Systems Manager
AWS Systems Manager (SSM)
Overview
AWS Systems Manager integration - regscale aws sync_ssm - assesses configuration and patch management (CM-2, CM-6, SI-2, CM-3, CM-8).
Command Syntax
regscale aws sync_ssm [OPTIONS]
Basic Usage
# Sync SSM configuration with evidence
regscale aws sync_ssm --regscale-id 123 --create-evidence
# Filter by account and tags
regscale aws sync_ssm \
--regscale-id 123 \
--account-id 123456789012 \
--tags Environment=Production
# Link to specific controls
regscale aws sync_ssm \
--regscale-id 123 \
--create-evidence \
--evidence-control-ids CM-2,CM-6,SI-2
Evidence Collection Options
| Option | Description | Default |
|---|---|---|
--create-evidence | Enable evidence collection | False |
--create-ssp-attachment | Create evidence as SSP attachment (default: True) | |
--evidence-control-ids | Comma-separated list of control IDs (e.g., 'CM-2,CM-6,SI-2,CM-3,CM-8') | All controls |
--evidence-frequency | Evidence update frequency in days | 30 |
Collect Evidence for Specific Controls
regscale aws sync_ssm --regscale-id 123 \
--create-evidence \
--evidence-control-ids CM-2,CM-6,SI-2
Evidence Collected
- Managed instance inventory and compliance status
- Patch baseline configurations
- Patch compliance summaries
- Parameter Store parameters
- State Manager associations
- SSM documents
- Maintenance windows
NIST 800-53 Controls Assessed
- CM-2: Baseline Configuration
- CM-3: Configuration Change Control
- CM-6: Configuration Settings
- CM-8: System Component Inventory
- SI-2: Flaw Remediation
What Gets Created in RegScale
- Control Assessments: CM and SI family controls
- Evidence: Managed instances, patch baselines, compliance status, Parameter Store
- Issues: Non-compliant patch status, missing associations
Common Use Cases
# Patch management compliance
regscale aws sync_ssm \
--regscale-id 123 \
--create-evidence \
--evidence-control-ids CM-2,CM-6,SI-2 \
--tags Environment=Production \
--create-issues \
--create-poams
Updated 3 days ago