raleigh devday 2017: deep dive on aws management tools
TRANSCRIPT
![Page 1: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/1.jpg)
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Shashi Prabhakar
Solutions Architect
Aug 1, 2017
AWS Management Tools Deep Dive
Take control over your cloud environment
![Page 2: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/2.jpg)
AWS Management Tools
• Why did we build AWS Management Tools
• What is AWS Management Tools
• Capabilities you need
• Q&A
![Page 3: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/3.jpg)
The challenge
Agility
Control
Visibility
Growth Complexity Cloud
![Page 4: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/4.jpg)
What do you need?
Control over your cloud environment
Provision
resources
Gain
insights
Monitor
and
optimize
![Page 5: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/5.jpg)
AWS Management Tools capabilities
Model and
automate
Gain visibility
Respond to
changes
Optimize
Integrate
Control
![Page 6: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/6.jpg)
Model your cloud with AWS CloudFormation
Template CloudFormation Stack
JSON/YAML formatted file
Parameter definition
Resource creation
Configuration actions
Configured AWS services
Comprehensive service support
Service event aware
Customizable
Framework
Stack creation
Stack updates
Error detection and rollback
• CloudFormation gives developers and systems administrators an easy way
to create and manage a collection of related AWS resources, provisioning
and updating them in an orderly and predictable fashion
![Page 7: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/7.jpg)
AWS CloudFormation key benefits
Infrastructure as Code
Declarative and Flexible
Easy to Use
Supports a Wide Range
of AWS Resources
![Page 8: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/8.jpg)
New Feature Launch: StackSets
![Page 9: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/9.jpg)
What are StackSets?
Allow creation of a common set of AWS resources
across accounts and regions
Provide a container for a collection of AWS
CloudFormation stacks
Stack 2 : A2, us-west1
Stack 3 : A3, us-west -1
Stack 4: A 4, us-west-1
Stack 5: A5, us-west-1
Stack 1: A1, us-west-1
![Page 10: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/10.jpg)
Functionality?
Provisioning multiple accounts with identical AWS
resources
• Set up AWS KMS keys
• Enable AWS CloudTrail
• Standardize Amazon VPCs with peering connections
• Set up common ingress rules
BCDR solutions across multiple regions
• Configure Amazon S3 bucket replication
• Provision Amazon RDS read replicas
![Page 11: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/11.jpg)
Create catalogs of approved resources with
AWS Service Catalog
• AWS Service Catalog allows organizations to create and manage catalogs
of IT services.
• It enables users to quickly deploy the approved IT services they need in a
self-service manner without access to the underlying services in AWS.
Organizations Developers
Control
Standardization
Governance
Agility
Self-service
Time to market
![Page 12: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/12.jpg)
AWS Service Catalog key benefits
Ensure Compliance with Corporate Standards
Help Employees Quickly Find and Deploy Approved IT Services
Centrally Manage IT Service Lifecycle
![Page 13: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/13.jpg)
Demo: Service Catalog
![Page 14: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/14.jpg)
Automate configuration with Amazon EC2
Systems Manager
• Enables automated configuration
• Supports ongoing management of systems at scale
• Works across all of your Windows and Linux workloads
• Runs in Amazon EC2 or on-premises
• Carries no additional charge to use
![Page 15: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/15.jpg)
Amazon EC2 Systems Manager key benefits
Support for hybrid
Architecture
Easy to Use
Automation
Improve Visibility
and Control
Maintain Software
Compliance
Reduce Costs Secure Role-Based
Management
![Page 16: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/16.jpg)
Amazon EC2 Systems Manager capabilities
State Manager Maintenance WindowInventory
Automation Parameter Store
Run Command
Patch manager
![Page 17: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/17.jpg)
Demo: EC2 SSM
![Page 18: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/18.jpg)
AWS OpsWorks
Automate configuration with AWS OpsWorks
for Chef Automate
• Managed Chef Server and Chef Automate
• Suite of automation tools that give you workflow automation for
continuous deployment, automated testing for compliance and
security with Chef
![Page 19: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/19.jpg)
What is Chef?
• Configuration Management Software
• Recipes and Cookbooks
• Chef development kit and toolset
• Community
![Page 20: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/20.jpg)
Commercial offering from Chef Software
Suite of tools built on top of Chef Configuration Management
• Continuous Deployment Pipeline
• Automated compliance testing
• Visibility
What is Chef Automate?
![Page 21: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/21.jpg)
AWS OpsWorks for Chef Automate key benefits
Fully Managed
Chef Server
Programmable Infrastructure Scaling Made Easy
Support from
Active Chef Community
Secure Simple to Manage
Hybrid Environments
![Page 22: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/22.jpg)
Gain visibility with AWS Config
• Get inventory of all your AWS resources
• Discover resources that exist in your account and capture configurations
• Provide rules to ensure resource configurations conform to your internal
best practices and guidelines
![Page 23: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/23.jpg)
AWS Config key benefits
• Enables you to assess, audit, and evaluate the configurations of your AWS resources
• Continuously monitors and records your AWS resource configurations
• Allows you to automate the evaluation of recorded configurations against desired
configurations with Config rules
Continuous Monitoring
Change Management
Continuous Assessment
Operational Troubleshooting
Benefits
![Page 24: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/24.jpg)
AWS Config advanced features
Configurable and Customizable Rules
Configuration History of AWS Resources
• Ensure that all EC2 instances in your cloud infrastructure use AMIs from an
approved list
• Identify managed EC2 instances that are running software packages and
applications that are on the blacklist
• Identify EC2 instances of a specific type or size
• Identify EC2 volumes that are not encrypted.
![Page 25: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/25.jpg)
New Feature Launch: AWS Config Dashboard
An overview of your resources and their compliance with AWS Config rules
![Page 26: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/26.jpg)
Demo: AWS Config + Config Rules
![Page 27: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/27.jpg)
Gain visibility with AWS CloudTrail
• Increase visibility into your user and resource activity
• Discover and troubleshoot security and operational issues by capturing a
comprehensive history of changes that occurred in your AWS account
• Simplify your compliance audits by automatically recording and storing
activity logs for your AWS account
![Page 28: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/28.jpg)
AWS CloudTrail key benefits
• Allows you to log, continuously monitor, and retain events related to API calls across your
AWS infrastructure
• Provides a history of AWS API calls for your account, including API calls made through the
AWS Management Console, AWS SDKs, command line tools, and other AWS services
Simplified Compliance
Security Analysis and
Troubleshooting
Visibility Into User and
Resource Activity
Security Automation
Benefits
![Page 29: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/29.jpg)
Respond to changes with AWS CloudWatch
• Monitoring service for AWS cloud resources and the applications you
run on AWS.
• You can use Amazon CloudWatch to collect and track metrics, collect
and monitor log files, set alarms, and automatically react to changes
in your AWS resources.
![Page 30: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/30.jpg)
AWS CloudWatch key benefits
Monitor Amazon
EC2
Monitor Other
AWS Resources
Monitor Custom
Metrics
Monitor and Store
Logs
Set Alarms View Graphs and
Statistics
![Page 31: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/31.jpg)
Demo: CloudTrail
![Page 32: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/32.jpg)
Optimize with AWS Trusted Advisor
• Get insight into how and
where you can get the most
impact for your AWS spend
• Find opportunities to reduce
your monthly spend and
retain or increase productivity
• Receive guidance on getting
the optimal performance and
availability based on your
requirements
![Page 33: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/33.jpg)
Demo: Trusted Advisor
![Page 34: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/34.jpg)
Integrate with 3rd party tools
![Page 35: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/35.jpg)
AWS Management Tools capabilities
Control
AWS CloudFormation
AWS Service Catalog
EC2 Systems Manager
AWS OpsWorks
AWS Config
AWS CloudTrail
Amazon CloudWatch
AWS Trusted Advisor
Model and
automate
Gain visibility
Respond to
changes
Optimize
Integrate
![Page 36: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/36.jpg)
Where to find AWS Management Tools?
![Page 37: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/37.jpg)
Playbook: AWS Management
CreationCompliant Provisioning, Governance
AWS CloudFormation: Infrastructure as
Code
VerificationMonitoring and Alerting
AWS Config, ConfigRules
AWS CloudTrail
ValidationAuditing
Trusted Advisor/Security
Advisor
AWS CloudTrail,
ConfigRules
- Shifts ownership of dependencies to
developers
- Creates consistency
- Software defined
infrastructure
- Codifies corporate policies
- Identify non-compliant
configuration changes
- Baseline for best practices
-Wide net of best practices
Custom resource support
Governance Export to 3rd party or ELK
based set up for analysis
Reduce risk by catching
common errors:
- Unused instances
- Open firewalls
Co
re
Fu
ncti
on
Key
Ben
efi
t
Po
we
r
Usa
ge
![Page 38: Raleigh DevDay 2017: Deep Dive on AWS Management Tools](https://reader033.vdocument.in/reader033/viewer/2022051404/5a648a1f7f8b9a31568b509b/html5/thumbnails/38.jpg)
Q&A