Actions stipulate what functions SSM can perform on your resources, and this can be broken down into the following sections:

• Automation: This is a feature that allows you to perform automated maintenance tasks that may otherwise require some form of scheduled script of manual effort. As a few examples of the capabilities of automation actions you can do the following:
  • Update AMIs with applications installs and agents allowing you to ensure your AMIs are always up to date
  • Install the latest updates for drivers
  • Update the OS with the latest updates ensuring known security risks are removed
  • Perform password/SSH key resets for your Windows/Linux instances
• Run Command: This is a very useful tool that allows you to perform updates to multiple instances at a time by remotely executing scripted commands. For an example of how this works and if you want to test this Run Command yourself, you can view this tutorial here, which will guide you through the relevant step: https://aws.amazon.com/getting-started/tutorials/remotely-run-commands-ec2-instance-systems-manager/.
• Patch Manager: This is very self-explanatory: it allows you to automate the installation of patching your EC2/virtual servers. It also allows you to review the current status of your resources by identifying any missing patches. Through the use of trusted sources via configured baselines, you are able to determine where the update or security patch is installed from to ensure it is an approved patch.
• Maintenance Windows: As expected, this action allows you to define a window for scheduled maintenance against your resources, for example performing some of the actions defined in the automation section mentioned previously. The windows itself are defined by a time frame, along with the resources associated with that window and the specific actions or tasks that can take place.
• State Manager: This actions allows you to specify and define a particular state for your resources through an automated configuration management process, for example, allowing you to run specific bootstrap data that would install certain software during the start-up of an EC2 instance, or perhaps you could use state management to set specific network configuration settings across your instances.