters, log in to AWS instances securely and control managed instances, to name a few.
Why do we use AWS Systems Manager?
Ansible is a key part of automation within our devops stack and it relies on the concept of playbooks.
Playbooks contain a series of variables and actions we define when provisioning a site or even updating the current ones.
So, think for a moment if you were to have 100 client sites each with their own playbook and their own variables within the playbook, if you were to lose say half of the playbooks due to a server fault or human error, this would take a fair amount of time to recover without a backup. You would have to recreate the playbook and collect all of the variables again.
How does AWS Systems Manager tie into the parameter store?
Using AWS Systems Manager, we store common parameters via the AWS CLI (AWS command line).
This allows us (via clever code layout) to only have to define the parameter directory.
This means that we can create specific templates for processes and run them within minutes – providing the parameter directory is defined. This allows us to go from creating a site from scratch to upgrading it to the latest version at the push of a button (or command).
How do we limit who has access to the parameter store or the instances themselves?
This is handled via session manager and IAM roles.
Via the use of IAM policies, you can limit which people can access what – going hand in hand with the session manager.
Following on from this, another useful feature we utilise is the audit tracking sessions that allows us to view what commands are run and by who, this is not only a quality of life feature but also a very useful tool for security as well.
To summarise, the key benefits of using AWS Systems Manager I have found are:
It allows us to maintain and version specific parameters for any variable within the AWS environment, this then allows us to increase productivity within the environment as everything we need is quickly to hand.
It provides us with a store which defined IAM users can access easily via code or other applications.
It ensures that we keep variables versioned and maintained, whilst limiting who has access to what parts.