AWS Management Tools provide capabilities to control, gain visibility into, and optimize cloud environments. They include AWS CloudFormation for modeling infrastructure as code, AWS Config for gaining visibility into resource configurations, and AWS CloudTrail and CloudWatch for monitoring user activity and responding to changes. The tools help automate configuration management at scale, simplify compliance, and provide insights to reduce costs and improve performance and security.
4. What do you need?
Control over your cloud environment
Provision
resources
Gain
insights
Monitor
and
optimize
5. AWS Management Tools capabilities
Model
and
automate
Gain
visibility
Respond
to
changes
Optimize
Integrate
Control
6. Model your cloud with AWS CloudFormation
Template CloudFormation Stack
JSON/YAML formatted file
Parameter definition
Resource creation
Configuration actions
Configured AWS services
Comprehensive service support
Service event aware
Customizable
Framework
Stack creation
Stack updates
Error detection and rollback
• CloudFormation gives developers and systems administrators an easy way
to create and manage a collection of related AWS resources, provisioning
and updating them in an orderly and predictable fashion
7. AWS CloudFormation key benefits
Infrastructure as Code
Declarative and Flexible
Easy to Use
Supports a Wide Range
of AWS Resources
9. What are StackSets?
Allow creation of a common set of AWS resources
across accounts and regions
Provide a container for a collection of AWS
CloudFormation stacks
Stack 2 : A2, us-west1
Stack 3 : A3, us-west -1
Stack 4: A 4, us-west-1
Stack 5: A5, us-west-1
Stack 1: A1, us-west-1
10. Functionality?
Provisioning multiple accounts with identical AWS
resources
• Set up AWS KMS keys
• Enable AWS CloudTrail
• Standardize Amazon VPCs with peering connections
• Set up common ingress rules
BCDR solutions across multiple regions
• Configure Amazon S3 bucket replication
• Provision Amazon RDS read replicas
11. Create catalogs of approved resources with
AWS Service Catalog
• AWS Service Catalog allows organizations to create and manage catalogs
of IT services.
• It enables users to quickly deploy the approved IT services they need in a
self-service manner without access to the underlying services in AWS.
Organizations Developers
Control
Standardization
Governance
Agility
Self-service
Time to market
12. AWS Service Catalog key benefits
Ensure Compliance with Corporate Standards
Help Employees Quickly Find and Deploy Approved IT Services
Centrally Manage IT Service Lifecycle
14. Automate configuration with Amazon EC2
Systems Manager
• Enables automated configuration
• Supports ongoing management of systems at scale
• Works across all of your Windows and Linux workloads
• Runs in Amazon EC2 or on-premises
• Carries no additional charge to use
15. Amazon EC2 Systems Manager key benefits
Support for hybrid
Architecture
Easy to Use
Automation
Improve Visibility
and Control
Maintain Software
Compliance
Reduce Costs Secure Role-Based
Management
16. Amazon EC2 Systems Manager capabilities
State Manager Maintenance WindowInventory
Automation Parameter Store
Run Command
Patch manager
18. AWS OpsWorks
Automate configuration with AWS OpsWorks
for Chef Automate
• Managed Chef Server and Chef Automate
• Suite of automation tools that give you workflow automation for
continuous deployment, automated testing for compliance and
security with Chef
19. What is Chef?
• Configuration Management Software
• Recipes and Cookbooks
• Chef development kit and toolset
• Community
20. Commercial offering from Chef Software
Suite of tools built on top of Chef Configuration Management
• Continuous Deployment Pipeline
• Automated compliance testing
• Visibility
What is Chef Automate?
21. AWS OpsWorks for Chef Automate key benefits
Fully Managed
Chef Server
Programmable Infrastructure Scaling Made Easy
Support from
Active Chef Community
Secure Simple to Manage
Hybrid Environments
22. Gain visibility with AWS Config
• Get inventory of all your AWS resources
• Discover resources that exist in your account and capture configurations
• Provide rules to ensure resource configurations conform to your internal
best practices and guidelines
23. AWS Config key benefits
• Enables you to assess, audit, and evaluate the configurations of your AWS resources
• Continuously monitors and records your AWS resource configurations
• Allows you to automate the evaluation of recorded configurations against desired
configurations with Config rules
Continuous Monitoring
Change Management
Continuous Assessment
Operational Troubleshooting
Benefits
24. AWS Config advanced features
Configurable and Customizable Rules
Configuration History of AWS Resources
• Ensure that all EC2 instances in your cloud infrastructure use AMIs from an
approved list
• Identify managed EC2 instances that are running software packages and
applications that are on the blacklist
• Identify EC2 instances of a specific type or size
• Identify EC2 volumes that are not encrypted.
25. New Feature Launch: AWS Config Dashboard
An overview of your resources and their compliance with AWS Config rules
27. Gain visibility with AWS CloudTrail
• Increase visibility into your user and resource activity
• Discover and troubleshoot security and operational issues by capturing a
comprehensive history of changes that occurred in your AWS account
• Simplify your compliance audits by automatically recording and storing
activity logs for your AWS account
28. AWS CloudTrail key benefits
• Allows you to log, continuously monitor, and retain events related to API calls across your
AWS infrastructure
• Provides a history of AWS API calls for your account, including API calls made through the
AWS Management Console, AWS SDKs, command line tools, and other AWS services
Simplified Compliance
Security Analysis and
Troubleshooting
Visibility Into User and
Resource Activity
Security Automation
Benefits
29. Respond to changes with AWS CloudWatch
• Monitoring service for AWS cloud resources and the applications you
run on AWS.
• You can use Amazon CloudWatch to collect and track metrics, collect
and monitor log files, set alarms, and automatically react to changes
in your AWS resources.
30. AWS CloudWatch key benefits
Monitor Amazon
EC2
Monitor Other
AWS Resources
Monitor Custom
Metrics
Monitor and Store
Logs
Set Alarms View Graphs and
Statistics
32. Optimize with AWS Trusted Advisor
• Get insight into how and
where you can get the most
impact for your AWS spend
• Find opportunities to reduce
your monthly spend and
retain or increase productivity
• Receive guidance on getting
the optimal performance and
availability based on your
requirements
37. Playbook: AWS Management
Creation
Compliant Provisioning, Governance
AWS CloudFormation: Infrastructure as
Code
Verification
Monitoring and Alerting
AWS Config, ConfigRules
AWS CloudTrail
Validation
Auditing
Trusted Advisor/Security
Advisor
AWS CloudTrail,
ConfigRules
- Shifts ownership of dependencies to
developers
- Creates consistency
- Software defined
infrastructure
- Codifies corporate policies
- Identify non-compliant
configuration changes
- Baseline for best practices
-Wide net of best practices
Custom resource support
Governance Export to 3rd party or ELK
based set up for analysis
Reduce risk by catching
common errors:
- Unused instances
- Open firewalls
Core
Function
Key
Benefit
Power
Usage