Embed Size (px)
Citation preview
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Shashi Prabhakar
Solutions Architect
Aug 1, 2017
AWS Management Tools Deep Dive
Take control over your cloud environment
AWS Management Tools
• Why did we build AWS Management Tools
• What is AWS Management Tools
• Capabilities you need
• Q&A
The challenge
Agility
Control
Visibility
Growth Complexity Cloud
What do you need?
Control over your cloud environment
Provision
resources
Gain
insights
Monitor
and
optimize
AWS Management Tools capabilities
Model and
automate
Gain visibility
Respond to
changes
Optimize
Integrate
Control
Model your cloud with AWS CloudFormation
Template CloudFormation Stack
JSON/YAML formatted file
Parameter definition
Resource creation
Configuration actions
Configured AWS services
Comprehensive service support
Service event aware
Customizable
Framework
Stack creation
Stack updates
Error detection and rollback
• CloudFormation gives developers and systems administrators an easy way
to create and manage a collection of related AWS resources, provisioning
and updating them in an orderly and predictable fashion
AWS CloudFormation key benefits
Infrastructure as Code
Declarative and Flexible
Easy to Use
Supports a Wide Range
of AWS Resources
New Feature Launch: StackSets
What are StackSets?
Allow creation of a common set of AWS resources
across accounts and regions
Provide a container for a collection of AWS
CloudFormation stacks
Stack 2 : A2, us-west1
Stack 3 : A3, us-west -1
Stack 4: A 4, us-west-1
Stack 5: A5, us-west-1
Stack 1: A1, us-west-1
Functionality?
Provisioning multiple accounts with identical AWS
resources
• Set up AWS KMS keys
• Enable AWS CloudTrail
• Standardize Amazon VPCs with peering connections
• Set up common ingress rules
BCDR solutions across multiple regions
• Configure Amazon S3 bucket replication
• Provision Amazon RDS read replicas
Create catalogs of approved resources with
AWS Service Catalog
• AWS Service Catalog allows organizations to create and manage catalogs
of IT services.
• It enables users to quickly deploy the approved IT services they need in a
self-service manner without access to the underlying services in AWS.
Organizations Developers
Control
Standardization
Governance
Agility
Self-service
Time to market
AWS Service Catalog key benefits
Ensure Compliance with Corporate Standards
Help Employees Quickly Find and Deploy Approved IT Services
Centrally Manage IT Service Lifecycle
Demo: Service Catalog
Automate configuration with Amazon EC2
Systems Manager
• Enables automated configuration
• Supports ongoing management of systems at scale
• Works across all of your Windows and Linux workloads
• Runs in Amazon EC2 or on-premises
• Carries no additional charge to use
Amazon EC2 Systems Manager key benefits
Support for hybrid
Architecture
Easy to Use
Automation
Improve Visibility
and Control
Maintain Software
Compliance
Reduce Costs Secure Role-Based
Management
Amazon EC2 Systems Manager capabilities
State Manager Maintenance WindowInventory
Automation Parameter Store
Run Command
Patch manager
Demo: EC2 SSM
AWS OpsWorks
Automate configuration with AWS OpsWorks
for Chef Automate
• Managed Chef Server and Chef Automate
• Suite of automation tools that give you workflow automation for
continuous deployment, automated testing for compliance and
security with Chef
What is Chef?
• Configuration Management Software
• Recipes and Cookbooks
• Chef development kit and toolset
• Community
Commercial offering from Chef Software
Suite of tools built on top of Chef Configuration Management
• Continuous Deployment Pipeline
• Automated compliance testing
• Visibility
What is Chef Automate?
AWS OpsWorks for Chef Automate key benefits
Fully Managed
Chef Server
Programmable Infrastructure Scaling Made Easy
Support from
Active Chef Community
Secure Simple to Manage
Hybrid Environments
Gain visibility with AWS Config
• Get inventory of all your AWS resources
• Discover resources that exist in your account and capture configurations
• Provide rules to ensure resource configurations conform to your internal
best practices and guidelines
AWS Config key benefits
• Enables you to assess, audit, and evaluate the configurations of your AWS resources
• Continuously monitors and records your AWS resource configurations
• Allows you to automate the evaluation of recorded configurations against desired
configurations with Config rules
Continuous Monitoring
Change Management
Continuous Assessment
Operational Troubleshooting
Benefits
AWS Config advanced features
Configurable and Customizable Rules
Configuration History of AWS Resources
• Ensure that all EC2 instances in your cloud infrastructure use AMIs from an
approved list
• Identify managed EC2 instances that are running software packages and
applications that are on the blacklist
• Identify EC2 instances of a specific type or size
• Identify EC2 volumes that are not encrypted.
New Feature Launch: AWS Config Dashboard
An overview of your resources and their compliance with AWS Config rules
Demo: AWS Config + Config Rules
Gain visibility with AWS CloudTrail
• Increase visibility into your user and resource activity
• Discover and troubleshoot security and operational issues by capturing a
comprehensive history of changes that occurred in your AWS account
• Simplify your compliance audits by automatically recording and storing
activity logs for your AWS account
AWS CloudTrail key benefits
• Allows you to log, continuously monitor, and retain events related to API calls across your
AWS infrastructure
• Provides a history of AWS API calls for your account, including API calls made through the
AWS Management Console, AWS SDKs, command line tools, and other AWS services
Simplified Compliance
Security Analysis and
Troubleshooting
Visibility Into User and
Resource Activity
Security Automation
Benefits
Respond to changes with AWS CloudWatch
• Monitoring service for AWS cloud resources and the applications you
run on AWS.
• You can use Amazon CloudWatch to collect and track metrics, collect
and monitor log files, set alarms, and automatically react to changes
in your AWS resources.
AWS CloudWatch key benefits
Monitor Amazon
EC2
Monitor Other
AWS Resources
Monitor Custom
Metrics
Monitor and Store
Logs
Set Alarms View Graphs and
Statistics
Demo: CloudTrail
Optimize with AWS Trusted Advisor
• Get insight into how and
where you can get the most
impact for your AWS spend
• Find opportunities to reduce
your monthly spend and
retain or increase productivity
• Receive guidance on getting
the optimal performance and
availability based on your
requirements
Demo: Trusted Advisor
Integrate with 3rd party tools
AWS Management Tools capabilities
Control
AWS CloudFormation
AWS Service Catalog
EC2 Systems Manager
AWS OpsWorks
AWS Config
AWS CloudTrail
Amazon CloudWatch
AWS Trusted Advisor
Model and
automate
Gain visibility
Respond to
changes
Optimize
Integrate
Where to find AWS Management Tools?
Playbook: AWS Management
CreationCompliant Provisioning, Governance
AWS CloudFormation: Infrastructure as
Code
VerificationMonitoring and Alerting
AWS Config, ConfigRules
AWS CloudTrail
ValidationAuditing
Trusted Advisor/Security
Advisor
AWS CloudTrail,
ConfigRules
- Shifts ownership of dependencies to
developers
- Creates consistency
- Software defined
infrastructure
- Codifies corporate policies
- Identify non-compliant
configuration changes
- Baseline for best practices
-Wide net of best practices
Custom resource support
Governance Export to 3rd party or ELK
based set up for analysis
Reduce risk by catching
common errors:
- Unused instances
- Open firewalls
Co
re
Fu
ncti
on
Key
Ben
efi
t
Po
we
r
Usa
ge
Q&A
