To help manage the risk of downtime, AWS Support offers tools, such as Personal Health Dashboard (PHD) and Trusted Advisor (TA), that enable you to monitor your environments and automate actions for compliance with best practices. In this session, we review how AWS Support tools monitor your resources, provide alerts for issues, and automate best practice recommendations and remediation. We also showcase the integration of these tools with Alexa for Business to make it easier to access information about your AWS environment just by asking Alexa. Join us to see how you can optimize your AWS environment and reduce risk by implementing automation of AWS best practice recommendations from with AWS Support tools. Bring your own laptop.

2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Optimize Performance and Reduce Risk Using
AWS Support Tools
Stephen Salim
Solutions Architect
Amazon Web Services
E N T 3 1 6 - R
Ramanuja (Ram) Atur
Sr. Product Manager
Amazon Web Services

3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Agenda
Introduction to AWS Trusted Advisor
Learn how to automatically optimize your AWS environment based on
Trusted Advisor best practice recommendations
Introduction to AWS Health and AWS Personal Health Dashboard
Learn how to automate actions and customize AWS Health alerts using
Amazon CloudWatch Events and other AWS services

4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Workshop repeats
Tuesday, Nov 27
Optimize Performance and Reduce Risk Using AWS Support Tools - ENT316-R1
11:30 AM – 1:45 PM | Mirage, Mirage Event Center C3

5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Related builders sessions
Tuesday, November 27
Build Automated Actions Using AWS Support Tools
8:30AM – 9:30AM | Mirage, Grand Ballroom D, Table 2
Tuesday, November 27
Build Automated Actions Using AWS Support Tools
1:00PM – 2:00PM | Aria West, Level 3, Starvine 10, Table 5
Wednesday, November 28
Build Automated Actions Using AWS Support Tools
5:30PM – 6:30PM | Mirage, Grand Ballroom B, Table 3
Thursday, November 29
Build Automated Actions Using AWS Support Tools
1:00PM – 2:00PM | Aria West, Level 3, Starvine 10, Table 1

6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Complexity brings challenges / risks
This is heavy…
• Unexpected bills and unused resources
• Service disruption, events and maintenance
• Lack of fault-tolerance
• Security vulnerabilities
• Performance gaps
• Lots of heavy lifting for monitoring resources and implementing best practices

8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Trusted Advisor
• Taking away the heavy lifting of monitoring best practices
• Trusted Advisor provides best practices (or checks)
Red (action recommended)
Yellow (investigation recommended)
Green (no problem detected)

9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What else is coming in Trusted Advisor?

10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
How to automate optimization of your AWS
environment?
Amazon
CloudWatch
AWS Trusted
Advisor
Amazon
EC2
AWS
Lambda
Amazon
Kinesis
AWS Step
FunctionsAmazon ECS
AWS Batch
AWS
CodePipeline
AWS
CodeBuild
Amazon
SQS
Amazon
SNS
Amazon EC2
Systems
Manager

11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon CloudWatch Events
Amazon
CloudWatch
Amazon
EC2
AWS
Lambda
Amazon
Kinesis
AWS Step
FunctionsAmazon ECS
AWS Batch
AWS
CodePipeline
AWS
CodeBuild
Amazon
SQS
Amazon
SNS
Amazon EC2
Systems
Managerrule

12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Lambda
AWS
Lambda

13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Systems Manager
AWS
Systems
Manager
State ManagerMaintenance
Windows
InventoryAutomation documents
Parameter
Store
Run
Command
Patch
Manager

14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon SNS
Amazon
SNS

15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Automation best practices
Define context
Principle of least privilege
Think event driven
Think serverless

16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon EC2 instances overutilized
Amazon EC2

18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Resize EC2 instance type (with approval)
ResizeAutomation
When an EC2 instance is reported to be overutilized, trigger an SSM Automation
Document to request approval to resize the instance to a larger instance type

19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Download the GitHub repositories
https://github.com/aws/Trusted-Advisor-Tools/
https://github.com/aws/aws-health-tools

20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
GitHub repository link for Scenario 1
https://github.com/aws/Trusted-Advisor-
Tools/tree/master/HighUtilizationEC2Instances

21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Health and Personal Health Dashboard
Visibility and transparency
into your resources
Custom notifications and
automated actions
Remediation guidance
and knowledge articles
AWS Health Amazon
CloudWatch
Events

23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Service Health Dashboard
• Generic
• Updates are not fast enough to
help troubleshooting

24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Get started with AWS Health
• Increased transparency into underlying infrastructure
• AWS Health API for easy integration
• Integration for notifications and automated actions
x

25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Personal Health
Dashboard
Health API
Amazon
CloudWatch
Events
Amazon
Elasticsearch
How does AWS Health work?
AWS
Health

26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
New: PagerDuty integration with AWS Health
• Escalation policies
• Executive
communication
• Priority and urgency
for engagement
• Correlation
• Aggregation
26
Rule

27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
How does automation work?
Amazon
CloudWatch
AWS Health
Amazon
EC2
AWS
Lambda
Amazon
Kinesis
AWS Step
FunctionsAmazon ECS
AWS Batch
AWS
CodePipeline
AWS
CodeBuild
Amazon
SQS
Amazon
SNS
Amazon EC2
Systems
Manager

28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What else is coming in AWS Health?
• Content improvements in the form of more event types
• Automation to reduce time to first post events to AWS Health
• Personalization improvements to provide resource-specific impact
• Customer-defined logical grouping of events
• Multi-account and resource group views
• Expand automation toolkit in the AWS Health GitHub repository
• More AWS Partner integrations

29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Health abuse events
Programmatically capture Abuse events to notify relevant parties and
take automation action for following types in AWS Health:
• Sending email spam
• Spamming online forums or other websites
• Hosting a site advertised in spam
• Excessive web crawling
• Intrusion attempts (e.g., SSH or FTP)
• Exploit attacks (e.g., SQL injections)
• Hosting unlicensed copyright-protected material
• Phishing website
• Website hosting viruses/malware
• Credit card fraud
• Open proxy
• Port scanning
• IRC botnet activity
https://aws.amazon.com/blogs/mt/automating-processes-for-handling-and-
remediating-aws-abuse-alerts/

31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Health DoS abuse report automation
When Denial of Service incidents are reported for resources in AWS account, AWS
Health notifies you of them. You can notify relevant teams about the incident and
take automated actions, such as stopping/terminating problematic EC2 instances.
EC2 Instances

32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
GitHub repository link for Scenario 2
https://github.com/aws/aws-health-tools/tree/master/dos-report-
notifier/stepbystep

33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

34. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon EBS lost volume recovery automation
When an EBS volume is reported as lost by AWS Health, you can automatically
recover the affected EC2 instance from a recent Amazon Machine Image backup

35. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
GitHub repository link for Scenario 3
https://github.com/aws/aws-health-tools/tree/master/automated-
actions/AWS_EBS_VOLUME_LOST/stepbystep

36. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Conclusion
You can leverage Trusted Advisor and AWS Health to automate best
practices and operational health
The samples in the following open-source repos make it easy:
https://github.com/aws/Trusted-Advisor-Tools/
https://github.com/aws/aws-health-tools

37. Thank you!
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Stephen Salim
sssalim@amazon.com
Ramanuja (Ram) Atur
atur@amazon.com

38. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.