Raleigh DevDay 2017: Deep Dive on AWS Management Tools

© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Shashi Prabhakar

Solutions Architect

Aug 1, 2017

AWS Management Tools Deep Dive

Take control over your cloud environment

AWS Management Tools

• Why did we build AWS Management Tools

• What is AWS Management Tools

• Capabilities you need

• Q&A

The challenge

Agility

Control

Visibility

Growth Complexity Cloud

What do you need?

Control over your cloud environment

Provision

resources

Gain

insights

Monitor

and

optimize

AWS Management Tools capabilities

Model and

automate

Gain visibility

Respond to

changes

Optimize

Integrate

Control

Model your cloud with AWS CloudFormation

Template CloudFormation Stack

JSON/YAML formatted file

Parameter definition

Resource creation

Configuration actions

Configured AWS services

Comprehensive service support

Service event aware

Customizable

Framework

Stack creation

Stack updates

Error detection and rollback

• CloudFormation gives developers and systems administrators an easy way

to create and manage a collection of related AWS resources, provisioning

and updating them in an orderly and predictable fashion

AWS CloudFormation key benefits

Infrastructure as Code

Declarative and Flexible

Easy to Use

Supports a Wide Range

of AWS Resources

New Feature Launch: StackSets

What are StackSets?

Allow creation of a common set of AWS resources

across accounts and regions

Provide a container for a collection of AWS

CloudFormation stacks

Stack 2 : A2, us-west1

Stack 3 : A3, us-west -1

Stack 4: A 4, us-west-1

Stack 5: A5, us-west-1

Stack 1: A1, us-west-1

Functionality?

Provisioning multiple accounts with identical AWS

resources

• Set up AWS KMS keys

• Enable AWS CloudTrail

• Standardize Amazon VPCs with peering connections

• Set up common ingress rules

BCDR solutions across multiple regions

• Configure Amazon S3 bucket replication

• Provision Amazon RDS read replicas

Create catalogs of approved resources with

AWS Service Catalog

• AWS Service Catalog allows organizations to create and manage catalogs

of IT services.

• It enables users to quickly deploy the approved IT services they need in a

self-service manner without access to the underlying services in AWS.

Organizations Developers

Control

Standardization

Governance

Agility

Self-service

Time to market

AWS Service Catalog key benefits

Ensure Compliance with Corporate Standards

Help Employees Quickly Find and Deploy Approved IT Services

Centrally Manage IT Service Lifecycle

Demo: Service Catalog

Automate configuration with Amazon EC2

Systems Manager

• Enables automated configuration

• Supports ongoing management of systems at scale

• Works across all of your Windows and Linux workloads

• Runs in Amazon EC2 or on-premises

• Carries no additional charge to use

Amazon EC2 Systems Manager key benefits

Support for hybrid

Architecture

Easy to Use

Automation

Improve Visibility

and Control

Maintain Software

Compliance

Reduce Costs Secure Role-Based

Management

Amazon EC2 Systems Manager capabilities

State Manager Maintenance WindowInventory

Automation Parameter Store

Run Command

Patch manager

Demo: EC2 SSM

AWS OpsWorks

Automate configuration with AWS OpsWorks

for Chef Automate

• Managed Chef Server and Chef Automate

• Suite of automation tools that give you workflow automation for

continuous deployment, automated testing for compliance and

security with Chef

What is Chef?

• Configuration Management Software

• Recipes and Cookbooks

• Chef development kit and toolset

• Community

Commercial offering from Chef Software

Suite of tools built on top of Chef Configuration Management

• Continuous Deployment Pipeline

• Automated compliance testing

• Visibility

What is Chef Automate?

AWS OpsWorks for Chef Automate key benefits

Fully Managed

Chef Server

Programmable Infrastructure Scaling Made Easy

Support from

Active Chef Community

Secure Simple to Manage

Hybrid Environments

Gain visibility with AWS Config

• Get inventory of all your AWS resources

• Discover resources that exist in your account and capture configurations

• Provide rules to ensure resource configurations conform to your internal

best practices and guidelines

AWS Config key benefits

• Enables you to assess, audit, and evaluate the configurations of your AWS resources

• Continuously monitors and records your AWS resource configurations

• Allows you to automate the evaluation of recorded configurations against desired

configurations with Config rules

Continuous Monitoring

Change Management

Continuous Assessment

Operational Troubleshooting

Benefits

AWS Config advanced features

Configurable and Customizable Rules

Configuration History of AWS Resources

• Ensure that all EC2 instances in your cloud infrastructure use AMIs from an

approved list

• Identify managed EC2 instances that are running software packages and

applications that are on the blacklist

• Identify EC2 instances of a specific type or size

• Identify EC2 volumes that are not encrypted.

New Feature Launch: AWS Config Dashboard

An overview of your resources and their compliance with AWS Config rules

Demo: AWS Config + Config Rules

Gain visibility with AWS CloudTrail

• Increase visibility into your user and resource activity

• Discover and troubleshoot security and operational issues by capturing a

comprehensive history of changes that occurred in your AWS account

• Simplify your compliance audits by automatically recording and storing

activity logs for your AWS account

AWS CloudTrail key benefits

• Allows you to log, continuously monitor, and retain events related to API calls across your

AWS infrastructure

• Provides a history of AWS API calls for your account, including API calls made through the

AWS Management Console, AWS SDKs, command line tools, and other AWS services

Simplified Compliance

Security Analysis and

Troubleshooting

Visibility Into User and

Resource Activity

Security Automation

Benefits

Respond to changes with AWS CloudWatch

• Monitoring service for AWS cloud resources and the applications you

run on AWS.

• You can use Amazon CloudWatch to collect and track metrics, collect

and monitor log files, set alarms, and automatically react to changes

in your AWS resources.

AWS CloudWatch key benefits

Monitor Amazon

EC2

Monitor Other

AWS Resources

Monitor Custom

Metrics

Monitor and Store

Logs

Set Alarms View Graphs and

Statistics

Demo: CloudTrail

Optimize with AWS Trusted Advisor

• Get insight into how and

where you can get the most

impact for your AWS spend

• Find opportunities to reduce

your monthly spend and

retain or increase productivity

• Receive guidance on getting

the optimal performance and

availability based on your

requirements

Demo: Trusted Advisor

Integrate with 3rd party tools

AWS Management Tools capabilities

Control

AWS CloudFormation

AWS Service Catalog

EC2 Systems Manager

AWS OpsWorks

AWS Config

AWS CloudTrail

Amazon CloudWatch

AWS Trusted Advisor

Model and

automate

Gain visibility

Respond to

changes

Optimize

Integrate

Where to find AWS Management Tools?

Playbook: AWS Management

CreationCompliant Provisioning, Governance

AWS CloudFormation: Infrastructure as

Code

VerificationMonitoring and Alerting

AWS Config, ConfigRules

AWS CloudTrail

ValidationAuditing

Trusted Advisor/Security

Advisor

AWS CloudTrail,

ConfigRules

- Shifts ownership of dependencies to

developers

- Creates consistency

- Software defined

infrastructure

- Codifies corporate policies

- Identify non-compliant

configuration changes

- Baseline for best practices

-Wide net of best practices

Custom resource support

Governance Export to 3rd party or ELK

based set up for analysis

Reduce risk by catching

common errors:

- Unused instances

- Open firewalls

Co

re

Fu

ncti

on

Key

Ben

efi

t

Po

we

r

Usa

ge

Q&A