In this session we will focus on accounts operations best practices, how to setup your account to reduce operational risks and how to make your operations easier using various tools including Systems Manager, Trusted Advisor, Personal Health Dashboard, AWS config and more. SundaySky will present how they improve their operations with automated responce based on lessons learned.

2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Design with Ops in mind
Nir Gomer
Director, R&D Group Manager
SundaySky
S K L 3 0 9
Shelly Dar
Sr. Technical Account Manager
Amazon Web Services

3. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Prevent Detect Respond Learn
Agenda
Prevent repetition

4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Prevent
• Operational readiness
• Is everything ready?
• Situational awareness
• What are all the things?
• Anticipate failure
• What can go wrong?

5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Operational readiness
https://aws.amazon.com/quickstart/architecture/compliance-cis-benchmark/

7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Trusted Advisor

8. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Trusted Advisor
• 7 core Trusted Advisor checks - Available to all AWS
customers
• Business or Enterprise support plans:
• Access to the full set of Trusted Advisor checks
• Programmatic access

9. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Trusted Advisor tools
https://github.com/aws/Trusted-Advisor-Tools
AWS Step
Functions
Amazon
CloudWatch
Events
AWS Trusted
Advisor
AWS Lambda
AWS Lambda
AWS Lambda
AWS IAM
AWS CloudTrail
AWS SNS

10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Config
• Aggregated view
• Across accounts
• Resources inventory
• Snapshots are saved on S3

12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Config
https://aws.amazon.com/blogs/mt/aws-config-best-practices/
https://github.com/awslabs/aws-config-to-elasticsearch

13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Tagging
General
• Name
• Owner
• Environment
• Product Project
• Business unit
Department
• Customer
Operational
• Build Release
Version
• Backup
• VPC
• OS version
Cost
• Cost center
budget
• RI Subscription id
• Auto start running
hours
• Expiration date
• License
• RI expiration

14. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Tag Editor

15. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Systems Manager

17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Prevent Detect Respond Learn
Agenda
Prevent repetition

18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Detect
• Monitoring
• What is everything doing?
• Controls (security & governance)
• How do we protect our business?
• Raise alerts
• How do we know to act so we can reduce risk to the business?

19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Monitoring
System
NOC
Support
Account
exec
Security
Budget
owner
Customer
vendors
Product
manager
DevOps

20. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Monitoring
Please don’t forget
VPC

21. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Log aggregation
Amazon Kinesis
Firehose
Amazon
CloudWatch Logs
Logstash
AWS IoT
Elasticsearch
data nodes
Kibana
Data Producers Buffer Transform Deliver
Amazon Elasticsearch Service
(includes managed Kibana)
Elasticsearch
master nodes
https://amzn.to/2NLKLcn

22. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Personal Health Dashboard

23. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
GuardDuty

24. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
GuardDuty- github samples
GuardDuty Amazon
CloudWatch Events
Lambda AWS WAF AWS WAF
Filtering rule
Amazon VPC Network
access
control list
Amazon
DynamoDB
Amazon Simple
Notification Service
https://github.com/aws-samples/amazon-guardduty-hands-on
https://github.com/aws-samples/amazon-guardduty-waf-acl

25. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Prevent Detect Respond Learn
Agenda
Prevent repetition

26. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Respond
• Identify trends
• How do you know an event is coming before it leads to an incident?
• Respond with consistency
• Is there a documented process for responding to the event? (runbook/playbook)
• Automate proactive responses
• Can a scripted response be triggered automatically?

27. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Respond
• Identify trends
• Amazon GuardDuty, Amazon CloudWatch Logs Insights & Dashboards
• Respond with consistency
• AWS Systems Manager, AWS OpsWorks, AWS Config rules
• Automate responses
• AWS Auto Scaling, AWS Lambda

28. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Prevent Detect Respond Learn
Prevent repetition

29. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Nir Gomer
Director, R&D Group Manager
SundaySky

30. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What is SundaySky
SundaySky delivers a powerful video marketing platform that enables personalized
storytelling across the consumer lifecycle

31. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
SundaySky Rendering Architecture

32. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Design for success, Architect for disaster
Tag checker

33. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Designing the service with Ops in mind
• Stop being reactive – think about security, cost, manageability, support and
availability from the design phase
• Monitoring is a great, but avoid over-monitoring
• Automation is the goal but you can start with manual switches (automate
the way things are done, leave the decision of what to do to a human at
first, and automate it later)

34. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Operational Tools used in SundaySky
CloudWatch PagerDuty
Cost Anomaly
Detector
Alarms
CloudTrail
Trusted
Advisor
Well-
Architected
GuardDuty Macie
Auto Scaling
Experiments
Tag
checker
GuardDuty
Cost Explorer

35. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Takeaways
• The benefits are huge! R&D velocity; cost; SLAs; Security levels; Operations FTEs
and more
• If this seems a lot, you’re right… it is…
• But… Rome was not built in a day…
• There is no ‘one playbook to rule them all’

36. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

37. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Prevent Detect Respond Learn
Prevent repetition

38. Thank you!
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Shelly Dar
shelldar@amazon.com
https://www.linkedin.com/in/shellydar
Nir Gomer
Director, R&D Group Manager
SundaySky
http://bit.ly/2SEvcEb