What functionality does SSM Session Manager offer for EC2 instances?

SSM Session Manager provides the functionality of interactive session management without requiring SSH or RDP to connect to EC2 instances. This means that users can initiate a secure shell access to their instances directly through the AWS Management Console, AWS CLI, or SDKs, which eliminates the need to manage SSH keys or open inbound ports in the security groups associated with the instances.

Using Session Manager enhances security because it allows access to EC2 instances in a more controlled environment. It leverages AWS Identity and Access Management (IAM) for authorization and offers a centralized logging feature, allowing administrators to track all actions taken in the session. Moreover, since the communication is managed through the AWS infrastructure, it helps in maintaining the security of the instances by preventing direct exposure to the internet.

The other options describe separate functionalities and do not pertain to the capabilities offered by Session Manager. Automated patch management relates to AWS Systems Manager Patch Manager, securely storing configuration data relates to AWS Systems Manager Parameter Store, while tracking AWS service costs pertains to AWS Cost Explorer. None of these features are offered by Session Manager, reinforcing that the correct functionality focuses solely on interactive session management without traditional access methods.