Skip to content

SYSTEM Cited by 2 sources

AWS Systems Manager (SSM)

AWS Systems Manager (SSM) is AWS's managed-instance control plane — a family of sub-services sharing the ssm API surface, most of which are orthogonal to this wiki's focus. Two sub-services show up in ingested sources and have their own pages:

  • Parameter Store — hierarchical configuration KV store with built-in versioning + EventBridge change events; the canonical managed alternative to DIY config stores.
  • Session Manager — IAM-authenticated shell / port-forward tunnel to managed compute without inbound ports or bastion hosts (detailed below).

Stub page: expand as sources cite more SSM subsystems.

Session Manager — why it matters to this wiki

SSM Session Manager is the substrate under the SageMaker AI StartSession API — the "SSH-over-SSM" pattern that lets local IDEs tunnel into otherwise-isolated managed-compute environments. See patterns/secure-tunnel-to-managed-compute and sources/2025-08-06-allthingsdistributed-removing-friction-sagemaker-ai-development for the SageMaker application.

The architectural shape is:

  • Control plane = SSM service (IAM auth, policy, session orchestration, audit logging).
  • Data plane = SSM Agent on the target + outbound WebSocket back to SSM → client streams through SSM as a relay.
  • Target never exposes an inbound port. No network ACL changes needed.

This is an instance of concepts/control-plane-data-plane-separation applied to remote access.

Seen in

Last updated · 200 distilled / 1,178 read