Estate and Patch Management Infrastructure and Operations as Code

•

1 like•244 views

This document discusses operational excellence in AWS and describes how to set up and use various AWS services to implement operational best practices. It covers creating an IAM user and VPC using CloudFormation, managing resources using Systems Manager inventory and state manager, setting up patch management with Patch Manager by creating baselines and groups, and removing lab resources. It also provides bonus content on automating operations with maintenance windows.

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Brian Carlson
Operational Excellence Lead, Well-Architected
Estate and Patch Management
Infrastructure and Operations as Code

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What is the Operational Excellence Pillar?
“The operational excellence pillar includes the ability to run and monitor systems
to deliver business value and to continually improve supporting processes and
procedures. The operational excellence pillar provides an overview of design
principles, best practices, and questions.”

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Design Principles
• Perform operations as code
• Annotated documentation
• Make frequent, small, reversible changes
• Refine operations procedures frequently
• Anticipate failure
• Learn from all operational failures

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What is the Operational Excellence Pillar?
PREPARE EVOLVEOPERATE

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
How do you design your workload to enable
operability?
• Shared design standards
• Design for cloud operations
• Mitigate deployment risks
PREPARE

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
How do you know that you are ready to support a
workload?
• Documented accessible
governance and guidance
• Runbooks
PREPARE

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Why are we here?
The increased speed and agility of the
cloud is best supported using the same
engineering discipline and practices that
you apply to code.
Dynamic and elastic access to resources
increases the speed and agility of your
organization and benefits from equally
dynamic operations.

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Setting Up Your Lab Environment

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Requirements
1. Your own device for console access
2. An AWS account that you are able to use for testing,
that is not used for production or other purposes.
3. An available region within your account with capacity
to add 2 additional VPCs
4. Download the Lab Guide at https://bit.ly/2rnSUdi
https://s3-us-west-2.amazonaws.com/aws-well-architected-labs/Operations/100+-
+Estate+&+Patch+management+Lab+guide.html
Amazon VPC*

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Lab Setup
1. Create an Administrator IAM user and group
2. Log in with your IAM Administrator user
3. Create an EC2 Key Pair
IAM
Amazon EC2

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Deploying an Environment
using Infrastructure as Code

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Deploy the lab environment
1. Deploy the Lab CloudFormation template
https://s3-us-west-2.amazonaws.com/aws-well-architected-
labs/Operations/OE_Single_VPC+_2-Tier_Application_Lab.json
2. Examine the environment in CloudFormation
Designer
3. Deploy your stack
template
AWS
CloudFormation
stack

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Estate management
Systems Manager

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Understanding the Resources in your
Environment
1. Set up Systems Manager
2. Create a second CloudFormation stack
2. Track your resources using Inventory
3. Review associations with State Manager
Amazon EC2
Systems Manager
stack
Inventory
State Manager

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Patch Management
Systems Manager Patch Manager

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Patch Management
1. Create a Patch Baseline
2. Assign a Patch Group
3. Scan your instances
4. Patch your instances
Patch
Manager
documents

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Removing lab resources

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Removing lab resources
1. Delete your CloudFormation stacks
2. Delete your State Manager association
If you created a…
• S3 bucket, delete it
• SNS Topic, delete it
• Maintenance window, delete it
If you don’t plan to use your Administrator user, delete it
If you do plan to use your Administrator user, we
recommend you enable MFA
stack
Maintenance
Windows
bucket
State
Manager
IAM
topic

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Operational Excellence Lead
Well-Architected
crlsonb@amazon.com
Brian Carlson

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Bonus Content:
Creating Maintenance Windows and
Scheduling Automated Operations
Activities

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Automating Patching with Maintenance Windows
1. Set up Maintenance Windows
2. Create a Patch Maintenance Window
3. Assign Targets
4. Assign Tasks
5. After the maintenance window review
the results
Maintenance
Windows
Patch
Manager
Amazon
EC2

This hands-on, instructor-led lab will guide you through the steps to perform basic resiliency testing of a simple web application. You will use the AWS Management Console to understand how to view what has been created, and what the effect of your testing is. This lab will also help you understand how to use the AWS command line interface. The skills learned will help provide you the ability to start a resiliency test repository for chaos engineering.

Nirav Kothari: Well-Architected - Operational Excellence Instructor Led Lab.pdf

Amazon Web Services

This hands-on, instructor-led lab will use the AWS Management Console to deploy a new workload, and set up estate and patch management. In this lab we will demonstrate the importance of tagging and the ways in which it can support you operations activities. You will leverage the benefits of infrastructure as code for development and deployment of your environment. You will also perform Operations as Code to gain insights to your workload status, and to maintain your environment.

Well-Architected: Cost Optimization Instructor Led Lab.pdf

Amazon Web Services

This hands-on, instructor led lab will guide you through cost optimization for an organization, as it evolves from a single small account through to a large scale organization. You will use the built in cost management tools within the console, then utilize other AWS services to provide deep analysis and answers at scale. It will also demonstrate how to setup account structures and permissions to facilitate organization wide optimization.

AWS Systems Manager: Bridging Operational Models - SRV212 - Chicago AWS Summit

Amazon Web Services

Simplify Operations, Compliance and Governance using AWS Systems Manager

Amazon Web Services

This session will discuss how government organizations can employ AWS Systems Manager to gain insights into their environments and simplify operational tasks such as patching the OS or loading applications, for both on-premises instances as well as those within AWS. We will also look into how SSM can simplify governance and compliance from Central IT perspective by demonstrating how Systems Manager can automate credential rotation on servers in order to maintain compliance for various regulatory or compliance workloads.

Too Many Tools - How AWS Systems Manager Bridges Operational Models

Amazon Web Services

Come and see first-hand how AWS Systems Manager can help you manage your servers at scale with the agility and security you need in today's dynamic cloud-enabled world.Systems Manager simplifies resource and application management, shortens the time to detect and resolve operational problems, and makes it easy to operate and manage your infrastructure securely at scale. Speaker: Andra Christie, Solutions Architect, AWS

Inventory and Patch Management Using AWS Systems Manager (ARC332) - AWS re:In...

Amazon Web Services

In this hands-on, instructor-led lab, we use the AWS Management Console to deploy a new workload, create an inventory, and set up patch management. We demonstrate the importance of tagging and the ways in which it can support your operations activities. Learn the benefits of infrastructure-as-code for development and deployment of your environment, and perform operations-as-code to gain insights into your workload status. To participate in this lab, attendees must bring their own laptop and have a personal, nonproduction AWS account.

Designing for Operability: Getting the Last Nines in Five-Nines Availability ...

Amazon Web Services

"AWS provides you with the capabilities to track and maintain visibility into your AWS resources, configure and harden them according to custom and popular security standards such as CIS, detect vulnerabilities or deviation from state and automatically restore them to a secure state or apply patches. In this workshop we start by guiding you through tagging your resources and maintaining an asset inventory for visibility and governance purposes with AWS SSM Inventory Manager and Tags. We then build an AMI baking pipeline, harden the AMI with AWS SSM and install the Amazon Inspector agent. Within the pipeline we look for vulnerabilities and apply patches before promoting the AMI for use by an application. Next we construct a continuous detection framework to detect change in state of security or detection of highly critical vulnerabilities using Amazon Inspector, AWS SSM and AWS Config. We then build automation to rehydrate a production environment with a patched AMI using AWS SSM. Finally for the security analyst we develop reports for compliance purposes. For more advanced users we provide use cases using other AWS services including OpsWorks, Macie and Service Catalog."

Deep dive - AWS Fargate

Amazon Web Services

This document provides an overview of AWS Fargate. It begins with introductions to containers and microservices. It describes how containers and microservices are well-suited to each other due to their ability to deploy and scale services independently. The document then discusses container orchestration tools and the options on AWS. It focuses on AWS Fargate, describing its key advantages of having no infrastructure to manage, ability to quickly launch and easily scale containers, and resource-based pricing. Fargate allows developers to focus just on their application without having to manage servers or clusters.

Configure Your Cloud to Make It Rain on Threats (SEC335-R1) - AWS re:Invent 2018

Amazon Web Services

Security on AWS is robust and feature rich, but how do you know what to do and how to start? This workshop covers how to start your AWS threat response automation platform using native AWS tools and OSS. We begin with how to collect and analyze all the different data sources in an AWS account. Next, we cover how to take that log data and automatically address risks identified from network intrusion, insider threats, or misconfigurations. We also cover preventative controls that can help block risk in the first place and alert you when drift occurs. Finally, we cover how to scale this all out to multiple accounts.

Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...

Amazon Web Services

Join us, and learn how we made AWS our backbone, modularized our software for the cloud, and gained an immediate surge in velocity. In this session, we walk you through some of the unexpected security challenges we faced and hopefully save you a few headaches. Discover what security issues you need to address, how to avoid costly unused instances in your deployments, and why your current security tools won’t help. We show you how a major transformation landed us on AWS, and we share how we overcame challenges and advanced our business while innovating in a new direction. This session is brought to you by AWS partner, Barracuda Networks Inc.

Analyze Slide Images and Process Phenotypic Assays at Scale on AWS (CMP358) -...

Amazon Web Services

Come Out From Behind Your Firewall

Amazon Web Services

The document discusses traditional on-premise security approaches using firewalls and their limitations. It then covers cloud security using tools like CloudTrail, VPC flow logs, and GuardDuty for continuous monitoring. GuardDuty detects threats and security findings can be responded to automatically using Lambda. The document concludes with an overview of DevSecOps which aims to integrate security practices into the entire software development lifecycle through automation, testing, and a shared culture of security.

Accelerate Productivity by Computing at the Edge - AWS Online Tech Talks

Amazon Web Services

Introducing AWS Firewall Manager - AWS Online Tech Talks

Amazon Web Services

Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...

Amazon Web Services

The document discusses an automated solution for deploying an AWS Landing Zone. It describes the AWS Landing Zone as providing an easy way to set up a new multi-account AWS environment based on AWS best practices. The solution automates the initial setup of accounts and baseline security and governance controls. It also includes an AWS Account Vending Machine that allows additional accounts to be automatically provisioned with security baselines. The workshop will include demos of deploying a Landing Zone, creating new accounts via the AWS Vending Machine, and extending the Landing Zone with add-on features.

Understanding AWS Secrets Manager - AWS Online Tech Talks

Amazon Web Services

Living the AWS Well Architected Framework

Adam Dillman

DEM20 Protecting Your Data in Amazon S3

Amazon Web Services

Amazon S3 is an integral component of any cloud application deployed on AWS. Protecting our Amazon S3 instance must be a priority, a task that you, the user, are responsible for. In this session, Anuj Sawani walks through how Palo Alto Networks’ API-based cloud security capabilities can complement native AWS security features to help protect your S3 data and maintain compliance of your AWS usage. This session is brought to you by AWS Partner, Palo Alto Networks.

NFL and Forwood Safety Deploy Business Analytics at Scale with Amazon QuickSi...

Amazon Web Services

The document discusses how Forwood Safety and the National Football League use Amazon QuickSight for business analytics. Forwood Safety uses QuickSight to analyze safety verification data from millions of checks to identify potentially fatal issues. The NFL uses QuickSight for its Next Gen Stats to provide real-time player tracking data to media, teams, and broadcasters. QuickSight provides benefits like easy scalability, no server management, and pay per use pricing.

So You Want to be Well-Architected?

Amazon Web Services

The AWS Well-Architected Framework enables customers to understand best practices around security, reliability, performance, and cost optimisation when building systems on AWS. This approach helps customers make informed decisions and weigh the pros and cons of application design patterns for the cloud. In this session, you'll learn about the Well-Architected Framework, and the steps you can take to help ensure your solution is Well Architected. Speaker: Brian Farnhill, Solutions Architect, AWS

Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...

Amazon Web Services

Managing that balance between running machine learning (ML) and deep learning algorithms and following approved security practices from your security organization is critical in keeping your data and your customers’ data safe. In this chalk talk, we introduce a common ML/deep learning flow using Amazon SageMaker, identify various points of data exchange with Amazon EMR and Amazon S3, and dive deep into the security and governance of the data and infrastructure. Learn about using security controls and building processes with services like AWS CloudTrail, AWS Config, Amazon CloudWatch Events, and AWS Lambda. Gain an understanding of the options and best practices for running ML and deep learning on AWS.Please join us for a speaker meet-and-greet following this session at the Speaker Lounge (ARIA East, Level 1, Willow Lounge). The meet-and-greet starts 15 minutes after the session and runs for half an hour.

Threat Detection & Remediation Workshop - Module 2

Amazon Web Services

This document outlines an agenda for a workshop on threat detection and remediation. It includes: - Running a CloudFormation template to set up the initial environment. - A presentation on threat detection and remediation that discusses why it is difficult, the importance of removing humans from data analysis and detection, and AWS security services that can help. - A walkthrough of the workshop where participants will simulate attacks and threats in their environment and use AWS security tools like GuardDuty, Lambda, and CloudWatch Events for detection and remediation.

Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AW...

Amazon Web Services

The area of identity, authentication, and authorization has significantly evolved in recent years, and this often leaves customers unsure of how to solve for user authentication with .NET applications hosted on AWS. In this workshop, we attempt to baseline the most common technology choices for .NET authentication (Windows Integrated Authentication, SAML, OpenID Connect, OAuth, etc.) and discuss the most common architectures and configurations that customers can leverage when running .NET applications on AWS. Attendees also have a chance to run through hands-on lab exercises for each of the architectures discussed.

DevOps on AWS

Amazon Web Services

by Trevor Sullivan, Solutions Architect, AWS Software release cycles are now measured in days instead of months. Cutting edge companies are continuously delivering high-quality software at a fast pace. In this session, we will cover how you can begin your DevOps journey by sharing best practices and tools used by the engineering teams at Amazon. We will showcase how you can accelerate developer productivity by implementing continuous Integration and delivery workflows. We will also cover an introduction to AWS CodeStar, AWS CodeCommit, AWS CodeBuild, AWS CodePipeline, AWS CodeDeploy, AWS Cloud9, and AWS X-Ray the services inspired by Amazon's internal developer tools and DevOps practice.

“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...

Amazon Web Services

What does “Cloud First” really mean for your processes, customers, and the future of your business? In this session, learn from Hub International’s CISO and Head of Architecture how the insurance company is transforming their business by migrating to the cloud for greater scale, cost savings, performance, and security. With a goal to go all-in on AWS by end of 2018, Hub International needed real-time visibility across its cloud and hybrid environments to mitigate risks and ensure seamless migrations—thereby keeping customers happy and their data safe. See how Hub International is harnessing machine data and predictive analytics to secure applications and infrastructure, control costs and improve capacity planning. This session is brought to you by AWS partner, Splunk.

Are you Well-Architected?

Amazon Web Services

We describe how to use the Well-Architected Framework to evaluate the technology solutions built by your teams. The AWS Well-Architected Framework describes best practices across five pillars (Security, Reliability, Performance, Operational Excellence, and Cost), and provides a consistent approach to review architectures against those best practices. This review process shows where your architectures can be improved, and helps you address weakness that may put your business at risk

Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...

Amazon Web Services

The document discusses operational excellence for identity and access management using an AWS Landing Zone solution, which automates the setup of new AWS multi-account environments based on best practices and recommendations and provides initial security, governance, and shared service controls. It describes the components of the AWS Landing Zone including AWS Organizations, AWS Config, and IAM and how labs can be used to demonstrate creating guardrails, applying governance, and handling drift across accounts to meet security and operational goals.

Design with Ops in Mind.pdf

Amazon Web Services

This document discusses designing software with operations in mind. It recommends considering non-functional requirements like reliability, maintainability and supportability from the start. The document also recommends designing for deployment, testing, monitoring, logging and tracing to provide visibility for operations teams. It suggests using AWS services like CloudFormation, CodePipeline and X-Ray to automate operations tasks and embed observability in the software.

What's hot

Build a Vulnerability Management Program Using AWS for AWS (SEC337-R1) - AWS ...

Amazon Web Services

Deep dive - AWS Fargate

Amazon Web Services

Configure Your Cloud to Make It Rain on Threats (SEC335-R1) - AWS re:Invent 2018

Amazon Web Services

Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...

Amazon Web Services

Analyze Slide Images and Process Phenotypic Assays at Scale on AWS (CMP358) -...

Amazon Web Services

Come Out From Behind Your Firewall

Amazon Web Services

Accelerate Productivity by Computing at the Edge - AWS Online Tech Talks

Amazon Web Services

Introducing AWS Firewall Manager - AWS Online Tech Talks

Amazon Web Services

Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...

Amazon Web Services

Understanding AWS Secrets Manager - AWS Online Tech Talks

Amazon Web Services

Living the AWS Well Architected Framework

Adam Dillman

DEM20 Protecting Your Data in Amazon S3

Amazon Web Services

NFL and Forwood Safety Deploy Business Analytics at Scale with Amazon QuickSi...

Amazon Web Services

So You Want to be Well-Architected?

Amazon Web Services

Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...

Amazon Web Services

Threat Detection & Remediation Workshop - Module 2

Amazon Web Services

Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AW...

Amazon Web Services

DevOps on AWS

Amazon Web Services

“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...

Amazon Web Services

Are you Well-Architected?

Amazon Web Services

What's hot (20)

Build a Vulnerability Management Program Using AWS for AWS (SEC337-R1) - AWS ...

Deep dive - AWS Fargate

Configure Your Cloud to Make It Rain on Threats (SEC335-R1) - AWS re:Invent 2018

Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...

Analyze Slide Images and Process Phenotypic Assays at Scale on AWS (CMP358) -...

Come Out From Behind Your Firewall

Accelerate Productivity by Computing at the Edge - AWS Online Tech Talks

Introducing AWS Firewall Manager - AWS Online Tech Talks

Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...

Understanding AWS Secrets Manager - AWS Online Tech Talks

Living the AWS Well Architected Framework

DEM20 Protecting Your Data in Amazon S3

NFL and Forwood Safety Deploy Business Analytics at Scale with Amazon QuickSi...

So You Want to be Well-Architected?

Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...

Threat Detection & Remediation Workshop - Module 2

Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AW...

DevOps on AWS

“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...

Are you Well-Architected?

Similar to Estate and Patch Management Infrastructure and Operations as Code

Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...

Amazon Web Services

Design with Ops in Mind.pdf

Amazon Web Services

Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...

Amazon Web Services

Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018

Amazon Web Services

In this session, we discuss best practices and approaches for managing your Microsoft Windows-based infrastructure on AWS. We describe the AWS services that can help you manage Windows servers at scale and realize the maximum benefit of the cloud. In addition, we show you how to build simple and effective solutions to manage logging, configuration drift, inventory, licensing, and more. Please join us for a speaker meet-and-greet following this session at the Speaker Lounge (ARIA East, Level 1, Willow Lounge). The meet-and-greet starts 15 minutes after the session and runs for half an hour.

Hitchhiker's Guide to Cloud Ops

Amazon Web Services

This document discusses cloud operations on AWS. It provides an overview of the Well-Architected Operational Excellence pillar and how it can help with designing operations. It also summarizes AWS services like Enterprise Support's Cloud Operations Review, Professional Services' Operations Integration, and AWS Managed Services that can assist with operations. Case studies are presented on how NASA and GE Health Cloud improved their operations with AWS.

Remove Undifferentiated Heavy Lifting from CI/CD Toolsets with Corteva Agrisc...

Amazon Web Services

Cloud engineering teams at Corteva Agriscience, Agriculture Division of DowDuPont, have a challenge: how to support a global business of research scientists and software developers in building a world-class innovation organization. Modern agriculture produces larger and more varied data types, so their approach must be not only scalable and flexible, but also commit to operational excellence while remaining adoptable. This session will walk through how Corteva Agriscience builds container-based infrastructures with CI/CD pipelines that remove undifferentiated heavy lifting and allow teams to empower developers. Members of the cloud engineering team will discuss problems they face, solutions they implement, and show an example of how they leverage AWS services (AWS CodeCommit, AWS CodePipeline, AWS CloudFormation, AWS Fargate) to deploy a novel machine learning algorithm for scoring genetic markers.

AWS Well-Architected Workshop

Amazon Web Services

By Ballu Singh, Solutions Architect AWS The AWS Well-Architected framework was developed to help cloud architects build the most secure, high-performing, resilient, and efficient infrastructure possible for their applications. Composed of 5 pillars – operational excellence, security, reliability, performance efficiency, and cost optimization – this framework provides a consistent approach to evaluate architectures, and provides guidance to help implement designs that will scale with your application needs over time. This workshop teaches you how to put that framework into practice. You’ll learn strategies for building stable and efficient systems. Then you’ll apply that knowledge through a series of team exercises, comparing a sample architecture against our best practices, and assessing how Well-Architected it is against each pillar.

Driving DevOps Transformation in Enterprises (DEV320) - AWS re:Invent 2018

Amazon Web Services

In this session, learn how AWS is helping enterprises adopt the DevOps model and automation in their journey to the cloud. By using the DevOps principle to treat your infrastructure environments as code, you can automate and easily scale your lifecycle environments. Learn how services like AWS CloudFormation and AWS OpsWorks enable you to automate your instance provisioning and configurations as code, ensuring consistent, compliant, and scalable cloud infrastructure. Understand how OpsWorks is enabling enterprises to accelerate their migration to the cloud, leveraging popular tools like Chef or Puppet and their respective communities. Please join us for a speaker meet-and-greet following this session at the Speaker Lounge (ARIA East, Level 1, Willow Lounge). The meet-and-greet starts 15 minutes after the session and runs for half an hour.

Too Many Tools? How AWS Systems Manager Bridges Operational Models - AWS Summ...

Amazon Web Services

AWS Systems Manager is a service that helps customers manage their AWS resources and on-premises systems. It allows users to group resources, visualize operational insights, integrate with other AWS services, and securely manage resources. Systems Manager works across hybrid/multi-cloud environments and supports many configuration and compliance tools. It provides capabilities like resource grouping, operational dashboards, patch management, automation, and remote management to help customers operate safely and securely at scale.

Moving to DevOps the Amazon Way (DEV210-R1) - AWS re:Invent 2018

Amazon Web Services

DevOps is currently one of the most sought after engineering models. One reason is that it helps enterprise transformations. The Amazon transformation to DevOps was born out of the desire to be even more customer obsessed, more agile, and more innovative. Come and learn from our journey as we share the playbook that helped us successfully implement and adopt DevOps as well as the lessons we learned the hard way.

Workshop: Architecting a Serverless Data Lake

Amazon Web Services

In this workshop, learn how to create a serverless data lake architecture. Understand how to ingest data at scale from multiple data sources, how to transform the data, and how to catalog it to make it available for querying using a variety of tools. Also learn how to set up governance and data quality controls. Speakers: Rajanikanth Bhargava Chilakapati - Solutions Architect, AWS Karl Hart - Solutions Architect, AWS John Pignata - Startup Solutions Architect, AWS

Well-Architected Bootcamp

Amazon Web Services

The AWS Well-Architected Framework enables customers to make informed decisions about their architecture in a cloud-native way and understand the impact of design decisions that are made. The Framework is composed of 5 pillars (Operational Excellence, Security, Reliability, Performance Efficiency, and Cost Optimization), design principles and questions. It provides strategies & best practices for architecting in the cloud. The AWS Well-Architected Bootcamp allows you to put the Framework into practice. We will provide an introduction to the Well-Architected Framework, walk through a sample architectural example, and give you a chance to apply the Framework to the sample architecture while using the AWS knowledge of you and your team.

PaaS – From Code to Running Application using AWS Elastic Beanstalk (DEV323) ...

Amazon Web Services

Come learn how Elastic Beanstalk can help you go from code to running application in a matter of minutes, without the need to provision or manage any of the underlying Amazon Web Services (AWS) resources. Hear how Qualcomm is able to migrate application to AWS faster than before through Forge, an internally built application platform that leverages Elastic Beanstalk to simplify the development and deployment of applications to AWS with security and organizational best practices out of the box.

Build Your Own Log Analytics Solutions on AWS (ANT323-R) - AWS re:Invent 2018

Amazon Web Services

With Amazon Elasticsearch Service's simplicity comes a multitude of opportunity to use it as a back end for real-time application and infrastructure monitoring. With this wealth of opportunities comes sprawl - developers in your organization are deploying Amazon Elasticsearch Service for many different workloads and many different purposes. Should you centralize into one Amazon Elasticsearch Service domain? What are the tradeoffs in scale and cost? How do you control access to the data and dashboards? How do you structure your indexes - single tenant or multi-tenant? In this session, we'll explore whether, when, and how to centralize logging across your organization to minimize cost and maximize value and learn how Autodesk has built a unified log analytics solution using Amazon Elasticsearch Service.

AWSome Day - Solutions Architecture Best Practices

Amazon Web Services

[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...

Amazon Web Services

As companies employ DevOps practices to push applications faster into production through better collaboration and automated testing, security is often seen as an inhibitor to speed. The challenge for many organizations is getting applications delivered at a fast pace while embedding security at the speed of DevOps. In this session, learn how AWS Marketplace products and customers help make DevSecOps a well-orchestrated methodology to ensure the speed, stability, and security of your applications.

Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...

Amazon Web Services

Gaining Better Observability of Your VMs with Amazon CloudWatch - AWS Online ...

Amazon Web Services

AWS Lambda use cases and best practices - Builders Day Israel

Amazon Web Services

IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...

Amazon Web Services

In this session, learn how Vanguard has matured their IAM controls and automation to support a micro-account strategy, providing further agility to developers while reducing blast radius and improving governance. You learn how Vanguard uses STS Federation at the OU level, builds common roles across all micro accounts, implements AWS Organizations SCPs, and uses different network control zones for admin vs. non-admin functions. Vanguard also shares how they are using AWS Lambda to block escalation of privilege.

Similar to Estate and Patch Management Infrastructure and Operations as Code (20)

Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...

Design with Ops in Mind.pdf

Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...

Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018

Hitchhiker's Guide to Cloud Ops

Remove Undifferentiated Heavy Lifting from CI/CD Toolsets with Corteva Agrisc...

AWS Well-Architected Workshop

Driving DevOps Transformation in Enterprises (DEV320) - AWS re:Invent 2018

Too Many Tools? How AWS Systems Manager Bridges Operational Models - AWS Summ...

Moving to DevOps the Amazon Way (DEV210-R1) - AWS re:Invent 2018

Workshop: Architecting a Serverless Data Lake

Well-Architected Bootcamp

PaaS – From Code to Running Application using AWS Elastic Beanstalk (DEV323) ...

Build Your Own Log Analytics Solutions on AWS (ANT323-R) - AWS re:Invent 2018

AWSome Day - Solutions Architecture Best Practices

[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...

Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...

Gaining Better Observability of Your VMs with Amazon CloudWatch - AWS Online ...

AWS Lambda use cases and best practices - Builders Day Israel

IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...

Amazon Web Services

Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS. In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.

Big Data per le Startup: come creare applicazioni Big Data in modalità Server...

Amazon Web Services

La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup. Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti. Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.

Esegui pod serverless con Amazon EKS e AWS Fargate

Amazon Web Services

Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi

Costruire Applicazioni Moderne con AWS

Amazon Web Services

Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.

Come spendere fino al 90% in meno con i container e le istanze spot

Amazon Web Services

L’utilizzo dei container è in continua crescita. Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili. I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!

Open banking as a service

Amazon Web Services

In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th. Event Agenda : Open banking so far (short recap) • PSD2, OB UK, OB Australia, OB LATAM, OB Israel Intro to Open Finance marketplace • Scope • Features • Tech overview and Demo The role of the Cloud The Future of APIs • Complying with regulation • Monetizing data / APIs • Business models • Time to market One platform for all: a Strategic approach Q&A

Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...

Amazon Web Services

Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc. AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta. Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.

OpsWorks Configuration Management: automatizza la gestione e i deployment del...

Amazon Web Services

Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity. AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet. Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads

Amazon Web Services

Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.

Computer Vision con AWS

Amazon Web Services

Database Oracle e VMware Cloud on AWS i miti da sfatare

Amazon Web Services

Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti. Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi. La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.

Crea la tua prima serverless ledger-based app con QLDB e NodeJS

Amazon Web Services

Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti. Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire. Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito. In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.

API moderne real-time per applicazioni mobili e web

Amazon Web Services

Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline. Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.

Database Oracle e VMware Cloud™ on AWS: i miti da sfatare

Amazon Web Services

Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi. La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali. In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.

Tools for building your MVP on AWS

Amazon Web Services

1) The document discusses building a minimum viable product (MVP) using Amazon Web Services (AWS). 2) It provides an example of an MVP for an omni-channel messenger platform that was built from 2017 to connect ecommerce stores to customers via web chat, Facebook Messenger, WhatsApp, and other channels. 3) The founder discusses how they started with an MVP in 2017 with 200 ecommerce stores in Hong Kong and Taiwan, and have since expanded to over 5000 clients across Southeast Asia using AWS for scaling.

How to Build a Winning Pitch Deck

Amazon Web Services

This document discusses pitch decks and fundraising materials. It explains that venture capitalists will typically spend only 3 minutes and 44 seconds reviewing a pitch deck. Therefore, the deck needs to tell a compelling story to grab their attention. It also provides tips on tailoring different types of decks for different purposes, such as creating a concise 1-2 page teaser, a presentation deck for pitching in-person, and a more detailed read-only or fundraising deck. The document stresses the importance of including key information like the problem, solution, product, traction, market size, plans, team, and ask.

Building a web application without servers

Amazon Web Services

This document discusses building serverless web applications using AWS services like API Gateway, Lambda, DynamoDB, S3 and Amplify. It provides an overview of each service and how they can work together to create a scalable, secure and cost-effective serverless application stack without having to manage servers or infrastructure. Key services covered include API Gateway for hosting APIs, Lambda for backend logic, DynamoDB for database needs, S3 for static content, and Amplify for frontend hosting and continuous deployment.

Fundraising Essentials

Amazon Web Services

This document provides tips for fundraising from startup founders Roland Yau and Sze Lok Chan. It discusses generating competition to create urgency for investors, fundraising in parallel rather than sequentially, having a clear fundraising narrative focused on what you do and why it's compelling, and prioritizing relationships with people over firms. It also notes how the pandemic has changed fundraising, with examples of deals done virtually during this time. The tips emphasize being fully prepared before fundraising and cultivating connections with investors in advance.

AWS_HK_StartupDay_Building Interactive websites while automating for efficien...

Amazon Web Services

This document discusses Amazon's machine learning services for building conversational interfaces and extracting insights from unstructured text and audio. It describes Amazon Lex for creating chatbots, Amazon Comprehend for natural language processing tasks like entity extraction and sentiment analysis, and how they can be used together for applications like intelligent call centers and content analysis. Pre-trained APIs simplify adding machine learning to apps without requiring ML expertise.

Introduzione a Amazon Elastic Container Service

Amazon Web Services

Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...

Big Data per le Startup: come creare applicazioni Big Data in modalità Server...

Esegui pod serverless con Amazon EKS e AWS Fargate

Costruire Applicazioni Moderne con AWS

Come spendere fino al 90% in meno con i container e le istanze spot

Open banking as a service

Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...

OpsWorks Configuration Management: automatizza la gestione e i deployment del...

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads

Computer Vision con AWS

Database Oracle e VMware Cloud on AWS i miti da sfatare

Crea la tua prima serverless ledger-based app con QLDB e NodeJS

API moderne real-time per applicazioni mobili e web

Database Oracle e VMware Cloud™ on AWS: i miti da sfatare

Tools for building your MVP on AWS

How to Build a Winning Pitch Deck

Building a web application without servers

Fundraising Essentials

AWS_HK_StartupDay_Building Interactive websites while automating for efficien...

Introduzione a Amazon Elastic Container Service

Estate and Patch Management Infrastructure and Operations as Code

1. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Brian Carlson Operational Excellence Lead, Well-Architected Estate and Patch Management Infrastructure and Operations as Code

2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What is the Operational Excellence Pillar? “The operational excellence pillar includes the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures. The operational excellence pillar provides an overview of design principles, best practices, and questions.”

3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Design Principles • Perform operations as code • Annotated documentation • Make frequent, small, reversible changes • Refine operations procedures frequently • Anticipate failure • Learn from all operational failures

5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. How do you design your workload to enable operability? • Shared design standards • Design for cloud operations • Mitigate deployment risks PREPARE

6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. How do you know that you are ready to support a workload? • Documented accessible governance and guidance • Runbooks PREPARE

8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Why are we here? The increased speed and agility of the cloud is best supported using the same engineering discipline and practices that you apply to code. Dynamic and elastic access to resources increases the speed and agility of your organization and benefits from equally dynamic operations.

10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Requirements 1. Your own device for console access 2. An AWS account that you are able to use for testing, that is not used for production or other purposes. 3. An available region within your account with capacity to add 2 additional VPCs 4. Download the Lab Guide at https://bit.ly/2rnSUdi https://s3-us-west-2.amazonaws.com/aws-well-architected-labs/Operations/100+- +Estate+&+Patch+management+Lab+guide.html Amazon VPC*

11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Lab Setup 1. Create an Administrator IAM user and group 2. Log in with your IAM Administrator user 3. Create an EC2 Key Pair IAM Amazon EC2

13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Deploy the lab environment 1. Deploy the Lab CloudFormation template https://s3-us-west-2.amazonaws.com/aws-well-architected- labs/Operations/OE_Single_VPC+_2-Tier_Application_Lab.json 2. Examine the environment in CloudFormation Designer 3. Deploy your stack template AWS CloudFormation stack

15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Understanding the Resources in your Environment 1. Set up Systems Manager 2. Create a second CloudFormation stack 2. Track your resources using Inventory 3. Review associations with State Manager Amazon EC2 Systems Manager stack Inventory State Manager

18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Patch Management 1. Create a Patch Baseline 2. Assign a Patch Group 3. Scan your instances 4. Patch your instances Patch Manager documents

20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Removing lab resources 1. Delete your CloudFormation stacks 2. Delete your State Manager association If you created a… • S3 bucket, delete it • SNS Topic, delete it • Maintenance window, delete it If you don’t plan to use your Administrator user, delete it If you do plan to use your Administrator user, we recommend you enable MFA stack Maintenance Windows bucket State Manager IAM topic

25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Automating Patching with Maintenance Windows 1. Set up Maintenance Windows 2. Create a Patch Maintenance Window 3. Assign Targets 4. Assign Tasks 5. After the maintenance window review the results Maintenance Windows Patch Manager Amazon EC2

Estate and Patch Management Infrastructure and Operations as Code

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Estate and Patch Management Infrastructure and Operations as Code

Similar to Estate and Patch Management Infrastructure and Operations as Code (20)

More from Amazon Web Services

More from Amazon Web Services (20)

Estate and Patch Management Infrastructure and Operations as Code