• The AWS Systems Manager CloudWatch Dashboard will no longer be available after April 30, 2026. Customers can continue to use Amazon CloudWatch console to view, create, and manage their Amazon CloudWatch dashboards, just as they do today. For more information, see [Amazon CloudWatch Dashboard documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Dashboards.html). # What is AWS Systems Manager? AWS Systems Manager helps you centrally view, manage, and operate nodes at scale in AWS, on-premises, and multicloud environments. With the launch of a unified console experience, Systems Manager consolidates various tools to help you complete common node tasks across AWS accounts and AWS Regions. To use Systems Manager, nodes must be [managed](https://docs.aws.amazon.com/systems-manager/latest/userguide/operating-systems-and-machine-types.html#supported-machine-types), which means SSM Agent is installed on the machine and the agent can communicate with the Systems Manager service. To help you identify why nodes aren't reporting as *managed*, Systems Manager offers a one-click agent issue diagnosis and remediation runbook that you can configure to run automatically according to a schedule you define. This feature helps identify why nodes can't connect to Systems Manager, including networking misconfigurations. This feature also provides recommended runbooks for remediating networking issues and other problems preventing nodes from being configured as managed nodes. The unified console experience also includes a dashboard that provides a high-level overview of your nodes. You can drill down for more specific node insights such as which nodes are running outdated operating system (OS) software. You can also use filters for granular views based on instance metadata like OSs and OS versions, AWS Regions, AWS accounts, and SSM Agent versions. These filters help you retrieve relevant information at a specific account level or application level across your entire organization. **Topics** + [ ## How can Systems Manager benefit my operations? ](#benefits) + [ ## Who should use Systems Manager? ](#use-cases) + [ ## What are the main features of Systems Manager? ](#features) + [ ## Supported AWS Regions ](#regions) + [ ## Accessing Systems Manager ](#access-methods) + [ ## Systems Manager service name history ](#service-naming-history) + [ # Supported operating systems and machine types ](operating-systems-and-machine-types.md) + [ # What is the unified console? ](systems-manager-unified-console.md) ## How can Systems Manager benefit my operations? Benefits of Systems Manager include the following: + **Enhance visibility across your entire infrastructure** Systems Manager provides a centralized view of nodes across your organization's accounts and Regions. Quickly access instance information such as ID, name, OS details, and installed agents. Use Amazon Q Developer to query instance metadata using natural language, helping you identify issues and take action faster. + **Boost operational efficiency with automation** Automate common operational tasks and reduce time and effort required to maintain your systems. Systems Manager provides safe and secure remote management of your nodes at scale without logging into your servers. You no longer need to use bastion hosts, SSH, or remote PowerShell. Systems Manager also provides a simple way of automating common administrative tasks across groups of nodes such as registry edits, user management, and software and patch installations. + **Simplify node management at scale in any environment** Systems Manager helps you manage nodes across AWS, on-premises, and multicloud environments. Schedule automated diagnoses to identify SSM Agent issues and remediate them with one-click runbooks. After your nodes are configured as *managed* nodes, you can execute critical operational tasks such as applying security patches, initiating logged sessions, and running commands remotely. ## Who should use Systems Manager? Systems Manager is used by IT operations managers and operators, DevOps engineers, security and compliance managers, and IT directors and CIOs. Broadly speaking, Systems Manager is appropriate for the following: + Organizations that want to improve the management and security of their nodes at scale. + Organizations that want to increase visibility and operational agility when managing their infrastructure. + Organizations that want to increase operational efficiency at scale. ## What are the main features of Systems Manager? The primary features of Systems Manager are shared between the unified console and the individual tools Systems Manager provides to help you manage nodes at scale. **Unified console** The unified console provides a centralized experience to view and manage your nodes. This console leverages several Systems Manager tools and more to provide you with the following: + Centralized views of your nodes + Detailed node insights + Automated diagnosis and remediation of common node issues For more information about the unified console, see [What is the unified console?](systems-manager-unified-console.md). **Tools** Tools consist of the individual capabilities of Systems Manager and their features such as Run Command, Session Manager, Automation, and Parameter Store. With Systems Manager tools you can do the following: + Just-in-time access node access + Patch nodes at scale + Securely connect to nodes without opening inbound ports + Run commands remotely on nodes + Securely store data referenced by applications + Automate common systems administration tasks For more information about Systems Manager tools, see [Using AWS Systems Manager tools](systems-manager-tools.md). ## Supported AWS Regions For a list of AWS Regions that support [Systems Manager tools](systems-manager-tools.md), see [Systems Manager service endpoints](https://docs.aws.amazon.com/general/latest/gr/ssm.html#ssm_region) in the *Amazon Web Services General Reference*. The unified Systems Manager console, released on November 21, 2024, is available in the following AWS Regions: + US East (N. Virginia) Region + US East (Ohio) Region + US West (N. California) Region + US West (Oregon) Region + Canada (Central) Region + South America (São Paulo) Region + Asia Pacific (Mumbai) Region + Asia Pacific (Tokyo) Region + Asia Pacific (Seoul) Region + Asia Pacific (Singapore) Region + Asia Pacific (Sydney) Region + Europe (Frankfurt) Region + Europe (Stockholm) Region + Europe (Ireland) Region + Europe (London) Region + Europe (Paris) Region ## Accessing Systems Manager You can work with Systems Manager in any of the following ways: **Systems Manager console** The [Systems Manager console](https://console.aws.amazon.com/systems-manager/) is a browser-based interface to access and use Systems Manager. **AWS IoT Greengrass V2 console** You can view and manage edge devices that are configured for AWS IoT Greengrass in the [Greengrass console](https://console.aws.amazon.com/iot). **AWS command line tools** By using the AWS command line tools, you can issue commands at your system's command line to perform Systems Manager and other AWS tasks. The tools are supported on Linux, macOS, and Windows. Using the AWS Command Line Interface (AWS CLI) can be faster and more convenient than using the console. The command line tools also are useful if you want to build scripts that perform AWS tasks. AWS provides two sets of command line tools: the [AWS Command Line Interface](https://aws.amazon.com/cli/) and the [AWS Tools for Windows PowerShell](https://aws.amazon.com/powershell/). For information about installing and using the AWS CLI, see the [AWS Command Line Interface User Guide](https://docs.aws.amazon.com/cli/latest/userguide/). For information about installing and using the Tools for Windows PowerShell, see the [AWS Tools for PowerShell User Guide](https://docs.aws.amazon.com/powershell/latest/userguide/). On your Windows Server instances, Windows PowerShell 3.0 or later is required to run certain SSM documents (for example, the legacy `AWS-ApplyPatchBaseline` document). Verify that your Windows Server instances are running Windows Management Framework 3.0 or later. The framework includes Windows PowerShell. **AWS SDKs** AWS provides software development kits (SDKs) that consist of libraries and sample code for various programming languages and platforms (for example, [Java](https://aws.amazon.com/sdk-for-java/), [Python](https://aws.amazon.com/sdk-for-python/), [Ruby](https://aws.amazon.com/sdk-for-ruby/), [.NET](https://aws.amazon.com/sdk-for-net/), [iOS and Android](https://aws.amazon.com/mobile/resources/), and [others](https://aws.amazon.com/tools/#sdk)). The SDKs provide a convenient way to grant programmatic access to Systems Manager. For information about the AWS SDKs, including how to download and install them, see [Tools for Amazon Web Services](https://aws.amazon.com/tools/#sdk). ## Systems Manager service name history AWS Systems Manager (Systems Manager) was formerly known as "Amazon Simple Systems Manager (SSM)" and "Amazon EC2 Systems Manager (SSM)". The original abbreviated name of the service, "SSM", is still reflected in various AWS resources, including a few other service consoles. Some examples: + **Systems Manager Agent**: SSM Agent + **Systems Manager parameters**: SSM parameters + **Systems Manager service endpoints**: `ssm.region.amazonaws.com` + **AWS CloudFormation resource types**: `AWS::SSM::Document` + **AWS Config rule identifier**: `EC2_INSTANCE_MANAGED_BY_SSM` + **AWS Command Line Interface (AWS CLI) commands**: `aws ssm describe-patch-baselines` + **AWS Identity and Access Management (IAM) managed policy names**: `AmazonSSMReadOnlyAccess` + **Systems Manager resource ARNs**: `arn:aws:ssm:region:account-id:patchbaseline/pb-07d8884178EXAMPLE` # Supported operating systems and machine types Before working with Systems Manager, verify that your operating system (OS), OS version, and machine type are supported as managed nodes. **Topics** + [ ## Supported operating systems for Systems Manager ](#prereqs-operating-systems) + [ ## Supported machine types in hybrid and multicloud environments ](#supported-machine-types) ## Supported operating systems for Systems Manager The following sections list the OSs and OS versions supported by Systems Manager. **Note** If you plan to manage and configure AWS IoT Greengrass core devices by using Systems Manager, those devices must meet the requirements for AWS IoT Greengrass. For more information, see [Setting up AWS IoT Greengrass core devices](https://docs.aws.amazon.com/greengrass/v2/developerguide/setting-up.html) in the *AWS IoT Greengrass Version 2 Developer Guide*. If you plan to manage and configure AWS IoT and non-AWS edge devices, those devices must meet the requirements listed here and be configured as on-premises managed nodes for Systems Manager. For more information, see [Managing edge devices with Systems Manager](systems-manager-setting-up-edge-devices.md). **Important** We strongly recommend that you avoid using OS versions that have reached End-of-Life (EOL). OS vendors including AWS typically don't provide security patches or other updates for versions that have reached EOL. Continuing to use an EOL system greatly increases the risk of not being able to apply upgrades, including security fixes, and other operational problems. AWS does not test Systems Manager functionality on OS versions that have reached EOL. Patch Manager, a tool in Systems Manager, might not support all the OS versions listed in this topic. For a list of OS versions supported by Patch Manager, see [Patch Manager prerequisites](patch-manager-prerequisites.md). **Topics** + [ ### Linux ](#prereqs-os-linux) + [ ### macOS (Amazon EC2 instances only) ](#prereqs-os-mac) + [ ### Windows Server ](#prereqs-os-windows-server) Select an OS platform to see the supported major and minor versions. ### Linux **AlmaLinux** | Versions | x86 | x86\$164 | ARM64 | | --- | --- | --- | --- | | 8.3–8.10 | | ✓ | ✓ | | 9.x | | ✓ | ✓ | **Amazon Linux 2** | Versions | x86 | x86\$164 | ARM64 | | --- | --- | --- | --- | | 2.0 and all later versions | | ✓ | ✓ | **Amazon Linux 2023** | Versions | x86 | x86\$164 | ARM64 | | --- | --- | --- | --- | | 2023.0.20230315.0 and all later versions | | ✓ | ✓ | **Bottlerocket** | Versions | x86\$164 | ARM64 | | --- | --- | --- | | 1.0.0 and all later versions | ✓ | ✓ | **CentOS Stream** | Versions | x86 | x86\$164 | ARM64 | | --- | --- | --- | --- | | 9 | | ✓ | ✓ | **Debian Server** | Versions | x86 | x86\$164 | ARM64 | | --- | --- | --- | --- | | Bullseye (11) | | ✓ | ✓ | | Bookworm (12) | | ✓ | ✓ | **Oracle Linux** | Versions | x86 | x86\$164 | ARM64 | | --- | --- | --- | --- | | 7.5–7.8 | | ✓ | | | 8.x | | ✓ | | | 9.x | | ✓ | | **Red Hat Enterprise Linux (RHEL)** | Versions | x86 | x86\$164 | ARM64 | | --- | --- | --- | --- | | 7.0–7.5 | | ✓ | | | 7.6–8.x | | ✓ | ✓ | | 9.x | | ✓ | ✓ | | 10.x | | ✓ | ✓ | **Rocky Linux** | Versions | x86 | x86\$164 | ARM64 | | --- | --- | --- | --- | | 8.x | | ✓ | ✓ | | 9.x | | ✓ | ✓ | **SUSE Linux Enterprise Server (SLES)** | Versions | x86 | x86\$164 | ARM64 | | --- | --- | --- | --- | | 15.3 and later versionsx | | ✓ | ✓ | **Ubuntu Server** | Versions | x86 | x86\$164 | ARM64 | | --- | --- | --- | --- | | 16.04 LTS and 18.04 LTS | | ✓ | ✓ | | 20.04 LTS | | ✓ | ✓ | | 22.04 LTS | | ✓ | ✓ | | 24.04 LTS | | ✓ | ✓ | | 25.04 | | ✓ | ✓ | ### macOS (Amazon EC2 instances only) **** | Version | x86 | x86\$164 | Mac with Apple silicon | | --- | --- | --- | --- | | 13.x (Ventura) | | ✓ | ✓ | | 14.x (Sonoma) | | ✓ | ✓ | | 15.x (Sequoia) | | ✓ | ✓ | **Note** macOS is not supported in all AWS Regions. For more information about Amazon EC2 support for macOS, see [Amazon EC2 Mac instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-mac-instances.html) in the *Amazon EC2 User Guide*. ### Windows Server SSM Agent requires Windows PowerShell 3.0 or later to run certain AWS Systems Manager documents (SSM documents) on Windows Server instances (for example, the legacy `AWS-ApplyPatchBaseline` document). Verify that your Windows Server instances are running Windows Management Framework 3.0 or later. This framework includes Windows PowerShell. For more information, see [https://www.microsoft.com/en-us/download/details.aspx?id=34595&751be11f-ede8-5a0c-058c-2ee190a24fa6=True](https://www.microsoft.com/en-us/download/details.aspx?id=34595&751be11f-ede8-5a0c-058c-2ee190a24fa6=True). **** | Version | x86 | x86\$164 | ARM64 | | --- | --- | --- | --- | | 2012 and 2012 R2² | | ✓ | | | 2016 | | ✓ | | | 2019 | | ✓ | | | 2022 | | ✓ | | | 2025 | | ✓ | | **¹** **Windows Server 2012 and 2012 R2 support**: Windows Server 2012 and 2012 R2 reached end of support on October 10, 2023. To use SSM Agent with these versions, we recommend using Extended Security Updates (ESUs) from Microsoft. For more information, see [Windows Server 2012 and 2012 R2 reaching end of support](https://learn.microsoft.com/en-us/lifecycle/announcements/windows-server-2012-r2-end-of-support) on the Microsoft website. ## Supported machine types in hybrid and multicloud environments Systems Manager supports a number of machine types as *managed nodes*. A managed node is any machine configured to work with Systems Manager. This user guide uses the term *hybrid and multicloud* to refer to an environment that contains any combination of the following machine types: + Amazon Elastic Compute Cloud (Amazon EC2) instances + Servers on your own premises (on-premises servers) + AWS IoT Greengrass core devices + AWS IoT and non-AWS edge devices + Virtual machines (VMs), including VMs in other cloud environments For information about AWS support for hybrid and multicloud environments, see [AWS Solutions for Hybrid and Multicloud](https://aws.amazon.com/hybrid-multicloud/). # What is the unified console? The unified Systems Manager console is a consolidated experience that combines various tools to help you complete common node tasks across multiple AWS accounts and AWS Regions in an AWS Organizations organization, or a single account and Region. Nodes can be EC2 instances, hybrid servers, or servers running in a multicloud environment. In the unified console, you're provided with detailed insights to your nodes. You can generate reports for your nodes, diagnose and remediate common issues that prevent nodes from reporting as managed by Systems Manager, like connectivity issues. ![\[Node data displayed on Systems Manager Review node insights page\]](http://docs.aws.amazon.com/systems-manager/latest/userguide/images/SYS2-Dashboard-Nodes.png) In addition to summaries about your nodes on the **Review node insights** page, you can view specific details about a node from the **Explore nodes** page. ![\[A list of managed nodes in the Explore nodes page\]](http://docs.aws.amazon.com/systems-manager/latest/userguide/images/2-explore-nodes-managed-nodes.png) **Node details tabs** When you select a node on the **Explore nodes** page, the node detail page provides a comprehensive overview of node details and additional information on a series of tabs: ![\[Node overview details in the Explore nodes section\]](http://docs.aws.amazon.com/systems-manager/latest/userguide/images/unified-console-explore-nodes-node-details.png) ****Tags**** (Optional) Manage resource tags to group and filter the managed node with other resources. Tags consist of a case-senstive key-value pair and are used to categorize resources in different ways, such as by purpose, owner, or environment. ****Inventory**** Displays metadata about the managed node, which you can view according to over 10 different inventory types. For example, when you select the type `AWS:Application`, the inventory filter results provide details about applications installed on the node, such as **Name**, **Version**, **Architecture**, and more. For more information about Inventory, see [AWS Systems Manager Inventory](systems-manager-inventory.md). ****Associations**** An association is a resource type in State Manager that defines the target state for a managed node and maintains all managed nodes in your account in a consistent state. The association can define the commands, scripts, or policies to apply to which managed instances, and how often the association should run to ensure the nodes are match the defined configuration for the node. An association can drive compliance reporting of required states for resources in your account. For more information about State Manager and assocations, see [AWS Systems Manager State Manager](systems-manager-state.md). ****Patches**** Displays metadata about the managed node, such as which patch baseline is assigned to the node and the total number of updates for packages that have been updated successfully, failed, or still required for installation. The **Patches** tab also reports details about patches available for the node based on the configuration requirements in the patch baseline, including the package **Name**, such as `libblockdev-crypto.x86_64`; **Classification** (such as `Bugfix` or `Security`); **Description** (showing the full patch title, such as `coreutils.x86_64:0:8.32-36.el9` and `java-11-amazon-corretto-headless-1:11.0.15+9-1.amzn2.x86_64`; and **Patch State**, such as `Installed`, `Installed_Pending_Reboot`, `Missing`, and `Failed`. Patch *states* do not indicate whether or not a managed node is *compliant*. Patch compliance is not innately tied to patch states, nor is it defined by AWS, by operating system (OS) vendors, or by third parties such as security consulting firms. Instead, you define what patch compliance means for managed nodes in your organization or account in a *patch baseline*. For more information, see [What is compliance in Patch Manager?](patch-manager.md#patch-manager-definition-of-compliance) and [Predefined and custom patch baselines](patch-manager-predefined-and-custom-patch-baselines.md). ****Configuration compliance**** Reports patch compliance and configuration inconsistencies on the node (whether the state of a package on the managed node is `Compliant` or `Non-compliant` according to the definition of Compliant as defined in either a State Manager association or a Patch Manager patch baseline). You can filter configuration compliance results according to a package **ID**, **Compliance status**, **Compliance type** (`Association` or `Patch`), `Severity`, and different execution details. For related information, see [AWS Systems Manager Compliance](systems-manager-compliance.md). Whether you have nodes in multiple accounts and Regions in an organization, or nodes in a single account and Region, we recommend using the unified console. To learn about the node tasks you can perform now using the unified console, see [Performing node management tasks with AWS Systems Manager](systems-manager-node-tasks.md). For more information about setting up your nodes for Systems Manager, see [Setting up managed nodes for AWS Systems Manager](systems-manager-setting-up-nodes.md). After you've set up your nodes, you can set up Systems Manager and the unified console. To learn more about setting up Systems Manager, see [Setting up AWS Systems Manager](systems-manager-setting-up-console.md).