Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

ENT302 Deep Dive on AWS Management Tools


Published on

As companies shift workloads into the cloud, IT organizations are required to manage an increasing number of cloud resources. AWS provides a broad set of services that help IT organizations with provisioning, tracking, auditing, configuration management, and cost management of their AWS resources. In this session, we will explore the AWS Management Tools suite of services that support the lifecycle management of AWS resources at scale and enable IT governance and compliance. The Deep Dive on AWS Management Tools session will benefit both new and experienced IT administrators, systems administrators, and developers operating infrastructure on AWS and interested in learning about the AWS resource management capabilities.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

ENT302 Deep Dive on AWS Management Tools

  1. 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Sid Gupta AWS Product Management July 26, 2017 Deep Dive on AWS Management Tools Lifecycle Management of Cloud Resources at Scale
  2. 2. What to expect from this session • Why did we build AWS Management Tools? • AWS Management Tools capabilities • Feature launch: CloudFormation StackSets • Feature launch: AWS Config Dashboard • Q&A
  3. 3. The challenge Agility Control Visibility Growth Complexity Cloud
  4. 4. What capabilities do you need? Control over your cloud environment Provision resources Gain visibility Monitor and optimize
  5. 5. AWS Management Tools capabilities Model and automate Gain visibility Respond to changes Optimize Integrate Control
  6. 6. Model your cloud with AWS CloudFormation Template AWS CloudFormation Stack JSON formatted file Parameter definition Resource creation Configuration actions Configured AWS services Comprehensive service support Service event aware Customizable Framework Stack creation Stack updates Error detection and rollback • AWS CloudFormation gives developers and systems administrators an easy way to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion
  7. 7. AWS CloudFormation key benefits Infrastructure as code Declarative and flexible Easy to use Supports a wide range of AWS resources
  8. 8. New Feature Launch: CloudFormation StackSets
  9. 9. What are StackSets? • Allow creation of a stack across accounts and regions via a common template • Provide a container for a collection of AWS CloudFormation stacks Stack 2 : A2, us-west1 Stack 3 : A3, us-west -1 Stack 4: A 4, us-west-1 Stack 5: A5, us-west-1 Stack 1: A1, us-west-1
  10. 10. Use Cases Provisioning multiple accounts with identical AWS resources • Enable AWS CloudTrail • Set up AWS KMS keys • Turn on Config Rules • Standardize Amazon VPCs with peering connections • Set up common ingress rules BC/DR solutions across multiple regions • Configure Amazon S3 bucket replication • Provision Amazon RDS read replicas
  11. 11. Prerequisites • Determine which AWS account is the master account • Determine which accounts are the target accounts • Create IAM roles that establish the correct master and target account trust relationship
  12. 12. How to use StackSets? 1. Select a template from a set of pre-defined sample templates or provide your own template. 2. Define the set of accounts and regions to provision stacks into. 3. Define how the stacks should be provisioned across the accounts and regions …..AWS CloudFormation takes care of the rest
  13. 13. Operations on a StackSet? • Create/delete a StackSet • Add/remove stacks in a StackSet • Update stacks in a StackSet • Cancel operations like Add, Update, Remove
  14. 14. Examples of templates available by default
  15. 15. Customer Testimonial “StackSets presents the opportunity for significant time savings while increasing adherence to golden configurations across multiple accounts.” - Aater Suleman, Flux7 CEO
  16. 16. Gain visibility with AWS Config • Automatically discover resources in your account (resource inventory) • Captures configuration of the resource and tracks all changes • Provides rules to ensure resource configurations conform to your internal best practices and guidelines
  17. 17. AWS Config key benefits • Continuously monitors and records your AWS resource configurations • Continuously assesses the configuration of your AWS resources against desired configurations using AWS Config rules Continuous monitoring Change management Continuous assessment Operational troubleshooting Benefits
  18. 18. AWS Config advanced features Configurable and customizable rules Configuration history of AWS resources • Identify EC2 volumes that are not encrypted. • Ensure that all EC2 instances in your cloud infrastructure use AMIs from an approved list • Identify managed EC2 instances that are running software packages and applications that are on the blacklist • Comply with CIS benchmarks, HIPAA and NIST requirements
  19. 19. Customer Testimonial “Config rules are your laws for AWS accounts and can be used to maintain compliance and monitor activity of what dev teams do in their accounts and catch what is against corporate or standard compliance (PCI / HIPAA).” - Aater Suleman, Flux7 CEO
  20. 20. New Feature Launch: AWS Config Dashboard
  21. 21. AWS Config Dashboard An overview of your resources and their compliance with AWS Config rules
  22. 22. Gain visibility with AWS CloudTrail • Increase visibility into your user and resource activity • Discover and troubleshoot security and operational issues • Simplify your compliance audits by automatically recording and storing activity logs for your AWS account
  23. 23. AWS CloudTrail advanced features • Multiple Region and Multiple Trail Configuration • Data Events • Log File Integrity Validation • CloudWatch Logs Integration
  24. 24. CloudTrail: Lookup API activity
  25. 25. Automate configuration with Amazon EC2 Systems Manager • Enables automated configuration • Supports ongoing management of systems at scale • Works across all of your Windows and Linux workloads • Runs in Amazon EC2 or on-premises • Carries no additional charge to use
  26. 26. Amazon EC2 Systems Manager key benefits Support for hybrid architecture Easy to use automation Improve visibility and control Maintain software compliance Reduce costs Secure role-based management
  27. 27. Amazon EC2 Systems Manager capabilities State Manager Maintenance WindowInventory Automation Parameter Store Run Command Patch manager
  28. 28. Create catalogs of approved resources with AWS Service Catalog • AWS Service Catalog allows organizations to create and manage catalogs of IT services. • It enables users to quickly deploy the approved IT services they need in a self-service manner without access to the underlying services in AWS. Organizations Developers Control Standardization Governance Agility Self-service Time to market
  29. 29. AWS Service Catalog key benefits Ensure compliance with corporate standards Help employees quickly find and deploy approved IT services Centrally manage IT service lifecycle
  30. 30. Demo: AWS Service Catalog
  31. 31. AWS OpsWorks Automate configuration with AWS OpsWorks for Chef Automate • Managed Chef Server and Chef Automate • Suite of automation tools that give you workflow automation for continuous deployment, automated testing for compliance and security with Chef
  32. 32. What is Chef? • Configuration management software • Recipes and cookbooks • Chef development kit and toolset • Community
  33. 33. Commercial offering from Chef Software Suite of tools built on top of Chef Configuration Management • Continuous deployment pipeline • Automated compliance testing • Visibility What is Chef Automate?
  34. 34. AWS OpsWorks for Chef Automate key benefits Fully managed Chef Server Programmable infrastructure Scaling made easy Support from active Chef community Secure Simple to manage hybrid environments
  35. 35. Respond to changes with Amazon CloudWatch • Monitoring service for AWS cloud resources and the applications you run on AWS. • You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in your AWS resources.
  36. 36. Amazon CloudWatch key benefits Monitor Amazon EC2 Monitor other AWS resources Monitor custom metrics Monitor and store logs Set alarms View graphs and statistics
  37. 37. Optimize with AWS Trusted Advisor • Get insight into how and where you can get the most impact for your AWS spend • Find opportunities to reduce your monthly spend and retain or increase productivity • Receive guidance on getting the optimal performance and availability based on your requirements
  38. 38. Integrate with third-party tools
  39. 39. AWS Management Tools capabilities Control  AWS CloudFormation  AWS Service Catalog  EC2 Systems Manager  AWS OpsWorks  AWS Config  AWS CloudTrail  Amazon CloudWatch AWS Trusted Advisor  Model and automate Gain visibility Respond to changes Optimize Integrate
  40. 40. Customer Reference: Flux7 Playbook for AWS Management Creation Compliant Provisioning, Governance AWS CloudFormation: Infrastructure as Code Verification Monitoring and Alerting AWS Config, ConfigRules, AWS CloudTrail Validation Auditing Trusted Advisor/Security Advisor AWS CloudTrail, ConfigRules - Shifts ownership of dependencies to developers - Creates consistency - Software-defined infrastructure - Codifies corporate policies - Identify noncompliant configuration changes - Baseline for best practices -Wide net of best practices Custom resource support Governance Export to 3rd party or ELK-based set up for analysis Reduce risk by catching common errors: - Unused instances - Open firewalls Core Function Key Benefit Power Usage
  41. 41. Where to find AWS Management Tools?
  42. 42. Q&A
  43. 43. Thank you!