Systems Manager (SSM)

What it is: A suite of tools to manage and operate fleets of servers (EC2 and on-prem).

What it’s for:

• Remote access without opening SSH ports (Session Manager).
• Run commands on many instances (Run Command).
• Patch and maintain OS (Patch Manager).
• Store configuration parameters (Parameter Store — see security branch).

Key ideas:

• Uses an SSM agent on instances and IAM permissions.
• Strongly improves security posture by reducing open inbound ports.

Exam cues:

• “access EC2 without SSH” → Session Manager.
• “run same command on 100 instances” → Run Command.
• “patch fleet automatically” → Patch Manager.

Hard words:

• *fleet* /fliːt/: nhóm nhiều máy
• *remote* /rɪˈmoʊt/: từ xa
• *posture* /ˈpɑːstʃər/: trạng thái (mức độ an toàn)