Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
November 12, 2014
Prashant Prahlad, Amazon Web Services
Change /CHānj/ (v)….to make the form and future course
different from what it is or from what it would be if left alone
“Currently we are scanning AWS and collecting a set of resource configurations
and store those information in an in-our-da...
“We poll critical resources, such as our production security groups, at a higher
frequency to ensure we don’t miss changes...
“Infrastructure configuration management is designed for infrequent, controlled
changes.”– AWS Customer
“Normalizing different resources just makes understanding them so much
simpler.”– AWS Customer
Continuous ChangeRecordingChanging
Resources
AWS Config
History
Stream
Snapshot (ex. 2014-11-05)
AWS Config
Infrastructure
Change Log
Audits
Regulatory
Compliance
Engine
Changes
Amazon EC2
Instance, ENI...
Amazon EBS
Volumes
AWS CloudTrail
Log
Amazon VPC
VPC, Subnet...
Resource Type Resource
Amazon EC2 EC2 Instance
EC2 Elastic IP (VPC only)
EC2 Security Group
EC2 Network Interface
Amazon E...
Resource Relationship Related Resource
CustomerGateway is attached to VPN Connection
Elastic IP (EIP) is attached to Netwo...
Component Description Contains
Metadata Information about this configuration
item
Version ID, Configuration item ID,
Time ...
Snapshot @ 2014-11-05,
11:30pm
Snapshot @ 2014-11-12,
2:30pm
Resource Type Resource
Amazon EC2 EC2 Instance
EC2 Elastic IP (VPC only)
EC2 Security Group
EC2 Network Interface
Amazon E...
http://bit.ly/awsevals
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
Upcoming SlideShare
Loading in …5
×

(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014

7,073 views

Published on

AWS Config is a new cross-resource service that allows you to discover new resources, how they're configured, and how these configurations changed over time. The service defines and captures relationships an dependencies between resources, helping you determine if a change to one resource affects other resources.

Published in: Technology

(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014

  1. 1. November 12, 2014 Prashant Prahlad, Amazon Web Services
  2. 2. Change /CHānj/ (v)….to make the form and future course different from what it is or from what it would be if left alone
  3. 3. “Currently we are scanning AWS and collecting a set of resource configurations and store those information in an in-our-data-center database – this is a giant effort on our part.” – AWS Customer
  4. 4. “We poll critical resources, such as our production security groups, at a higher frequency to ensure we don’t miss changes.” – AWS Customer
  5. 5. “Infrastructure configuration management is designed for infrequent, controlled changes.”– AWS Customer
  6. 6. “Normalizing different resources just makes understanding them so much simpler.”– AWS Customer
  7. 7. Continuous ChangeRecordingChanging Resources AWS Config History Stream Snapshot (ex. 2014-11-05) AWS Config
  8. 8. Infrastructure Change Log Audits Regulatory Compliance Engine Changes
  9. 9. Amazon EC2 Instance, ENI... Amazon EBS Volumes AWS CloudTrail Log Amazon VPC VPC, Subnet...
  10. 10. Resource Type Resource Amazon EC2 EC2 Instance EC2 Elastic IP (VPC only) EC2 Security Group EC2 Network Interface Amazon EBS EBS Volume Amazon VPC VPCs Network ACLs Route Table Subnet VPN Connection Internet Gateway Customer Gateway VPN Gateway AWS CloudTrail Trail
  11. 11. Resource Relationship Related Resource CustomerGateway is attached to VPN Connection Elastic IP (EIP) is attached to Network Interface is attached to Instance Instance contains Network Interface is attached to ElasticIP (EIP) is contained in Route Table is associated with Security Group is contained in Subnet is attached to Volume is contained in Virtual Private Cloud (VPC) InternetGateway is attached to Virtual Private Cloud (VPC) … …. …..
  12. 12. Component Description Contains Metadata Information about this configuration item Version ID, Configuration item ID, Time when the configuration item was captured, State ID indicating the ordering of the configuration items of a resource, MD5Hash, etc. Common Attributes Resource attributes Resource ID, tags, Resource type. Amazon Resource Name (ARN) Availability Zone, etc. Relationships How the resource is related to other resources associated with the account EBS volume vol-1234567 is attached to an EC2 instance i- a1b2c3d4 Current Configuration Information returned through a call to the Describe or List API of the resource e.g. for EBS Volume State of DeleteOnTermination flag Type of volume. For example, gp2, io1, or standard Related Events The AWS CloudTrail events that are related to the current configuration of the resource AWS CloudTrail event ID
  13. 13. Snapshot @ 2014-11-05, 11:30pm Snapshot @ 2014-11-12, 2:30pm
  14. 14. Resource Type Resource Amazon EC2 EC2 Instance EC2 Elastic IP (VPC only) EC2 Security Group EC2 Network Interface Amazon EBS EBS Volume Amazon VPC VPCs Network ACLs Route Table Subnet VPN Connection Internet Gateway Customer Gateway VPN Gateway AWS CloudTrail Trail
  15. 15. http://bit.ly/awsevals

×