Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Revolutionising Cloud Operations with AWS Config, AWS CloudTrail and AWS Cloudwatch – Matt House

2,085 views

Published on

This session dives deep into several patterns from the checklist and shows how to apply and extend these patterns to support the Hybrid Cloud using AWS services such as AWS Config, AWS Cloudtrail and AWS Cloudwatch. Practical examples will demonstrate how these services can be combined with other AWS tools such as the AWS CLI and PowerShell in order to maximize the benefit to your organisation.

Published in: Technology

Revolutionising Cloud Operations with AWS Config, AWS CloudTrail and AWS Cloudwatch – Matt House

  1. 1. Revolutionising Cloud Operations
 With AWS Config, AWS CloudTrail and AWS CloudWatch
 Matt House, Solutions Architect Amazon Web Services
  2. 2. Business 101 Technical 201 Technical 301 Technical 401 Technical Session Grading
  3. 3. Where are we today?
  4. 4. Where are we today?
  5. 5. “The cloud has become the new normal”
 Andy Jassy : AWS Senior Vice President 
 
 “Everything’s changed, yet nothing’s different”
 AWS whitepaper: Architecting for the cloud: Best Practices Revolutionising cloud operations
  6. 6. Agenda for today • Common “Cloud” Conversations • Operational Checklist for AWS • Demo 1 from Ops checklist (monitoring) • Demo 2 from Ops checklist (auditing) • Demo 3 from Ops checklist (config management) • Summary
  7. 7. Common Cloud Conversations With AWS Partners: Services teams My customers are demanding increased agility and visibility in their contract. How do I move to a cloud services business? With AWS Customers: Operations teams The developers in my business are using AWS to deliver results fast, how can I use AWS to deliver what the business wants from me equally fast?
  8. 8. What drives these conversations? We Can Help Fix This!
  9. 9. What drives these conversations? OPSDEV
  10. 10. Outcomes of these conversations Transformation DEVOPS OLD NEW Bi-Modal Do more… With more
  11. 11. Resources for AWS customers • AWS Developer Guides • AWS White Papers • AWS Reference Architectures • AWS Official Blog (Jeff Barr) • Presentations from this summit and re:Invent • Operational Checklists for AWS
  12. 12. Operational Checklists for AWS Tools to help Operations teams… “Operational Checklists for AWS” Basic Operations Checklist Enterprise Operations Checklist Auditing and Security Checklist
  13. 13. Demo #1 Monitoring and Incident Management From the Enterprise Operations Checklist “Has your organization instrumented appropriate monitoring tools and integrated your AWS resources into its incident management processes?”
  14. 14. Monitoring & Incident Management (CloudWatch) What is Continuous Integration – Continuous Delivery Waterfall: Deploy to production once a Quarter? Agile Sprint : Deploy to production once a Month? CI/CD: Deploy code to production once an Hour?! Write Code + check in Automated build Automated test Automated deploy Live in production
  15. 15. CI/CD deploy into AWS Capture Activity with AWS CloudWatch Monitor in CloudWatch dashboard Alert and report on that activity Monitoring & Incident Management (CloudWatch)
  16. 16. Monitoring & incident Management (CloudWatch) Write Code + check in Automated build Automated test Automated deploy Blue/Green live in production
  17. 17. CI/CD deploy into AWS Blue is production – 100% load Green is standby – 0% load Monitoring & incident Management (CloudWatch) LIVE PRODUCTION
  18. 18. CI/CD deploy into AWS CI/CD toolchain deploys new code to green Monitoring & incident Management (CloudWatch) LIVE PRODUCTION Blue is production – 100% load Green is standby – 0% load
  19. 19. CI/CD deploy into AWS PaaS flips DNS Green is production – 100% load Blue is standby – 0% load Monitoring & incident Management (CloudWatch) LIVE PRODUCTION WHERE DID THIS GO? CI/CD toolchain deploys new code to green Blue is production – 100% load Green is standby – 0% load
  20. 20. AWS CloudWatch: • Monitoring service for AWS • Collect and track metrics • Collect and monitor log files • Set alarms Available in all public regions 5 minute resolution = No Additional Charge 1 minute resolution = $3.50 per month Capture Activity with AWS CloudWatch Monitoring & incident Management (CloudWatch)
  21. 21. AWS CloudWatch dashboard • View the information CloudWatch collects • Draw graphs • Set Thresholds • Send Alerts Available in all public regions Typically $3/month for log storage on S3 Monitor that in Cloudwatch dashboard Monitoring & incident Management (CloudWatch)
  22. 22. Simple Notification Service • Fully managed push messaging service • Send individual messages • Send bulk messages • E-mail, txt, google, apple, winpho, fireOS Available in all public regions $1 to send 1,000,000 notifications Alert and report on that Activity Monitoring & incident Management (CloudWatch)
  23. 23. Demo #1 Run the Demo
  24. 24. Demo #1 Monitoring and Incident Management
  25. 25. Demo #2 Security Logging and Monitoring From the Audit Security Checklist “Are your organisation’s systems residing on AWS logged and monitored?”
  26. 26. AWS Shared Responsibility Model Security Logging and Monitoring (CloudTrail)
  27. 27. CI/CD deploy into AWS Everything is an API call Log everything with CloudTrail CloudTrail and CloudWatch Logs Security Logging and Monitoring (CloudTrail)
  28. 28. CI/CD deploy into AWS Who made these changes? When did they make them? On Whose Authority? How is this recorded? Security Logging and Monitoring (CloudTrail)
  29. 29. Your infrastructure is code Operations are as much a part of the dev process as anything else Everything is an API call You can log all the API callsEverything is an API call Security Logging and Monitoring (CloudTrail)
  30. 30. AWS CloudTrail • History of AWS API calls • AWS Management Console, • AWS SDKs, • Command line tools, • Other AWS services Available in all public regions CloudTrail = No additional charge Typically $3/month for log storage on S3 Log all API calls with CloudTrail Security Logging and Monitoring (CloudTrail)
  31. 31. CloudTrail and CloudWatch Logs Security Logging and Monitoring (CloudTrail) CloudWatch Logs • An API call is an event • Everything is an API call…
  32. 32. Demo #2 Run the Demo
  33. 33. Demo #3 Security Logging and Monitoring
  34. 34. Demo #3 Configuration and Change Management From the Enterprise Operations Checklist “Does your organization have a configuration and change management strategy for its AWS resources?”
  35. 35. Config and Change Management (AWS Config) CI/CD deploy into AWS Capture changes with AWS Config Look at Config timeline Output to durable storage
  36. 36. CI/CD deploy into AWS Config and Change Management (AWS Config) How did our AWS resources look before? What changed? How do they look now? How have the relationships changed?
  37. 37. AWS Config • Fully managed service • AWS resource inventory • Configuration history • Configuration change notifications Available in all public regions $.003 per configuration item recorded Capture changes with AWS Config Config and Change Management (AWS Config)
  38. 38. AWS Config console • View AWS Config information • Current and historical • Current configuration, historical timeline of configurations • Current relationships, historical timeline of relationships Available in all public regions No additional charge Look at Config timeline Config and Change Management (AWS Config)
  39. 39. AWS S3 • Object Storage • Secure • Durable • Highly Scalable Available in all public regions Free usage tier = 5GB $0.03 per Gigabyte Output to durable storage Config and Change Management (AWS Config)
  40. 40. Demo #3 Run the Demo
  41. 41. Demo #3 Config and Change Management
  42. 42. APN Technology Partners
  43. 43. Summary • The business demands more • The cloud is the new normal • Cloud allows you to exceed expectations • Do more… with more • AWS CloudWatch • AWS CloudTrail • AWS Config
  44. 44. What to do next 1. Download the Operational Checklists for AWS 2. Embrace the new normal and benefit 3. Use CloudWatch, CloudTrail, AWS Config

×