ssm

SSM Agent

Most SSM functionality depends on this agent being present on the instance to be managed.
Pre-installed on Amazon Linux
Needs permission AmazonSSMManagedInstanceCore
Use VPC endpoint

Application Manager

Logical grouping of resources to help provide context around resources, and while troubleshooting issues. Discovers related resources automatically, for ex, using CloudFormation templates.

AppConfig

Store and manage configs for environment separate from app code.

Parameter Store

No support for multi region
No Rotation
Optional encryption in-transit, at-rest
Region scope
Similar to Secrets Manager

Change Management

Change Manager
Change Calendar: Decide, plan and enforce when changes, can or cannot be made to resources.
Maintenance Window
Automation: Automate common tasks, uses SSM agent, runbooks etc.

Node Management

Compliance
Fleet Manager
Inventory
Session Manager
Run Command
State Manager
Patch Manager
Distributor
Hybrid Activations

Operations

Incident Manager
Explorer
OpsCenter

SSM Agent#

Application Manager#

AppConfig#

Parameter Store#

Change Management#

Node Management#

Operations#