Auto-sync: 2026-04-28 20:03
This commit is contained in:
44
wiki/entities/AWS-SSM.md
Normal file
44
wiki/entities/AWS-SSM.md
Normal file
@@ -0,0 +1,44 @@
|
||||
---
|
||||
title: "AWS SSM"
|
||||
type: entity
|
||||
tags: ["AWS", "Systems-Manager", "Patch-Management", "Remote-Access"]
|
||||
sources: ["learning-sessions-standard-amis-updates-20231205-160324-meeting-recording-2", "ctp-topic-17-active-directory-services-in-gruntwork-aws-lzs", "ctp-topic-31-network-segregation-and-secure-access-to-the-new-aws-landing-zones"]
|
||||
last_updated: 2026-05-08
|
||||
---
|
||||
|
||||
## Overview
|
||||
AWS Systems Manager (SSM) 是 AWS 的管理和运维服务,在 Micro Focus AWS Landing Zone 中扮演两个关键角色:①作为标准 AMI 的内置 Agent(SSM Agent)实现实例管理和远程操作;②提供 SSM Patching 方案为长期运行实例按需打补丁;③替代传统 VPN 实现安全的远程实例访问。
|
||||
|
||||
## Aliases
|
||||
- AWS Systems Manager
|
||||
- SSM Agent
|
||||
- SSM Session Manager
|
||||
- SSM Patch Manager
|
||||
- Session Manager
|
||||
|
||||
## Role in AWS Landing Zone
|
||||
|
||||
### 1. 标准 AMI 内置组件
|
||||
- SSM Agent 是所有标准 AMI 的默认组件
|
||||
- 支持实例元数据查询、配置管理、远程命令执行
|
||||
|
||||
### 2. SSM Patching 方案
|
||||
- 为无法频繁刷新镜像的长期运行实例提供按需补丁管理
|
||||
- 通过补丁基准(Patch Baseline)自动化补丁审批和安装
|
||||
|
||||
### 3. 安全远程访问(替代 VPN)
|
||||
- SSM Session Manager 提供浏览器内会话访问 EC2 实例
|
||||
- 通过 IAM 角色控制访问权限,无需 VPN 连接
|
||||
- 支持双因素认证和 AWS 网络内安全连接
|
||||
|
||||
## Key Capabilities
|
||||
- **Run Command**:跨多实例批量执行命令
|
||||
- **Session Manager**:安全的浏览器内 shell 会话
|
||||
- **Patch Manager**:自动化补丁管理
|
||||
- **State Manager**:维护实例配置状态
|
||||
- **Parameter Store**:存储配置和密钥(已被 Secrets Manager 替代)
|
||||
|
||||
## Connections
|
||||
- [[AWS-Landing-Zone]] — SSM 是标准化运维基础设施
|
||||
- [[ctp-topic-31-network-segregation-and-secure-access-to-the-new-aws-landing-zones]] — SSM Session Manager 替代 VPN 方案
|
||||
- [[ctp-topic-17-active-directory-services-in-gruntwork-aws-lzs]] — SSM Agent 内置于 SRE 预制 AMI
|
||||
Reference in New Issue
Block a user