Systems Manager

In the cloud, you can apply the same engineering discipline that you use for application code to your entire environment. You can define your entire workload (applications, infrastructure, etc.) as code and update it with code. You can script your operations procedures and automate their execution by triggering them in response to events. By performing operations as code, you limit human error and enable consistent execution of operations activities.

In this lab you will apply the concepts of Infrastructure as Code and Operations as Code to the following activities: * Deployment of Infrastructure * Inventory Management * Patch Management

Included in the lab guide are bonus sections that can be completed if you have time or later if interested. * Creating Maintenance Windows and Scheduling Automated Operations Activities * Create and Subscribe to a Simple Notification Service Topic

Setup

Requirements

You will need the following to be able to perform this lab: * Your own device for console access

User and Group Management

When you create an Amazon Web Services (AWS) account, you begin with a single sign-in identity that has complete access to all AWS services and resources in the account. This identity is called the AWS account root user. It is accessed by signing in with the email address and password that you used to create the account.

We strongly recommend that you do not use the root user for your everyday tasks, even the administrative ones. Instead, adhere to the best practice of using the root user only to create your first IAM user. Securely store the root user credentials and use them to perform only a few account and service management tasks. To view the tasks that require you to sign in as the root user, see AWS Tasks That Require Root User.

IAM Users & Groups

As a best practice, do not use the AWS account root user for any task where it’s not required. Instead, create a new IAM user for each person that requires administrator access. Then grant administrator access by placing the users into an “Administrators” group to which the AdministratorAccess managed policy is attached.

Use administrators group members to manage permissions and policy for the AWS account. Limit use of the root user to only those actions that require it.