Add Superpowers to your Operations with AWS Systems Manager

Transcript

1. Add Superpowers to your Operations with AWS SSM Darko Meszaros

   Developer Advocate - AWS @darkosubotica ln/darko-mesaros twitch.tv/ruptwelve youtu.be/ruptwelve

2. © 2020, Amazon Web Services, Inc. or its Affiliates. Agenda

   for today • What are Operations? • Visibility • Control • Other Tools out there • Wrap up

3. © 2020, Amazon Web Services, Inc. or its affiliates. All

   rights reserved.

4. © 2020, Amazon Web Services, Inc. or its Affiliates. So,

   what do you think are operations?

5. © 2020, Amazon Web Services, Inc. or its Affiliates. Operations

   with agility Optimize Analyze and reduce cost, improve efficiency and security posture Act Take operational action on resources Audit Audit resource configurations, user access, and policy enforcement Monitor Monitor resources and applications

6. © 2020, Amazon Web Services, Inc. or its Affiliates. Operations

   with agility Monitor resources and applications Optimize to reduce cost and improve security posture Manage resources and take operational action Audit user activity and resource configurations Amazon CloudWatch AWS Trusted Advisor AWS Cost and Usage Report AWS Cost Explorer AWS Systems Manager AWS CloudTrail AWS Config

7. © 2020, Amazon Web Services, Inc. or its Affiliates. A

   central point from which to manage operations

8. © 2020, Amazon Web Services, Inc. or its Affiliates. Any

   environment Operate any AWS or external resource centrally Open Agent is open-sourced on GitHub Multi-platform Windows and Linux support Automated Multi-account, multi-Region automation AWS Systems Manager Centrally manage cloud resources at any scale

9. © 2020, Amazon Web Services, Inc. or its Affiliates. Benefits

   Shorten the time to detect problems Easy to use Automation Improve Visibility and Control Manage Hybrid Environments Maintain Security and Compliance

10. © 2020, Amazon Web Services, Inc. or its Affiliates. How

    it works AWS Systems Manager Systems Manager helps you safely manage and operate your resources at scale Group resources Create groups of resources across different AWS services, such as applications or different layers of an application stack Visualize data View aggregated operational data by resource group Take Action Respond to insights and automate operational actions across resource groups

11. © 2020, Amazon Web Services, Inc. or its Affiliates. $(whoami)

    Darko Mesaroš / Darko Meszaros / Дарко Месарош @darkosubotica ln/darko-mesaros twitch.tv/ruptwelve youtu.be/ruptwelve

12. © 2020, Amazon Web Services, Inc. or its Affiliates. Where

    do we start?

13. © 2020, Amazon Web Services, Inc. or its Affiliates. A

    DevOps engineer!

14. © 2020, Amazon Web Services, Inc. or its Affiliates. Bob

15. © 2020, Amazon Web Services, Inc. or its Affiliates. Billy

16. © 2020, Amazon Web Services, Inc. or its Affiliates. Brigitte

17. © 2020, Amazon Web Services, Inc. or its Affiliates. Boris

18. © 2020, Amazon Web Services, Inc. or its Affiliates. Boris

19. © 2020, Amazon Web Services, Inc. or its Affiliates. The

    job is done, right?

20. © 2020, Amazon Web Services, Inc. or its Affiliates. You

    Build It, You Run It “This brings developers into contact with the day-to-day operation of their software. It also brings them into day-to- day contact with the customer.” – Werner Vogels CTO, Amazon.com

21. © 2020, Amazon Web Services, Inc. or its Affiliates. Developer

    Sandbox Dev Pre-Prod Workloads Security Security AWS Organizations Shared Services Network Log Archive Prod Team Shared Services Network Path Sandbox Data Center Orgs: Account management Log Archive: Security logs Security: Security tools, AWS Config rules Shared services: Directory, limit monitoring Network: AWS Direct Connect Dev Sandbox: Experiments, Learning Dev: Development Pre-Prod: Staging Prod: Production Team SS: Team Shared Services, Data Lake Infrastructure Boris

22. © 2020, Amazon Web Services, Inc. or its affiliates. All

    rights reserved.

23. © 2020, Amazon Web Services, Inc. or its Affiliates. What

    is where, and how does it look like?

24. © 2020, Amazon Web Services, Inc. or its Affiliates.

25. © 2020, Amazon Web Services, Inc. or its Affiliates. Collect

    information about your instances and the software installed on them. Collect data about: Inventory • Applications • AWS components • Files • Network configuration • Windows updates • Instance details • Services • Tags • Windows Registry • Windows roles • Custom inventory

26. © 2020, Amazon Web Services, Inc. or its Affiliates. Insights

    Dashboard Automatically aggregates and displays operational data for each resource group through a dashboard. • View compliance history and change tracking for Patch • Customize Systems Manager Compliance to create your own compliance types • Remediate issues by using Systems Manager Run Command, State Manager, or Amazon CloudWatch Events

27. © 2020, Amazon Web Services, Inc. or its Affiliates. Explorer

    Explorer is a customizable dashboard, providing key insights and analysis into the operational health and performance of your AWS environment. • Sync data across your AWS Organization • OpsItems • Non-compliant instances for patching • Managed Instances • Instance Count • Instance by AMI

28. © 2020, Amazon Web Services, Inc. or its Affiliates. You

    cannot measure what you do not see • Insight into what is running in your workload • Understand the operational health • Multi-Account/Hybrid

29. © 2020, Amazon Web Services, Inc. or its Affiliates. How

    do you react to is events?

30. © 2020, Amazon Web Services, Inc. or its Affiliates. View,

    investigate, and resolve operational work items (OpsItems) related to AWS resources. • Integrated with Amazon CloudWatch Events • Create CloudWatch Events rules that automatically create OpsItems • Easy remediation using runbooks • Runbooks can be associated with OpsItems • Designed to complement your existing case management systems OpsCenter

31. © 2020, Amazon Web Services, Inc. or its Affiliates. Enough

    talk – I want action!

32. © 2020, Amazon Web Services, Inc. or its affiliates. All

    rights reserved.

33. © 2020, Amazon Web Services, Inc. or its Affiliates.

34. © 2020, Amazon Web Services, Inc. or its Affiliates. Stay

    in control, but keep moving fast at scale?

35. © 2020, Amazon Web Services, Inc. or its Affiliates.

36. © 2020, Amazon Web Services, Inc. or its Affiliates. Safely

    automate common and repetitive IT operations and management tasks. • Execute Python • Execute PowerShell • Optionally require approvals • Call AWS APIs • Run commands on EC2 Instances • Run a combinations of these actions • Trigger via CloudWatch Events or execute using the AWS Management Console, CLI and SDKs Automation

37. © 2020, Amazon Web Services, Inc. or its Affiliates. ▶

38. © 2020, Amazon Web Services, Inc. or its Affiliates. Safe,

    secure remote management of your instances at scale without logging into your servers. • Automate common admin tasks • Install or bootstrap applications • Build a deployment pipeline • Capture Log Files • Join instances to a domain Run Command

39. © 2020, Amazon Web Services, Inc. or its Affiliates. We

    need to limit access to our resources! Create a bastion-host so that we can have a secure point of access to the rest of the servers! ⚠

40. © 2020, Amazon Web Services, Inc. or its Affiliates. <secure

    system at home>

41. © 2020, Amazon Web Services, Inc. or its Affiliates. Session

    Manager A browser-based interactive shell and CLI for managing Windows and Linux EC2 instances. • Grant and Revoke access with IAM policies • Audit user access • Log commands to S3 or CloudWatch • Port forwarding

42. © 2020, Amazon Web Services, Inc. or its Affiliates.

43. © 2020, Amazon Web Services, Inc. or its Affiliates. Select

    and deploy operating system and software patches automatically across large groups of Amazon EC2 or on-premises instances. • Automate patching • Use patch baselines to set rules for auto approval • Create exceptions to approve or reject patches • Schedule maintenance windows • Scan for compliance Patch Manager

44. © 2020, Amazon Web Services, Inc. or its Affiliates. I

    was told there would be demos

45. © 2020, Amazon Web Services, Inc. or its affiliates. All

    rights reserved.

46. © 2020, Amazon Web Services, Inc. or its Affiliates.

47. © 2020, Amazon Web Services, Inc. or its Affiliates. Change

    Calendar Systems Manager Change Calendar lets you set up date and time ranges when actions you specify may or may not be performed in your AWS account. • Query the calendar using the API or CLI • Review changes before they're applied • Apply changes only during appropriate times • Get the current or upcoming state of the calendar

48. © 2020, Amazon Web Services, Inc. or its Affiliates.

49. © 2020, Amazon Web Services, Inc. or its Affiliates. A

    centralized store to manage your configuration data, whether plain-text data such as database strings or secrets such as passwords. • A secure, scalable, hosted secrets management service • Improve your security posture by separating your data from your code • Store configuration data and secure strings in hierarchies and track versions • Control and audit access at granular levels Parameter Store

50. © 2020, Amazon Web Services, Inc. or its affiliates. All

    rights reserved.

51. © 2020, Amazon Web Services, Inc. or its Affiliates. Takeaways!

    • Understand how is what and where is it • When doing something – do it at scale, but make sure to be safe doing so • Remove all the heavy lifting you do not need to do!

52. Thank you! © 2020, Amazon Web Services, Inc. or its

    affiliates. All rights reserved. Darko Meszaros Developer Advocate - AWS @darkosubotica ln/darko-mesaros twitch.tv/ruptwelve youtu.be/ruptwelve