This session dives deep into several patterns from the checklist and shows how to apply and extend these patterns to support the Hybrid Cloud using AWS services such as AWS Config, AWS Cloudtrail and AWS Cloudwatch. Practical examples will demonstrate how these services can be combined with other AWS tools such as the AWS CLI and PowerShell in order to maximize the benefit to your organisation.
5. “The cloud has become the new normal”
Andy Jassy : AWS Senior Vice President
“Everything’s changed, yet
nothing’s different”
AWS whitepaper: Architecting for the cloud: Best Practices
Revolutionising cloud operations
6. Agenda for today
• Common “Cloud” Conversations
• Operational Checklist for AWS
• Demo 1 from Ops checklist (monitoring)
• Demo 2 from Ops checklist (auditing)
• Demo 3 from Ops checklist (config
management)
• Summary
7. Common Cloud Conversations
With AWS Partners: Services teams
My customers are demanding increased agility and
visibility in their contract. How do I move to a cloud
services business?
With AWS Customers: Operations teams
The developers in my business are using AWS to
deliver results fast, how can I use AWS to deliver
what the business wants from me equally fast?
10. Outcomes of these conversations
Transformation
DEVOPS
OLD NEW
Bi-Modal
Do more…
With more
11. Resources for AWS customers
• AWS Developer Guides
• AWS White Papers
• AWS Reference Architectures
• AWS Official Blog (Jeff Barr)
• Presentations from this summit
and re:Invent
• Operational Checklists for AWS
12. Operational Checklists for AWS
Tools to help Operations teams…
“Operational Checklists for AWS”
Basic Operations Checklist
Enterprise Operations Checklist
Auditing and Security Checklist
13. Demo #1 Monitoring and Incident Management
From the Enterprise Operations
Checklist
“Has your organization instrumented appropriate
monitoring tools and integrated your AWS resources
into its incident management processes?”
14. Monitoring & Incident Management (CloudWatch)
What is Continuous Integration – Continuous Delivery
Waterfall: Deploy to production once a Quarter?
Agile Sprint : Deploy to production once a Month?
CI/CD: Deploy code to production once an Hour?!
Write Code +
check in
Automated
build
Automated
test
Automated
deploy
Live in
production
15. CI/CD deploy
into AWS
Capture
Activity with
AWS
CloudWatch
Monitor in
CloudWatch
dashboard
Alert and
report on that
activity
Monitoring & Incident Management (CloudWatch)
16. Monitoring & incident Management (CloudWatch)
Write Code
+ check in
Automated
build
Automated
test
Automated
deploy
Blue/Green
live in
production
17. CI/CD deploy
into AWS
Blue is production –
100% load
Green is standby –
0% load
Monitoring & incident Management (CloudWatch)
LIVE
PRODUCTION
18. CI/CD deploy
into AWS
CI/CD toolchain
deploys new code to
green
Monitoring & incident Management (CloudWatch)
LIVE
PRODUCTION
Blue is production –
100% load
Green is standby –
0% load
19. CI/CD deploy
into AWS
PaaS flips DNS
Green is production –
100% load
Blue is standby – 0% load
Monitoring & incident Management (CloudWatch)
LIVE
PRODUCTION
WHERE DID
THIS GO?
CI/CD toolchain deploys new
code to green
Blue is production – 100% load
Green is standby – 0% load
20. AWS CloudWatch:
• Monitoring service for AWS
• Collect and track metrics
• Collect and monitor log files
• Set alarms
Available in all public regions
5 minute resolution = No Additional Charge
1 minute resolution = $3.50 per month
Capture
Activity with
AWS
CloudWatch
Monitoring & incident Management (CloudWatch)
21. AWS CloudWatch dashboard
• View the information CloudWatch collects
• Draw graphs
• Set Thresholds
• Send Alerts
Available in all public regions
Typically $3/month for log storage on S3
Monitor that
in
Cloudwatch
dashboard
Monitoring & incident Management (CloudWatch)
22. Simple Notification Service
• Fully managed push messaging service
• Send individual messages
• Send bulk messages
• E-mail, txt, google, apple, winpho, fireOS
Available in all public regions
$1 to send 1,000,000 notifications
Alert and
report on that
Activity
Monitoring & incident Management (CloudWatch)
27. CI/CD deploy
into AWS
Everything is
an API call
Log
everything
with
CloudTrail
CloudTrail
and
CloudWatch
Logs
Security Logging and Monitoring (CloudTrail)
28. CI/CD deploy
into AWS
Who made these
changes?
When did they make
them?
On Whose Authority?
How is this recorded?
Security Logging and Monitoring (CloudTrail)
29. Your infrastructure is code
Operations are as much a part of the dev
process as anything else
Everything is an API call
You can log all the API callsEverything is
an API call
Security Logging and Monitoring (CloudTrail)
30. AWS CloudTrail
• History of AWS API calls
• AWS Management Console,
• AWS SDKs,
• Command line tools,
• Other AWS services
Available in all public regions
CloudTrail = No additional charge
Typically $3/month for log storage on S3
Log all API
calls with
CloudTrail
Security Logging and Monitoring (CloudTrail)
34. Demo #3 Configuration and Change Management
From the Enterprise Operations
Checklist
“Does your organization have a configuration
and change management strategy for its AWS
resources?”
35. Config and Change Management (AWS Config)
CI/CD deploy
into AWS
Capture
changes with
AWS Config
Look at
Config
timeline
Output to
durable
storage
36. CI/CD deploy
into AWS
Config and Change Management (AWS Config)
How did our AWS
resources look before?
What changed?
How do they look now?
How have the
relationships changed?
37. AWS Config
• Fully managed service
• AWS resource inventory
• Configuration history
• Configuration change notifications
Available in all public regions
$.003 per configuration item recorded
Capture
changes with
AWS Config
Config and Change Management (AWS Config)
38. AWS Config console
• View AWS Config information
• Current and historical
• Current configuration, historical timeline of
configurations
• Current relationships, historical timeline of
relationships
Available in all public regions
No additional charge
Look at
Config
timeline
Config and Change Management (AWS Config)
39. AWS S3
• Object Storage
• Secure
• Durable
• Highly Scalable
Available in all public regions
Free usage tier = 5GB
$0.03 per Gigabyte
Output to
durable
storage
Config and Change Management (AWS Config)
43. Summary
• The business demands more
• The cloud is the new normal
• Cloud allows you to exceed expectations
• Do more… with more
• AWS CloudWatch
• AWS CloudTrail
• AWS Config
44. What to do next
1. Download the Operational Checklists for AWS
2. Embrace the new normal and benefit
3. Use CloudWatch, CloudTrail, AWS Config