Is there such a thing as too much data, too many tools, too many alerts and too many tasks? To really take your IT operations to the next level to maximise your business innovation you need to embrace automation, operational analytics, and take advantage of a software defined IT infrastructure.
This advanced technical session continues its theme of the last 5 years and takes you through real world customer tips and tricks, including demos. We will dive into topics such as server and event driven computing, automated security and compliance, managed management tools and even Machine Learning to help you supercharge your IT operations with AWS.
Speaker: Dean Samuels, Solutions Architect Manager
9. Centralised Logging
Kibana Client
virtual private cloud
Availability Zone 1
Availability Zone 2
Elastic Load
Balancing
flow logs
security group
proxy
server
proxy
server
web
server
app
server
Instance with
CloudWatch
Logs/Inspector agent
Instance with
CloudWatch
Logs/Inspector agent
Amazon
Elasticsearch
Service
AWS
Lambda
Amazon
CloudWatch
Amazon S3
bucket
AWS
CloudTrail
On-premise
infrastructure
13. Automated Infrastructure Management
Amazon
CloudWatch
Lambda
function
alarm
SNS Topic
administrators
Amazon EBS
Tags::
resize=true
instance with custom
metrics and EC2
Systems Manager
agents
Tags::
backup=true
EC2 Systems Manager
run-command
gp2
1TB
Amazon
EC2
Dynamic Resize
and/or
Change Volume Type
Notify administratorsLaunch Lambda Function
publishgenerate alarmput metrics
io1
2TB
14. Dynamic DNS
Amazon
Route 53
Private
Hosted
Zone
Auto Scaling group Notice No Internet/NAT required!
AWS
Lambda
Amazon
CloudWatch
Event
Tags:
ZONE=ddnslambda.com
CNAME=svr1.ddnslambda.com
Tags:
ZONE=ddnslambda.com
CNAME=asg-svr##.ddnslambda.com
Tags:
ZONE=ddnslambda.com
CNAME=tst1.ddnslambda.com
Tags:
ZONE=ddnslambda.com
CNAME=svr4.ddnslambda.com Tags:
ZONE=ddnslambda.com
CNAME=svr7.ddnslambda.com
Amazon
DynamoDB
Direct ConnectVPN Gateway
DNS Client DNS Forwarder
AWS Directory ServiceAWS Directory Service
Similar concept can be applied to ECS
15. Security Automation – AWS WAF Rules
valid users
attackers
Amazon
CloudFront
AWS WAF
Amazon S3
bucket
Amazon API
Gateway
AWS Lambda
Access Handler
AWS Lambda
Log Parser
AWS Lambda
IP Lists Parser
Amazon
CloudWatch
event
web application resources
application requests
(static & dynamic)
new access log files
requests to the
honeypot endpoint
hourly
third-party IP
reputation lists
Bad bot and scraper
protection
SQL injection protection
Cross-site scripting
protection
HTTP flood, scanner and
probe protection
IP address
whitelist/blacklist
known-attacker protection
×
16. Security Automation with Machine Learning
valid users
attackers
AWS WAF DGA Protection
×Amazon
CloudFront
Amazon
Kinesis
Access Log
Bucket
AML Result
AML Batch
payload bucket
Log Parser
Feature
Engineering
AML Caller
Rule Updater
(String matching)
AML
DGAProtection
Other Web
Apps
20. Transit VPC
• Move the 2x EC2 instances to the
‘hub’ – make them CGWs
• Use the VGW in the ‘spokes’ –
single route table target
• CloudHub on a detached VGW –
takes DX private VIF or VPN and
re-advertises routes in both
directions