Interview AWS

What is AWS Systems Manager, and how is Session Manager safer than SSH bastions?

AWS · Advanced level

Answer

Systems Manager provides operational capabilities like Session Manager, Run Command, Patch Manager, Parameter Store, Automation, and Inventory. Session Manager is safer than SSH bastions because it avoids inbound SSH and uses IAM/audit logging.

Technical explanation

Session Manager needs SSM Agent, IAM permissions, and network access to SSM endpoints or the internet.

Operations at scale should prefer managed access, automation, immutable infrastructure, repeatable runbooks, and auditability over manual host-by-host changes.

Troubleshooting should isolate layers: identity, network, host, application, dependency, deployment, and AWS service signals.

Patch, access, AMI, and incident workflows must be tested and measurable so they do not depend on tribal knowledge.

Hands-on example

1. Set up a sandbox EC2 fleet with SSM Agent, IAM instance role, CloudWatch Agent, hardened AMI baseline, and no unnecessary inbound access.

2. Perform the operation through automation: Session Manager, Run Command, Patch Manager, Image Builder, ASG instance refresh, or a runbook.

3. Introduce a realistic failure and use logs, metrics, status checks, and reachability tools to troubleshoot layer by layer.

4. Update the runbook and define the alarm or compliance check that would catch the issue next time.

Preparing for an interview?

Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.

More AWS interview questions

← All AWS questions