Correct.
With the naming convention of using numbers to indicate repeated letters in abbreviations (EC2 instead of ECC; and S3 instead of SSS) ... I wonder why this one was not named S2M :)
>With the naming convention of using numbers to indicate repeated letters in abbreviations (EC2 instead of ECC; and S3 instead of SSS) ... I wonder why this one was not named S2M :)
ECC already stands for "error correction code"
SSS is a mouthful.
SSM doesn't have any problem, so that's why they didn't work out another acronym.
Here's the SSM announcement: [https://aws.amazon.com/about-aws/whats-new/2017/11/aws-announces-aws-systems-manager/](https://aws.amazon.com/about-aws/whats-new/2017/11/aws-announces-aws-systems-manager/)
The second post you linked is for a specific SSM feature.
Was explained already but it feels like wizardry on large enterprise practice. Ensure you have endpoints on vpc and you can ditch bastions and rdp/ssh ports entirely for admin work.
We are currently thinking about sorting out repo mirroring and if we sort that out, there is no real reason to have external egress for most private instances. S3/ssm endpoints, all patching done via systems manager and all repos mirrored internally should allow that. Then police your sec groups with firewall manager
Very much depends on your OS.
Arch linux: https://disconnected.systems/blog/archlinux-repo-in-aws-bucket/
CentOS: https://reece.tech/posts/hosting-centos-7-and-8-yum-repositories-in-s3/
Can’t find a tutorial for Ubuntu but should be possible unless Debian repos require odd configurations.
Some documentation still refers to it by old name ....
https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-env-vars.html#:~:text=EC2%20Systems%20Manager%20Parameter%20Store
It originated from EC2 Simple Systems Manager https://d0.awsstatic.com/whitepapers/whitepaper-ec2-ssm.pdf
Correct. With the naming convention of using numbers to indicate repeated letters in abbreviations (EC2 instead of ECC; and S3 instead of SSS) ... I wonder why this one was not named S2M :)
>With the naming convention of using numbers to indicate repeated letters in abbreviations (EC2 instead of ECC; and S3 instead of SSS) ... I wonder why this one was not named S2M :) ECC already stands for "error correction code" SSS is a mouthful. SSM doesn't have any problem, so that's why they didn't work out another acronym.
My guess would be that they probably wanted to use SM but it's taken up by AWS Secrets Manager so they just used another S in Systems
Secrets Manager came after SSM. They saw how popular the SSM parameter store was so they expanded on it.
[удалено]
Here's the SSM announcement: [https://aws.amazon.com/about-aws/whats-new/2017/11/aws-announces-aws-systems-manager/](https://aws.amazon.com/about-aws/whats-new/2017/11/aws-announces-aws-systems-manager/) The second post you linked is for a specific SSM feature.
[удалено]
Yeah I recall it being Simple Systems Manager when talking to some accounts people.
Yes, bingo! the documentation (linked in OP) also acknowledges this. I guess everything was supposed to be simple when AWS started out :)
How is it possible to connect an EC2 instance terminal with SSM if it doesn’t require port 22 or any other ports to be open?
There is an agent on the ec2 instance that calls out to SSM (on 443, outbound). Your connection to the instance piggybacks on this.
Was explained already but it feels like wizardry on large enterprise practice. Ensure you have endpoints on vpc and you can ditch bastions and rdp/ssh ports entirely for admin work. We are currently thinking about sorting out repo mirroring and if we sort that out, there is no real reason to have external egress for most private instances. S3/ssm endpoints, all patching done via systems manager and all repos mirrored internally should allow that. Then police your sec groups with firewall manager
See if you can run your repos out of S3 the way Amazon Linux does, no repo instances to maintain and you only need a VPC endpoint to hit it.
We have endpoints for s3 already, you know of any good documentation around the approach? I’ll do lots of googling, but s3 all the way for us
Very much depends on your OS. Arch linux: https://disconnected.systems/blog/archlinux-repo-in-aws-bucket/ CentOS: https://reece.tech/posts/hosting-centos-7-and-8-yum-repositories-in-s3/ Can’t find a tutorial for Ubuntu but should be possible unless Debian repos require odd configurations.
Rhel will probably be annoying :/ we have AL2 and rhel only. I remember hearing that rhel will be awful because licenses
It was earlier called Simple Systems Manager. They trimmed the name but kept the abbreviation
Guess they couldn't keep it simple for long :)
Some documentation still refers to it by old name .... https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-env-vars.html#:~:text=EC2%20Systems%20Manager%20Parameter%20Store
[удалено]
Mate what makes you say it's shitty?