====== Systems Manager (SSM) ======

**What it is:** A suite of tools to manage and operate fleets of servers (EC2 and on-prem).

**What it’s for:**
  * Remote access without opening SSH ports (Session Manager).
  * Run commands on many instances (Run Command).
  * Patch and maintain OS (Patch Manager).
  * Store configuration parameters (Parameter Store — see security branch).

**Key ideas:**
  * Uses an SSM agent on instances and IAM permissions.
  * Strongly improves security posture by reducing open inbound ports.

**Exam cues:**
  * “access EC2 without SSH” → Session Manager.
  * “run same command on 100 instances” → Run Command.
  * “patch fleet automatically” → Patch Manager.

**Hard words:**
  * *fleet* /fliːt/: nhóm nhiều máy
  * *remote* /rɪˈmoʊt/: từ xa
  * *posture* /ˈpɑːstʃər/: trạng thái (mức độ an toàn)