One of the concerns that an organization that migrates to the cloud has is how to see the organization’s infrastructure. The AWS Systems Manager provides a single pane of glass that allows for full visibility of the resources within an organization’s infrastructure. When using Systems Manager, you can place resources into groups and visualize the aggregated operational data of the group. You can also take actions that are applied to all of the resources in the group.
AWS Systems Manager is really a collection of tools, including the following:
Explorer: This dashboard displays analytical data regarding the operational health and performances of resources. This data can be derived from multiple AWS accounts and regions.
OpsCenter: When operational issues crop up, the OpsCenter is the place where you can investigate the issues. The OpsCenter provides information from different sources, including CloudTrail logs, CloudWatch alarms, and AWS Config data.
Incident Manager: This tool allows you to see incidents related to the availability and performance of applications. The tool also allows you to configure automatic responses to incidents.
Overall AWS Systems Manager provides more than 15 different tools. See https://aws.amazon.com/systems-manager/features/ for a summary of these tools.
Many large organizations have multiple AWS accounts. All these accounts pose difficulties when a resource that has been created in one account needs to be accessible in another account. The AWS Resource Access Manager (RAM) allows you to share resources across multiple AWS accounts.
RAM can be used either with or without AWS Organizations. When RAM is used without AWS Organizations, resources can be directly shared with other AWS accounts. When it is used with AWS Organizations, resources can be shared with an organization unit (OU), individual IAM roles, or individual IAM users.
When sharing resources with RAM, you also specify what permissions the resource share will be allowed. These are similar to the IAM permissions that you can grant roles and user accounts. For example, if you share an EC2 image resource, you can use the AWSRAMDefaultPermissionImageBuilderImage permission to list available images (imagebuilder:ListImages) and retrieve an image (imagebuilder:GetImage).
It is unlikely that you will be asked questions about specific RAM permissions on the exam, but you should be aware that permissions are used to limit access to resources that are shared by RAM.
Not all resources can be shared with RAM. At press time, the following resources are sharable:
AWS App Mesh
AWS Certificate Manager Private Certificate Authority
Amazon Aurora
AWS CodeBuild
Amazon EC2
EC2 Image Builder
AWS Glue
AWS License Manager
AWS Network Firewall
AWS Outposts
Amazon S3 on Outposts
AWS Resource Groups
Amazon Route 53
AWS Systems Manager Incident Manager
Amazon VPC
Answer these questions. The answers follow the last question. If you cannot answer these questions correctly, consider reading this section again until you can.
1. You have been asked to configure the AWS CLI to be used for a new IAM account. Which of the following account parameters need to be generated to correctly configure the AWS CLI? (Choose two.)
A. Access key ID
B. Authorization ID key
C. Secret access key
D. User control key
2. Which of the following are valid AWS CLI commands?
A. aws ec2 –instance-ids i-1234567890abcdef0 terminate-instances
B. aws terminate-instances ec2 –instance-ids i-1234567890abcdef0
C. aws ec2 terminate-instances –instance-ids i-1234567890abcdef0
D. aws –instance-ids i-1234567890abcdef0 terminate-instances ec2
1. Answer: A and C are correct. The AWS CLI configuration requires information about a user account, including the account access key ID and secret access key, which is generated when creating the user account.
2. Answer: C is correct. The top-level command (ec2) should be next after aws. The secondary command (terminate-instances) should be after the primary command. The options/argument pair (–instance-ids i-1234567890abcdef0) follows the secondary command.
If you want more practice on this chapter’s exam objectives before you move on, remember that you can access all of the Cram Quiz questions on the Pearson Test Prep software online. You can also create a custom exam by objective with the Online Practice Test. Note any objective you struggle with and go to that objective’s material in this chapter.
Acedexam Training Policies
Learning resources
Other resources
Our Training Providers
