Getting started with AWS Systems Manager Inventory

Maxat AkbanovMaxat Akbanov
4 min read

AWS Systems Manager Inventory provides visibility into your Amazon EC2 and on-premises computing environment. You can use Inventory to collect metadata from your managed instances. This metadata can include detailed information about installed applications, application patches, network configurations, and more.

Systems Manager Inventory collects only metadata from your managed nodes. Inventory doesn't access proprietary information or data.

The following table describes the types of data you can collect with Systems Manager Inventory. The table also describes different offerings for targeting nodes and the collection intervals you can specify.

ConfigurationDetails
Metadata typesYou can configure Inventory to collect the following types of data:

- Applications: Application names, publishers, versions, etc.
- AWS components: EC2 driver, agents, versions, etc.
- Files: Name, size, version, installed date, modification and last accessed times, etc.
- Network configuration: IP address, MAC address, DNS, gateway, subnet mask, etc.
- Windows updates: Hotfix ID, installed by, installed date, etc.
- Instance details: System name, operating systems (OS) name, OS version, DNS, domain, work group, OS architecture, etc.
- Services: Name, display name, status, dependent services, service type, start type, etc.
- Tags: Tags assigned to your nodes.
- Windows Registry: Registry key path, value name, value type, and value.
- Windows roles: Name, display name, path, feature type, installed state, etc.
- Custom inventory: Metadata that was assigned to a managed node as described in Working with custom inventory.

To view a list of all metadata collected by Inventory, see Metadata collected by inventory. | | Nodes to target | You can choose to inventory all managed nodes in your AWS account, individually select nodes, or target groups of nodes by using tags. For more information about collecting inventory data from all of your managed nodes, see Inventory all managed nodes in your AWS account. | | When to collect information | You can specify a collection interval in terms of minutes, hours, and days. The shortest collection interval is every 30 minutes. |

Key features of AWS Systems Manager Inventory include:

  1. Data collection and analysis: Collect metadata from Amazon EC2 instances and on-premises machines to help with configuration and compliance management.

  2. Integration with AWS Config: Inventory data can be integrated with AWS Config to maintain a history of configuration changes.

  3. Custom inventory: You can define custom inventory types to collect data that isn't gathered by default.

  4. Secure data collection: Inventory uses a secure and encrypted channel to collect and store data.

  5. Queries: Use query capabilities to get insights into the inventory data.

Workshop Exercise: Default inventory metadata provided by AWS

Prerequisites:

  1. An AWS account with sufficient privileges.

  2. An EC2 instance. If not, launch a basic one.

    💡
    To launch EC2 instance use the following guide: How to launch a single EC2 instance via AWS CLI

Steps:

  1. Set Up Role for Systems Manager:

    • Go to the IAM console.

    • Create a new role for EC2.

    • Attach the AmazonEC2RoleforSSM policy.

    • Create the role.

  2. Attach Role to EC2 Instance:

    • Go to the EC2 console.

    • Right-click on your instance and choose "Modify IAM Role."

    • Select the role you just created.

  3. Enable Inventory Collection:

    • Go to Systems Manager console.

    • In the left navigation pane, select "Inventory."

    • Click "Setup Inventory" on the top right.

    • In the Targets section, choose your EC2 instance.

    • For the Schedule, you can keep the default of every 30 minutes.

    • Click "Setup Inventory."

  4. Review Collected Inventory Data:

    • It may take some time for the data to be collected. Wait for a while, then refresh the Inventory page.

    • You should be able to see your EC2 instance listed.

    • Click on your instance ID to view detailed inventory data.

  5. Custom Inventory (Optional):

    • You can gather custom inventory by specifying scripts or commands.

    • Create a script that generates data in JSON format.

    • Use Systems Manager Run Command to execute your script on your managed instances and gather the custom inventory.

  6. Query the Inventory:

    • Back on the Inventory page, you can use the query system to gather insights.

    • For instance, you might query for all instances with a specific software installed or with a particular OS.

  7. Clean Up:

    • If you no longer need the EC2 instance or the IAM role, be sure to terminate the instance and delete the IAM role to avoid incurring unnecessary charges.

With these steps, you'll have an operational understanding of how AWS Systems Manager Inventory works and can use it to collect, store, and query metadata from your EC2 instances.

References

  1. AWS Systems Manager Inventory
0
Subscribe to my newsletter

Read articles from Maxat Akbanov directly inside your inbox. Subscribe to the newsletter, and don't miss out.

AWSAWS SSMDevops

Written by

Maxat Akbanov
Maxat Akbanov

Hey, I'm a postgraduate in Cyber Security with practical experience in Software Engineering and DevOps Operations. The top player on TryHackMe platform, multilingual speaker (Kazakh, Russian, English, Spanish, and Turkish), curios person, bookworm, geek, sports lover, and just a good guy to speak with!