It can be challenging to optimize AWS resources across cost, performance, security and fault-tolerance, much less do it automatically. AWS Trusted Advisor is an online resource to help you do just that, by providing real time guidance to help you provision your resources following AWS best practices. In this session, we will go over how to safely automate these best practices using Amazon CloudWatch events and AWS Lambda along with samples for you to use. AWS Personal Health Dashboard (PHD) provides alerts and remediation guidance when AWS is experiencing events that may impact your AWS environment. The AWS Health API, the underlying service powering PHD integrates with Amazon CloudWatch Events, enabling you to trigger AWS Lambda functions to define automated remediation actions. We will also introduce you to AWS Health tools, a community-based source of tools to automate remediation actions and customize Health alerts. Come join us to see how you can implement automation of AWS best practice recommendations from Trusted Advisor and remediation from the AWS Health API on your AWS resources.

1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Tipu Qureshi, Principal Engineer, AWS Support
July 27, 2017
Automate Best Practices and Operational
Health for Your AWS Resources
with AWS Trusted Advisor and AWS Health

2. What to expect from this session:
• Learn about AWS Trusted Advisor best practices
• Get familiar with AWS Health and the Personal Health
Dashboard (PHD)
• Learn how to automate remediation actions and
customize Health alerts using AWS Lambda and
Amazon Cloudwatch events

3. What’s in your AWS accounts?

4. As you expand and change, entropy starts increasing

5. Too much complexity, it’s time to optimize!

6. So what is Trusted Advisor?
AWS Trusted Advisor (TA) provides best practices (or
checks) in four categories: cost optimization, security,
fault tolerance, and performance improvement.
Red (action recommended)
Yellow (investigation recommended)
Green (no problem detected)

7. AWS Trusted Advisor
Over 50 million recommendations
provided to AWS customers
resulted in $500M+ in cost savings
for users of Trusted Advisor

8. How does it work?

9. “We estimate an average 33 percent monthly savings on our total AWS spend.”
- Amit Vora, CTO for Hungama
How did Trusted Advisor help Hungama? It highlighted the
three following things:
• Underutilized EC2 Instances
• Amazon EC2 Reserved Instances
• Underutilized Amazon EBS Volumes
Case study – Hungama Digital Media

10. Let’s look at an example:
Low Utilization Amazon EC2 Instances
Warns when EC2 instances appear to be underused.
Alert Criteria
Yellow: An instance had 10% or less daily average CPU
utilization and 5 MB or less network I/O on at least 4 of the
previous 14 days.
Recommended Action
Consider stopping or terminating instances that have low
utilization.

11. Building Automation

12. Using Trusted Advisor as a web service
Poll a Trusted Advisor check for status changes
Request a Trusted Advisor check result
describeTrustedAdvisorCheckResult(checkResultRequest);
DescribeTrustedAdvisorCheckRefreshStatusesResult
.withCheckIds(java.util.Arrays.asList(checkId)));

13. Building automation
AWS Trusted
Advisor
AWS
Lambda
Actions on AWS resources
Amazon
Cloudwatch
events
Notifications

14. With (not so) great automation come great risks
Production databases/instances could be considered idle.
- Low traffic period.
- Different system resource (e.g., memory) might be in
use.

15. Automation setup – safety first!
Tag resources subject to TA optimization
actions.
Create an IAM policy and role for the
Lambda function to use.
Setup up a Cloudwatch event rule to trigger
the Lambda function.
Setup the Lambda function to take actions
recommended by Trusted Advisor.

16. Show Me the Money!

20. AWS Step Functions
AWS Step Functions
makes it easy to
coordinate the
components of
distributed applications
and microservices
using visual workflows.

21. Step Functions – coordinate microservices

22. Examples available in Github
https://github.com/aws/Trusted-Advisor-Tools
Trusted Advisor Best Practices
https://aws.amazon.com/premiumsupport/trustedadvisor/best-practices/

23. AWS Health and Personal Health
Dashboard (PHD)
AWS service health, notifications, and automation

24. PHD
Amazon
CloudWatch
Events
AWS Health and Personal Health Dashboard
Visibility and transparency
into your resources
Custom notifications and
automated actions
Remediation guidance
and knowledge articles

25. AWS Personal Health Dashboard

26. Increased transparency and visibility:
- Service Health Dashboard too generic
- Increased transparency into underlying infrastructure
- Remediation guidance for faster time-to-resolution
- AWS Health API for easy integration
- Custom notifications with predictable delivery
- Automated actions for auto-remediation

27. How does the Personal Health
Dashboard work?

28. AWS Services and
resources you use
Personal Health
Dashboard
• describe-events
• describe-event-details
• describe-affected-entities
• …
API
• Set Rules to extract events of
interest
• Set Targets for rules (Amazon
SNS, Amazon SQS, AWS
Lambda, Amazon Kinesis)
Push notifications
through
CloudWatch
Events
Health
Service
In-house or
third-party
monitoring
and event
management
systems

29. Getting started with the Personal Health Dashboard
- From AWS Service Health Dashboard
- From AWS website
- From AWS Management Console navigation bar alert

30. Tools
• Automated actions in response to AWS Health events
• Open source, community driven
• Customized alerts in response to AWS Health events

31. How does it work?

32. AWS Health Slack Notifier
This tool can be used to post alerts to a Slack channel
when AWS Health events are generated by using AWS
Lambda and Amazon CloudWatch Events.

34. Slack setup

38. Stop or terminate EC2 instances with Instance
Store Drive Performance Degraded event:
The AWS Health AWS EC2 INSTANCE STORE DRIVE PERFORMANCE
DEGRADED event highlights that EC2 has detected a performance degradation of
one or more physical storage drives that backs the instance store volumes

40. Test by invoking the Lambda function:

41. AWS Health Issue: Amazon Cloudwatch event
trigger AWS CodePipeline disable stage
transition using AWS Lambda
You can automatically stop a deployment when an Amazon
EC2 issue occurs by disabling the stage transition in AWS
Code Pipeline in response to an AWS Health Issue
CloudWatch event.

42. Pause deployments when an
issue occurs.

46. AWS CodePipeline stage transition disabled:

47. Amazon EC2 Systems Manager
A set of capabilities that...
...enable automated configuration...
...and ongoing management of systems at scale...
...across all of your Windows and Linux workloads...
...running in Amazon EC2 or on-premises…
...at no charge; only pay for AWS resources you manage

48. Amazon EC2 Systems Manager
Run Command State Manager Inventory Maintenance Window
Patch Manager Automation Parameter Store

49. Conclusion
You can leverage AWS Trusted Advisor and AWS Health to
automate best practices and operational health.
The samples in the following open-source repos make it
easy:
https://github.com/aws/aws-health-tools
https://github.com/aws/Trusted-Advisor-Tools/

50. Thank you!
Questions