State Manager is a powerful tool that helps to govern and manage the configuration of a managed system. For example, by using State Manager you can enforce a particular firewall rule for your fleet of managed instances and set that as the required State that needs to be enforced at all times. If the rules change outside of State Manager, it will automatically revert to match the required state's configuration, thus maintaining compliance and enforcing standardization over your environment.

Working with State Manager is quite simple and straightforward. You start off by selecting a state document (JSON based) that specifies the settings you need to configure or maintain your EC2 instances. These documents come predefined and you can create customized versions of them. With the document created, you can then select the individual managed instances, which can be either EC2 instances or even on-premises virtual machines, as well as specify a schedule for when and how often you wish to apply these states. It's that simple!

But before we go ahead with the invocation of our State Manager, let's first understand the concept of state documents a bit better as these documents are the foundation on which your Systems Manager works.

State documents are nothing more than simple JSON-based steps and parameters that define certain actions to be performed by Systems Manager. AWS provides dozens of such documents out of the box, which can be used to perform a variety of tasks such as patching your instances, configuring certain packages, configuring the CloudWatch Log agents, and much more! Additionally, you can even create your own custom document as well! There are three types of documents that are supported by Systems Manager:

• Command: Command documents are leveraged by the Run Command to execute commands over your managed instances. Alternatively, State Manager uses the command documents to apply certain policies as well. These actions can be run on one or more targets at any point during the life cycle of an instance.
• Policy: Used by the State Manager, policy documents are used to enforce a policy on your managed instances.
• Automation: These documents are more often used by the automation service within Systems Manager to perform common maintenance and deployment tasks. We will be learning more about automation documents a bit later in this chapter.

To view System Manager's predefined documents, from the EC2 dashboard navigation pane, select the Documents option under the Systems Manager Shared Resources section. Here you can use any of the predefined documents as per your requirements for State Manager, however let's quickly create a very simple custom document based on the aws:configurePackage definition:

1. To create your own document, select the Create Document option from the Documents dashboard as shown here:

2. In the Create Document wizard, start off by providing a suitable Name for your document. In this case, I've provided the name yoyodev-ssm-configure-packages. Do note that the name cannot contain any spaces.
3. Next, from the Document Type dropdown, select Command as the option type and paste the following JSON code in the Content section as shown here:

    {
          "schemaVersion": "2.0",
          "description": "Install or uninstall the latest version or specified version of LAMP stack.",
          "parameters": {
                "action": {
                      "description": "(Required) Specify whether or not to install or uninstall the package.",
                      "type": "String",
                      "allowedValues": [
                            "Install",
                            "Uninstall"
                      ]
                },
                "name": {
                      "description": "(Required) The LAMP package to install/uninstall.",
                      "type": "String",
                      "allowedValues": [
                            "apache2",
                            "mysql-server",
                            "php"
                      ]
                },
                "version": {
                      "description": "(Optional) A specific version of the package to install or uninstall.",
                      "type": "String",
                      "default": "",
                      "allowedPattern": "(^(?:(\d+)\.)(?:(\d+)\.)(\d+)$|^$)"
                }
          },
          "mainSteps": [{
                "action": "aws:configurePackage",
                "name": "configurePackage",
                "inputs": {
                      "name": "{{ name }}",
                      "action": "{{ action }}",
                      "version": "{{ version }}"
                }
          }]
    }
  

4. With the document pasted, you can now click on Create Document to complete the document creation process.

The document comprises two primary sections: a parameters section, which contains a list of actions to be performed by the document, followed by a mainSteps section that specifies the action, which in this case is the aws:configurePackage to be performed by the document. In this case, the document when invoked will ask the user to select either apache2, mysql-server, or php from the dropdown list followed by an optional version number of the software you select. You can then select whether you wish to install or uninstall this particular package from your fleet of managed EC2 instances and simply execute the document when done!

Now that your custom document is created, let's quickly configure the State Manager to invoke it:

1. From the Systems Manager Services section in the EC2 navigation pane, select the State Manager. In the State Manager dashboard, select the Create Association option to get started with configuring State Manager.
2. Provide a suitable Association Name for your association. Note that this is an optional field and you can skip it if you want.

3. Next, from the Select Document section, filter and select the custom document that we created in our earlier step. On selection, you will notice the subfields change according to what we provided as parameters in the document. Let's quickly configure this and create our association.
4. In the Targets section, select your Dev instance or any of your managed instances which you wish to associate with this State Manager. Finally, go ahead and configure the Schedule that will trigger the association based on either a CRON or a rate schedule.
5. Last but not the least, configure the Action and select the appropriate package Name from the Parameters section as shown in the following screenshot:

6. You can optionally enable the Write to S3 checkbox to log the State Manager's execution in your own custom S3 bucket. For this scenario, I have not selected this option.
7. Finally, complete the State Manager's association process by selecting the Create Association option.

You can now view and modify your associations using the State Manager dashboard. Alternatively, you can even choose to enable your association immediately by selecting the Apply Association Now option as well.

In the next section, we will be looking at yet another simple and easy-to-use feature provided by Systems Manager that helps automate simple instance and deployment tasks, called System Manager Automation!