Using Systems Manager from a Service-Linked Role

AWS Systems Manager and IAM Roles
AWS Systems Manager provides visibility into your AWS environment by unifying operational data across AWS services and automating operational tasks. According to AWS, its main features include: 
  • Explorer
  • OpsCenter
  • Application Manager
  • AppConfig 
  • Parameter Store 
  • Change Manager 
  • Automation 
  • Maintenance Windows
  • Fleet Manager 
  • Compliance
  • Inventory
  • Session Manager

Through IAM service-linked roles, AWS Systems Manager can execute automated tasks such as patching or other maintenance. This can be a valuable feature to utilize as your AWS security program scales. 

For more information, visit the AWS user guide to using service-linked roles for Systems Manager

AWS Systems Manager allows you to get operational insight about your resources within the AWS environment. It also allows you to execute automations. Access from AWS Systems Manager to execute automations, such as patching or other maintenance tasks, should be executed via a service-linked role. Service-linked roles can be enabled and enacted through AWS Identity and Access Management. Specifically, the service-linked roles or custom-created service roles should be defined and attached to the AWS Systems Manager service so that it can execute enabled automations as required.

Related Videos