aws systems manager · aws management & governance monitor resources and applications optimize...
TRANSCRIPT
© 2019, Amazon Web Services, Inc. or its Affiliates. © 2019, Amazon Web Services, Inc. or its Affiliates.
Siavash Irani
AWS Systems ManagerGain operational insights and take action
April 2020
© 2019, Amazon Web Services, Inc. or its Affiliates.
Management & Governance
Optimize
Analyze and reduce cost, improve efficiency and security posture
Act
Take operational action on resources
Audit
Audit resource configurations, user access, and policy enforcement
Monitor
Monitor resources and applications
© 2019, Amazon Web Services, Inc. or its Affiliates.
AWS Management & Governance
Monitor resources and applications
Optimize to reduce cost and improve security posture
Manage resources and take operational action
Audit user activity and resource configurations
Amazon CloudWatch
AWS Trusted AdvisorAWS Cost and Usage ReportAWS Cost Explorer
AWS Systems Manager
AWS CloudTrailAWS Config
© 2019, Amazon Web Services, Inc. or its Affiliates.
Cloud Management ChallengesManaging cloud and hybrid environments using a traditional toolset
is complex and costly
Traditional IT toolset not
built for cloud scale
infrastructure
Deploying multiple
products is a
significant overhead
Licensing costs
and complexity
Maintaining
enterprise-wide visibility
is challenging
© 2019, Amazon Web Services, Inc. or its Affiliates.
Customer Challenges
Operate safely and
securely at scale
Map resources to
applications and
environments
Diverse set of tools
for managing hybrid
cloud
Complex licensing
and hard to manage
the management
infrastructure
Ability to build
custom solutions to
meet specific
business needs
© 2019, Amazon Web Services, Inc. or its Affiliates.
Extensible
Hybrid Compliance Open Source Cross-platform Extensible
Works in hybrid
and multi-cloud
environments
Use existing tools
like Ansible,
PowerShell DSC,
and InSpec for
configuration
and Compliance
SSM Agent is open-
sourced on GitHub
Windows and
Linux support
Extensible
capabilities to collect
custom inventory
from instances
© 2019, Amazon Web Services, Inc. or its Affiliates.
AWS Systems Manager Customers & Partners
© 2019, Amazon Web Services, Inc. or its Affiliates.
AWS Systems Manager Capabilities
Resource Groups
Run Command
Inventory
Patch Manager
Automation
Parameter Store
Maintenance Window
State Manager
Session Manager
Distributor OpsCenter
© 2019, Amazon Web Services, Inc. or its Affiliates.
Manage Resources at ScaleResource groups
Define the building blocks of
your application
Give a meaning to a collection
of AWS resources (as an app, env,
or business unit)
Group AWS resources based on
tags using a simple query
Save a search as a heterogeneous
group of (dynamic) resources
Interact with a group directly rather than
individual resources
© 2019, Amazon Web Services, Inc. or its Affiliates.
Compliance with Patch Manager
Corp Data Center
Individual instances
not grouped
Patch Group=WebServers
Patch Group=WebServers
Default Patch Baseline
for the OSWeb Server
Patch Baseline
Patch Manager
Maintenance
WindowCompliance Notifications!
© 2019, Amazon Web Services, Inc. or its Affiliates.
Compliance as Code
Author
Compliance checks in InSpec (human
readable, open-source DSL) on GitHub
Run Compliance scans
Using Run Command or periodic scans
using State Manager
View Compliance
On Compliance UI or APIs
© 2019, Amazon Web Services, Inc. or its Affiliates.
Secure remote configuration management
Availability Zone
Web security group
Private subnet
Accept traffic from SSM
WEB2
WEB1
AWS administrator
Corporate data center
AWS Systems Manager
S3 bucket SNS topic Amazon CloudWatch
metric
IAM policy
© 2019, Amazon Web Services, Inc. or its Affiliates.
Gain Insights FROM Instances
corp data center
Account 1
Account 2
Inventory
Amazon S3
Data Lake
Amazon
QuickSight
AWS
Config
Any BI
Tool!
© 2019, Amazon Web Services, Inc. or its Affiliates.
Easy to Use Automation
Run the automationRole and permissionInputAutomation
document
© 2019, Amazon Web Services, Inc. or its Affiliates.
Secrets and Config Data Management
Rotate
password
/app/test/db_password /app/prod/db_password
Dev Test Prod
App
Change notifications
(event-based)
notification
© 2019, Amazon Web Services, Inc. or its Affiliates.
Manage Configuration Drift
Instances
State manager
© 2019, Amazon Web Services, Inc. or its Affiliates.
Interactive Access to Instances with Session Manager
• Interactive browser-based shell and CLI for
EC2 instances
• No need to open inbound ports, manage
SSH keys or certs
• Grant/Revoke access from IAM
• Session auditing and logging
• Support for AWS PrivateLink
CloudTrailIAM
Shell or CLI
VPC1
EC2 instances
Auditing and LoggingAccess Control
© 2019, Amazon Web Services, Inc. or its Affiliates.
Distribute Software Packages
Supports
Installing with safety
Windows network drivers
CloudWatch metrics & logs
A single base agent to install and
manage custom software packages
Upload, share, and manage package
updates and upgrades
Install custom packages or AWS
agents
© 2019, Amazon Web Services, Inc. or its Affiliates.
Other Features
Integrated with AWS
services such as
IAM: granular RBAC
CloudTrail: audited actions
CloudWatch Events:
notification and remediation
Config: configuration history
Available in all AWS
regions including
GovCloud
Accessible through
AWS PrivateLink
SSM Agent is
installed on
AWS Windows
Server, Amazon
Linux and Ubuntu
AMIs
Systems Manager is
SOC, ISO and
PCI compliant,
HIPAA enabled
© 2019, Amazon Web Services, Inc. or its Affiliates.
Useful Links
AWS Management Tools Bloghttps://aws.amazon.com/blogs/mt/category/management-tools/amazon-ec2-systems-manager/
AWS Bloghttps://aws.amazon.com/blogs/aws/category/amazon-ec2-systems-manager/
Product Pagehttps://aws.amazon.com/systems-manager/
1
2
3
4
© 2019, Amazon Web Services, Inc. or its Affiliates.
Thank you!