SlideShare a Scribd company logo

Automate Best Practices and Operational Health for AWS Resources with AWS Trusted Advisor and AWS Health - ENT338 - re:Invent 2017

Amazon Web Services
Amazon Web Services

Notice: This Workshop requires a laptop computer and an active AWS account with Administrator privileges. It can be challenging to optimize AWS resources across cost, performance, security, and fault tolerance, much less do it automatically. AWS Trusted Advisor, an online resource, provides real-time guidance to help you provision your resources following AWS best practices. AWS Health provides ongoing visibility into the state of your AWS resources and remediation guidance for resource performance or availability issues that may affect your applications. Learn how to safely automate these best practices using Amazon CloudWatch Events and AWS Lambda, with samples for you to use. We also introduce you to AWS Health tools, a community-based source of tools to automate remediation actions and customize health alerts. See how to automate AWS best practices from Trusted Advisor and implement remediation from the AWS Health API on your AWS resources. Attendees should bring their own laptops.

1 of 46
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS re:Invent Automate Best Practices and Operational Health for AWS Resources with AWS Trusted Advisor and AWS Health T i p u Q u r e s h i H o M i n g L i S c o t t A l l i s o n H a s a n K h a n E N T 3 3 8 N o v e m b e r 3 0 , 2 0 1 7
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What to expect from this session: • Learn about AWS Trusted Advisor best practices • Get familiar with AWS Health and the Personal Health Dashboard (PHD) • Learn how to automate remediation actions and customize Health alerts using AWS Lambda and Amazon CloudWatch events
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What’s in your AWS accounts?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. As you expand and change, entropy starts increasing
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Too much complexity… it’s time to optimize!
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What is Trusted Advisor? AWS Trusted Advisor (TA) provides best practices (or checks) in four categories: cost optimization, security, fault tolerance, and performance improvement. Red (action recommended) Yellow (investigation recommended) Green (no problem detected)
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Trusted Advisor Over 50 million recommendations provided to AWS customers resulted in $500M+ in cost savings for users of Trusted Advisor
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How does it work?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Case study: Hungama Digital Media “We estimate an average 33 percent monthly savings on our total AWS spend.” - Amit Vora, CTO for Hungama How did Trusted Advisor help Hungama? It highlighted the three following things: • Underutilized EC2 Instances • Amazon EC2 Reserved Instances • Underutilized Amazon EBS Volumes
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. New features CloudWatch Metrics Integration • Shows check status trends over time • Allows custom service limit alert thresholds • Provides customizable alerts for individual checks Service Limit Dashboard • Provides detailed data about service utilization against 39 limits across 10 services • Each limit is an independently refreshable and retrievable check
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Using Trusted Advisor as a web service Poll a Trusted Advisor check for status changes Request a Trusted Advisor check result describeTrustedAdvisorCheckResult(checkResultRequest); DescribeTrustedAdvisorCheckRefreshStatusesResult .withCheckIds(java.util.Arrays.asList(checkId)));
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Building automation AWS Trusted Advisor AWS Lambda Actions on AWS resources Amazon CloudWatch Events Notifications
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. With (not so) great automation come great risks Production databases/instances could be considered idle - Low traffic period - Different system resource (ex: memory) might be in use
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automation setup—safety first! Tag resources subject to TA optimization actions Create an IAM policy and role for the Lambda function to use Setup up a CloudWatch event rule to trigger the Lambda function Setup the Lambda function to take actions recommended by Trusted Advisor
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Let’s look at an example You, an AWS customer, use many EC2 instances to power your applications. But how do you know that the instances you pay for are being fully utilized? • Are the instances you’ve purchased the right size for the workloads you have? • Can you achieve cost-savings by combining workloads from several instances onto a single instance?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scenario 1 Stop Low Utilization EC2 Instances amzn.to/WorkshopAutomateTAHealth T r u s t e d A d v i s o r A u t o m a t i o n
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Low Utilization Amazon EC2 Instances Warns when EC2 instances appear to be underused Alert Criteria Yellow: An instance had 10% or less daily average CPU utilization and 5 MB or less network I/O on at least 4 of the previous 14 days Recommended Action Consider stopping or terminating instances that have low utilization
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Show me the money!
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Examples available in GitHub https://github.com/aws/Trusted-Advisor-Tools Trusted Advisor Best Practices https://aws.amazon.com/premiumsupport/trustedadvisor/best-practices/
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Health and Personal Health Dashboard (PHD) AWS service health, notifications, and automation
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PHD Amazon CloudWatch Events AWS Health and Personal Health Dashboard Visibility and transparency into your resources Custom notifications and automated actions Remediation guidance and knowledge articles
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Personal Health Dashboard
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Increased transparency and visibility: - Service Health Dashboard too generic - Increased transparency into underlying infrastructure - Remediation guidance for faster time-to-resolution - AWS Health API for easy integration - Custom notifications with predictable delivery - Automated actions for auto-remediation
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How does the Personal Health Dashboard work?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS services and resources you use Personal Health Dashboard ••describe-events ••describe-event-details ••describe-affected-entities ••… API ••Set rules to extract events of interest ••Set targets for rules (Amazon SNS, Amazon SQS, AWS Lambda, Amazon Kinesis) Push notifications through CloudWatch Events Health Service In-house or third-party monitoring and event management systems
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Collects AWS Service changes and pulls them into Datadog • Creates events with structured title, tags, description, and affected entities • Datadog customers can view these in a feed, add them to dashboards, and create alerts to get notified as soon as AWS is having issues AWS Health <> Datadog integration
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Getting started with the Personal Health Dashboard - From AWS Service Health Dashboard - From AWS website - From AWS Management Console navigation bar alert
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Tools • Automated actions in response to AWS Health events • Open source, community driven • Customized alerts in response to AWS Health events
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How does it work?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scenario 2 Send Custom Texts When an Issue Occurs amzn.to/WorkshopAutomateTAHealth A W S H e a l t h A u t o m a t i o n
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. This tool can be used to send custom text or SMS notifications via Amazon SNS when an AWS Health event happens by using AWS Lambda and Amazon CloudWatch Events https://github.com/aws/aws-health-tools/tree/master/sms-notifier Launch the CloudFormation Stack AWS Health SMS Notifier
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. It could be done with Slack, too!
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scenario 3 Pause a Deployment When an Issue Occurs amzn.to/WorkshopAutomateTAHealth A W S H e a l t h A u t o m a t i o n
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Health Issue: Amazon CloudWatch event trigger AWS CodePipeline disable stage transition using AWS Lambda You can automatically stop a deployment when an Amazon EC2 issue occurs by disabling the stage transition in AWS Code Pipeline in response to an AWS Health Issue CloudWatch event
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS CodePipeline stage transition disabled:
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scenario 4 Stop and Start EC2 Instances Automatically When a Retirement Notification is Received (Extra Credit) A W S H e a l t h A u t o m a t i o n amzn.to/WorkshopAutomateTAHealth
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon EC2 Systems Manager A set of capabilities that... ...enable automated configuration... ...and ongoing management of systems at scale... ...across all of your Windows and Linux workloads... ...running in Amazon EC2 or on-premises… ...at no charge; only pay for AWS resources you manage
Amazon EC2 Systems Manager Run Command State Manager Inventory Maintenance Window Patch Manager Automation Parameter Store
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Take action on retired EC2 instances
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Conclusion You can leverage AWS Trusted Advisor and AWS Health to automate best practices and operational health. The samples in the following open-source repos make it easy: https://github.com/aws/aws-health-tools https://github.com/aws/Trusted-Advisor-Tools/
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you!

Recommended

AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best PracticesAmazon Web Services
 
Aws config
Aws configAws config
Aws configShagun Rathore
 
Vpc (virtual private cloud)
Vpc (virtual private cloud)Vpc (virtual private cloud)
Vpc (virtual private cloud)RashmiDhanve
 
AWS EC2
AWS EC2AWS EC2
AWS EC2Mahesh Raj
 
Introduction to Amazon Relational Database Service
Introduction to Amazon Relational Database ServiceIntroduction to Amazon Relational Database Service
Introduction to Amazon Relational Database ServiceAmazon Web Services
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Amazon Web Services
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design Amazon Web Services
 

Recommended

AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best PracticesAmazon Web Services
 
Aws config
Aws configAws config
Aws configShagun Rathore
 
Vpc (virtual private cloud)
Vpc (virtual private cloud)Vpc (virtual private cloud)
Vpc (virtual private cloud)RashmiDhanve
 
AWS EC2
AWS EC2AWS EC2
AWS EC2Mahesh Raj
 
Introduction to Amazon Relational Database Service
Introduction to Amazon Relational Database ServiceIntroduction to Amazon Relational Database Service
Introduction to Amazon Relational Database ServiceAmazon Web Services
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Amazon Web Services
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design Amazon Web Services
 
Getting Started with Serverless Architectures
Getting Started with Serverless ArchitecturesGetting Started with Serverless Architectures
Getting Started with Serverless ArchitecturesAmazon Web Services
 
AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...
AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...
AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...Edureka!
 
AWS VPC Fundamentals- Webinar
AWS VPC Fundamentals- WebinarAWS VPC Fundamentals- Webinar
AWS VPC Fundamentals- WebinarAmazon Web Services LATAM
 
Getting Started with AWS Lambda and Serverless
Getting Started with AWS Lambda and ServerlessGetting Started with AWS Lambda and Serverless
Getting Started with AWS Lambda and ServerlessAmazon Web Services
 
Serverless computing with AWS Lambda
Serverless computing with AWS Lambda Serverless computing with AWS Lambda
Serverless computing with AWS Lambda Apigee | Google Cloud
 
Aws route 53
Aws route 53Aws route 53
Aws route 53Rafael Salerno de Oliveira
 
AWS S3 Tutorial For Beginners | Edureka
AWS S3 Tutorial For Beginners | EdurekaAWS S3 Tutorial For Beginners | Edureka
AWS S3 Tutorial For Beginners | EdurekaEdureka!
 
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Amazon Web Services
 
IAM Introduction
IAM IntroductionIAM Introduction
IAM IntroductionAmazon Web Services
 
Storage with Amazon S3 and Amazon Glacier
Storage with Amazon S3 and Amazon GlacierStorage with Amazon S3 and Amazon Glacier
Storage with Amazon S3 and Amazon GlacierAmazon Web Services
 
AWS Elastic Compute Cloud (EC2)
AWS Elastic Compute Cloud (EC2) AWS Elastic Compute Cloud (EC2)
AWS Elastic Compute Cloud (EC2) zekeLabs Technologies
 
AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...
AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...
AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...Simplilearn
 
AWS VPC & Networking basic concepts
AWS VPC & Networking basic conceptsAWS VPC & Networking basic concepts
AWS VPC & Networking basic conceptsAbhinav Kumar
 
AWS CloudFormation Masterclass
AWS CloudFormation MasterclassAWS CloudFormation Masterclass
AWS CloudFormation MasterclassAmazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
AWS 101: Introduction to AWS
AWS 101: Introduction to AWSAWS 101: Introduction to AWS
AWS 101: Introduction to AWSIan Massingham
 
AWS Lambda
AWS LambdaAWS Lambda
AWS LambdaScott Leberknight
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatchAmazon Web Services
 
VPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPCVPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPCAmazon Web Services
 
AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar Amazon Web Services
 
Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference
Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference
Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference Amazon Web Services
 
Cost Optimisation Solutions on AWS
Cost Optimisation Solutions on AWS Cost Optimisation Solutions on AWS
Cost Optimisation Solutions on AWS Amazon Web Services
 

More Related Content

What's hot

Getting Started with Serverless Architectures
Getting Started with Serverless ArchitecturesGetting Started with Serverless Architectures
Getting Started with Serverless ArchitecturesAmazon Web Services
 
AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...
AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...
AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...Edureka!
 
Getting Started with AWS Lambda and Serverless
Getting Started with AWS Lambda and ServerlessGetting Started with AWS Lambda and Serverless
Getting Started with AWS Lambda and ServerlessAmazon Web Services
 
Serverless computing with AWS Lambda
Serverless computing with AWS Lambda Serverless computing with AWS Lambda
Serverless computing with AWS Lambda Apigee | Google Cloud
 
AWS S3 Tutorial For Beginners | Edureka
AWS S3 Tutorial For Beginners | EdurekaAWS S3 Tutorial For Beginners | Edureka
AWS S3 Tutorial For Beginners | EdurekaEdureka!
 
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Amazon Web Services
 
Storage with Amazon S3 and Amazon Glacier
Storage with Amazon S3 and Amazon GlacierStorage with Amazon S3 and Amazon Glacier
Storage with Amazon S3 and Amazon GlacierAmazon Web Services
 
AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...
AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...
AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...Simplilearn
 
AWS VPC & Networking basic concepts
AWS VPC & Networking basic conceptsAWS VPC & Networking basic concepts
AWS VPC & Networking basic conceptsAbhinav Kumar
 
AWS 101: Introduction to AWS
AWS 101: Introduction to AWSAWS 101: Introduction to AWS
AWS 101: Introduction to AWSIan Massingham
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatchAmazon Web Services
 
VPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPCVPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPCAmazon Web Services
 
AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar Amazon Web Services
 

What's hot (20)

Getting Started with Serverless Architectures
Getting Started with Serverless ArchitecturesGetting Started with Serverless Architectures
Getting Started with Serverless Architectures
 
AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...
AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...
AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...
 
AWS VPC Fundamentals- Webinar
AWS VPC Fundamentals- WebinarAWS VPC Fundamentals- Webinar
AWS VPC Fundamentals- Webinar
 
Getting Started with AWS Lambda and Serverless
Getting Started with AWS Lambda and ServerlessGetting Started with AWS Lambda and Serverless
Getting Started with AWS Lambda and Serverless
 
Serverless computing with AWS Lambda
Serverless computing with AWS Lambda Serverless computing with AWS Lambda
Serverless computing with AWS Lambda
 
Aws route 53
Aws route 53Aws route 53
Aws route 53
 
AWS S3 Tutorial For Beginners | Edureka
AWS S3 Tutorial For Beginners | EdurekaAWS S3 Tutorial For Beginners | Edureka
AWS S3 Tutorial For Beginners | Edureka
 
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
 
IAM Introduction
IAM IntroductionIAM Introduction
IAM Introduction
 
Storage with Amazon S3 and Amazon Glacier
Storage with Amazon S3 and Amazon GlacierStorage with Amazon S3 and Amazon Glacier
Storage with Amazon S3 and Amazon Glacier
 
AWS Elastic Compute Cloud (EC2)
AWS Elastic Compute Cloud (EC2) AWS Elastic Compute Cloud (EC2)
AWS Elastic Compute Cloud (EC2)
 
AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...
AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...
AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...
 
AWS VPC & Networking basic concepts
AWS VPC & Networking basic conceptsAWS VPC & Networking basic concepts
AWS VPC & Networking basic concepts
 
AWS CloudFormation Masterclass
AWS CloudFormation MasterclassAWS CloudFormation Masterclass
AWS CloudFormation Masterclass
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
AWS 101: Introduction to AWS
AWS 101: Introduction to AWSAWS 101: Introduction to AWS
AWS 101: Introduction to AWS
 
AWS Lambda
AWS LambdaAWS Lambda
AWS Lambda
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
 
VPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPCVPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPC
 
AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar
 

Similar to Automate Best Practices and Operational Health for AWS Resources with AWS Trusted Advisor and AWS Health - ENT338 - re:Invent 2017

Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference
Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference
Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference Amazon Web Services
 
Cost Optimisation Solutions on AWS
Cost Optimisation Solutions on AWS Cost Optimisation Solutions on AWS
Cost Optimisation Solutions on AWS Amazon Web Services
 
How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017
How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017
How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017Amazon Web Services
 
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...Amazon Web Services
 
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Amazon Web Services
 
ARC325_Managing Multiple AWS Accounts at Scale
ARC325_Managing Multiple AWS Accounts at ScaleARC325_Managing Multiple AWS Accounts at Scale
ARC325_Managing Multiple AWS Accounts at ScaleAmazon Web Services
 
SID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security TeamSID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security TeamAmazon Web Services
 
GPSTEC302_Anti-Patterns- Learning through Failure
GPSTEC302_Anti-Patterns- Learning through FailureGPSTEC302_Anti-Patterns- Learning through Failure
GPSTEC302_Anti-Patterns- Learning through FailureAmazon Web Services
 
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Amazon Web Services
 
Using AWS Management Tools to Enable Governance, Compliance, Operational, and...
Using AWS Management Tools to Enable Governance, Compliance, Operational, and...Using AWS Management Tools to Enable Governance, Compliance, Operational, and...
Using AWS Management Tools to Enable Governance, Compliance, Operational, and...Amazon Web Services
 
Optimize Performance and Reduce Risk Using AWS Support Tools (ENT316-R1) - AW...
Optimize Performance and Reduce Risk Using AWS Support Tools (ENT316-R1) - AW...Optimize Performance and Reduce Risk Using AWS Support Tools (ENT316-R1) - AW...
Optimize Performance and Reduce Risk Using AWS Support Tools (ENT316-R1) - AW...Amazon Web Services
 
AWS Webinar CZSK Uvod do cloud computingu
AWS Webinar CZSK Uvod do cloud computinguAWS Webinar CZSK Uvod do cloud computingu
AWS Webinar CZSK Uvod do cloud computinguVladimir Simek
 
MSC204_Leverage AWS Marketplace to accelerate production ready workloads
MSC204_Leverage AWS Marketplace to accelerate production ready workloadsMSC204_Leverage AWS Marketplace to accelerate production ready workloads
MSC204_Leverage AWS Marketplace to accelerate production ready workloadsAmazon Web Services
 
Leverage AWS Marketplace to Accelerate Production-Ready Workloads - MSC204 - ...
Leverage AWS Marketplace to Accelerate Production-Ready Workloads - MSC204 - ...Leverage AWS Marketplace to Accelerate Production-Ready Workloads - MSC204 - ...
Leverage AWS Marketplace to Accelerate Production-Ready Workloads - MSC204 - ...Amazon Web Services
 
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Amazon Web Services
 
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...Amazon Web Services
 
SID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategySID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategyAmazon Web Services
 
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Amazon Web Services
 

Similar to Automate Best Practices and Operational Health for AWS Resources with AWS Trusted Advisor and AWS Health - ENT338 - re:Invent 2017 (20)

Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference
Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference
Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference
 
Cost Optimisation Solutions on AWS
Cost Optimisation Solutions on AWS Cost Optimisation Solutions on AWS
Cost Optimisation Solutions on AWS
 
How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017
How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017
How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017
 
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...
 
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
 
ARC325_Managing Multiple AWS Accounts at Scale
ARC325_Managing Multiple AWS Accounts at ScaleARC325_Managing Multiple AWS Accounts at Scale
ARC325_Managing Multiple AWS Accounts at Scale
 
AWS Cost Optimisation Solutions
AWS Cost Optimisation SolutionsAWS Cost Optimisation Solutions
AWS Cost Optimisation Solutions
 
SID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security TeamSID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security Team
 
GPSTEC302_Anti-Patterns- Learning through Failure
GPSTEC302_Anti-Patterns- Learning through FailureGPSTEC302_Anti-Patterns- Learning through Failure
GPSTEC302_Anti-Patterns- Learning through Failure
 
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
 
Using AWS Management Tools to Enable Governance, Compliance, Operational, and...
Using AWS Management Tools to Enable Governance, Compliance, Operational, and...Using AWS Management Tools to Enable Governance, Compliance, Operational, and...
Using AWS Management Tools to Enable Governance, Compliance, Operational, and...
 
Getting Started with AWS
Getting Started with AWSGetting Started with AWS
Getting Started with AWS
 
Optimize Performance and Reduce Risk Using AWS Support Tools (ENT316-R1) - AW...
Optimize Performance and Reduce Risk Using AWS Support Tools (ENT316-R1) - AW...Optimize Performance and Reduce Risk Using AWS Support Tools (ENT316-R1) - AW...
Optimize Performance and Reduce Risk Using AWS Support Tools (ENT316-R1) - AW...
 
AWS Webinar CZSK Uvod do cloud computingu
AWS Webinar CZSK Uvod do cloud computinguAWS Webinar CZSK Uvod do cloud computingu
AWS Webinar CZSK Uvod do cloud computingu
 
MSC204_Leverage AWS Marketplace to accelerate production ready workloads
MSC204_Leverage AWS Marketplace to accelerate production ready workloadsMSC204_Leverage AWS Marketplace to accelerate production ready workloads
MSC204_Leverage AWS Marketplace to accelerate production ready workloads
 
Leverage AWS Marketplace to Accelerate Production-Ready Workloads - MSC204 - ...
Leverage AWS Marketplace to Accelerate Production-Ready Workloads - MSC204 - ...Leverage AWS Marketplace to Accelerate Production-Ready Workloads - MSC204 - ...
Leverage AWS Marketplace to Accelerate Production-Ready Workloads - MSC204 - ...
 
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
 
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...
 
SID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategySID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account Strategy
 
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Automate Best Practices and Operational Health for AWS Resources with AWS Trusted Advisor and AWS Health - ENT338 - re:Invent 2017

  • 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS re:Invent Automate Best Practices and Operational Health for AWS Resources with AWS Trusted Advisor and AWS Health T i p u Q u r e s h i H o M i n g L i S c o t t A l l i s o n H a s a n K h a n E N T 3 3 8 N o v e m b e r 3 0 , 2 0 1 7
  • 2. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What to expect from this session: • Learn about AWS Trusted Advisor best practices • Get familiar with AWS Health and the Personal Health Dashboard (PHD) • Learn how to automate remediation actions and customize Health alerts using AWS Lambda and Amazon CloudWatch events
  • 3. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What’s in your AWS accounts?
  • 4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. As you expand and change, entropy starts increasing
  • 5. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Too much complexity… it’s time to optimize!
  • 6. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What is Trusted Advisor? AWS Trusted Advisor (TA) provides best practices (or checks) in four categories: cost optimization, security, fault tolerance, and performance improvement. Red (action recommended) Yellow (investigation recommended) Green (no problem detected)
  • 7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Trusted Advisor Over 50 million recommendations provided to AWS customers resulted in $500M+ in cost savings for users of Trusted Advisor
  • 8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How does it work?
  • 9. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Case study: Hungama Digital Media “We estimate an average 33 percent monthly savings on our total AWS spend.” - Amit Vora, CTO for Hungama How did Trusted Advisor help Hungama? It highlighted the three following things: • Underutilized EC2 Instances • Amazon EC2 Reserved Instances • Underutilized Amazon EBS Volumes
  • 10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. New features CloudWatch Metrics Integration • Shows check status trends over time • Allows custom service limit alert thresholds • Provides customizable alerts for individual checks Service Limit Dashboard • Provides detailed data about service utilization against 39 limits across 10 services • Each limit is an independently refreshable and retrievable check
  • 11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Using Trusted Advisor as a web service Poll a Trusted Advisor check for status changes Request a Trusted Advisor check result describeTrustedAdvisorCheckResult(checkResultRequest); DescribeTrustedAdvisorCheckRefreshStatusesResult .withCheckIds(java.util.Arrays.asList(checkId)));
  • 12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Building automation AWS Trusted Advisor AWS Lambda Actions on AWS resources Amazon CloudWatch Events Notifications
  • 13. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. With (not so) great automation come great risks Production databases/instances could be considered idle - Low traffic period - Different system resource (ex: memory) might be in use
  • 14. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automation setup—safety first! Tag resources subject to TA optimization actions Create an IAM policy and role for the Lambda function to use Setup up a CloudWatch event rule to trigger the Lambda function Setup the Lambda function to take actions recommended by Trusted Advisor
  • 15. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Let’s look at an example You, an AWS customer, use many EC2 instances to power your applications. But how do you know that the instances you pay for are being fully utilized? • Are the instances you’ve purchased the right size for the workloads you have? • Can you achieve cost-savings by combining workloads from several instances onto a single instance?
  • 16. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scenario 1 Stop Low Utilization EC2 Instances amzn.to/WorkshopAutomateTAHealth T r u s t e d A d v i s o r A u t o m a t i o n
  • 17. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Low Utilization Amazon EC2 Instances Warns when EC2 instances appear to be underused Alert Criteria Yellow: An instance had 10% or less daily average CPU utilization and 5 MB or less network I/O on at least 4 of the previous 14 days Recommended Action Consider stopping or terminating instances that have low utilization
  • 18. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Show me the money!
  • 19. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 20. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 21. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 22. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Examples available in GitHub https://github.com/aws/Trusted-Advisor-Tools Trusted Advisor Best Practices https://aws.amazon.com/premiumsupport/trustedadvisor/best-practices/
  • 23. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Health and Personal Health Dashboard (PHD) AWS service health, notifications, and automation
  • 24. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PHD Amazon CloudWatch Events AWS Health and Personal Health Dashboard Visibility and transparency into your resources Custom notifications and automated actions Remediation guidance and knowledge articles
  • 25. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Personal Health Dashboard
  • 26. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Increased transparency and visibility: - Service Health Dashboard too generic - Increased transparency into underlying infrastructure - Remediation guidance for faster time-to-resolution - AWS Health API for easy integration - Custom notifications with predictable delivery - Automated actions for auto-remediation
  • 27. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How does the Personal Health Dashboard work?
  • 28. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS services and resources you use Personal Health Dashboard ••describe-events ••describe-event-details ••describe-affected-entities ••… API ••Set rules to extract events of interest ••Set targets for rules (Amazon SNS, Amazon SQS, AWS Lambda, Amazon Kinesis) Push notifications through CloudWatch Events Health Service In-house or third-party monitoring and event management systems
  • 29. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Collects AWS Service changes and pulls them into Datadog • Creates events with structured title, tags, description, and affected entities • Datadog customers can view these in a feed, add them to dashboards, and create alerts to get notified as soon as AWS is having issues AWS Health <> Datadog integration
  • 30. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Getting started with the Personal Health Dashboard - From AWS Service Health Dashboard - From AWS website - From AWS Management Console navigation bar alert
  • 31. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Tools • Automated actions in response to AWS Health events • Open source, community driven • Customized alerts in response to AWS Health events
  • 32. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How does it work?
  • 33. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scenario 2 Send Custom Texts When an Issue Occurs amzn.to/WorkshopAutomateTAHealth A W S H e a l t h A u t o m a t i o n
  • 34. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. This tool can be used to send custom text or SMS notifications via Amazon SNS when an AWS Health event happens by using AWS Lambda and Amazon CloudWatch Events https://github.com/aws/aws-health-tools/tree/master/sms-notifier Launch the CloudFormation Stack AWS Health SMS Notifier
  • 35. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. It could be done with Slack, too!
  • 36. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scenario 3 Pause a Deployment When an Issue Occurs amzn.to/WorkshopAutomateTAHealth A W S H e a l t h A u t o m a t i o n
  • 37. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Health Issue: Amazon CloudWatch event trigger AWS CodePipeline disable stage transition using AWS Lambda You can automatically stop a deployment when an Amazon EC2 issue occurs by disabling the stage transition in AWS Code Pipeline in response to an AWS Health Issue CloudWatch event
  • 38. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 39. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 40. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS CodePipeline stage transition disabled:
  • 41. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scenario 4 Stop and Start EC2 Instances Automatically When a Retirement Notification is Received (Extra Credit) A W S H e a l t h A u t o m a t i o n amzn.to/WorkshopAutomateTAHealth
  • 42. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon EC2 Systems Manager A set of capabilities that... ...enable automated configuration... ...and ongoing management of systems at scale... ...across all of your Windows and Linux workloads... ...running in Amazon EC2 or on-premises… ...at no charge; only pay for AWS resources you manage
  • 43. Amazon EC2 Systems Manager Run Command State Manager Inventory Maintenance Window Patch Manager Automation Parameter Store
  • 44. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Take action on retired EC2 instances
  • 45. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Conclusion You can leverage AWS Trusted Advisor and AWS Health to automate best practices and operational health. The samples in the following open-source repos make it easy: https://github.com/aws/aws-health-tools https://github.com/aws/Trusted-Advisor-Tools/
  • 46. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you!