Add Superpowers to your Operations with AWS Systems Manager

Transcript

1. Add Superpowers to your
   Operations with AWS SSM
   Darko Meszaros
   Developer Advocate - AWS
   @darkosubotica
   ln/darko-mesaros
   twitch.tv/ruptwelve
   youtu.be/ruptwelve
   

   View Slide

2. © 2020, Amazon Web Services, Inc. or its Affiliates.
   Agenda for today
   • What are Operations?
   • Visibility
   • Control
   • Other Tools out there
   • Wrap up
   

   View Slide

3. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
   

   View Slide

4. © 2020, Amazon Web Services, Inc. or its Affiliates.
   So, what do you think are operations?
   
   

   View Slide

5. © 2020, Amazon Web Services, Inc. or its Affiliates.
   Operations with agility
   Optimize
   Analyze and reduce cost,
   improve efficiency and security
   posture
   Act
   Take operational
   action on resources
   Audit
   Audit resource configurations,
   user access, and policy
   enforcement
   Monitor
   Monitor resources
   and applications
   

   View Slide

6. © 2020, Amazon Web Services, Inc. or its Affiliates.
   Operations with agility
   Monitor resources and applications
   Optimize to reduce cost and improve security posture
   Manage resources and take operational action
   Audit user activity and resource configurations
   Amazon CloudWatch
   AWS Trusted Advisor
   AWS Cost and Usage Report
   AWS Cost Explorer
   AWS Systems Manager
   AWS CloudTrail
   AWS Config
   

   View Slide

7. © 2020, Amazon Web Services, Inc. or its Affiliates.
   A central point from which to
   manage operations
   

   View Slide

8. © 2020, Amazon Web Services, Inc. or its Affiliates.
   Any environment
   Operate any
   AWS or external
   resource centrally
   Open
   Agent is
   open-sourced
   on GitHub
   Multi-platform
   Windows and
   Linux support
   Automated
   Multi-account,
   multi-Region
   automation
   AWS Systems Manager
   Centrally manage cloud resources at any scale
   

   View Slide

9. © 2020, Amazon Web Services, Inc. or its Affiliates.
   Benefits
   Shorten the
   time to detect
   problems
   Easy to use
   Automation
   Improve
   Visibility and
   Control
   Manage Hybrid
   Environments
   Maintain
   Security and
   Compliance
   

   View Slide

10. © 2020, Amazon Web Services, Inc. or its Affiliates.
    How it works
    AWS Systems Manager
    Systems Manager helps you
    safely manage and operate
    your resources at scale
    Group resources
    Create groups of
    resources across
    different AWS services,
    such as applications or
    different layers of an
    application stack
    Visualize data
    View aggregated
    operational data by
    resource group
    Take Action
    Respond to insights and
    automate operational
    actions across resource
    groups
    

    View Slide

11. © 2020, Amazon Web Services, Inc. or its Affiliates.
    $(whoami) Darko Mesaroš / Darko Meszaros /
    Дарко Месарош
    @darkosubotica
    ln/darko-mesaros
    twitch.tv/ruptwelve
    youtu.be/ruptwelve
    

    View Slide

12. © 2020, Amazon Web Services, Inc. or its Affiliates.
    Where do we start?
    
    

    View Slide

13. © 2020, Amazon Web Services, Inc. or its Affiliates.
    A DevOps engineer!
    

    View Slide

14. © 2020, Amazon Web Services, Inc. or its Affiliates.
    Bob
    

    View Slide

15. © 2020, Amazon Web Services, Inc. or its Affiliates.
    Billy
    

    View Slide

16. © 2020, Amazon Web Services, Inc. or its Affiliates.
    Brigitte
    

    View Slide

17. © 2020, Amazon Web Services, Inc. or its Affiliates.
    Boris
    

    View Slide

18. © 2020, Amazon Web Services, Inc. or its Affiliates.
    Boris
    
    

    View Slide

19. © 2020, Amazon Web Services, Inc. or its Affiliates.
    The job is done, right?
    
    

    View Slide

20. © 2020, Amazon Web Services, Inc. or its Affiliates.
    You Build It, You Run It
    “This brings developers into
    contact with the day-to-day
    operation of their software. It
    also brings them into day-to-
    day contact with the
    customer.”
    – Werner Vogels
    CTO, Amazon.com
    

    View Slide

21. © 2020, Amazon Web Services, Inc. or its Affiliates.
    Developer
    Sandbox
    Dev Pre-Prod
    Workloads
    Security
    Security
    AWS Organizations
    Shared
    Services
    Network
    Log Archive Prod
    Team Shared
    Services
    Network Path
    Sandbox Data Center
    Orgs: Account management
    Log Archive: Security logs
    Security: Security tools, AWS Config rules
    Shared services: Directory, limit monitoring
    Network: AWS Direct Connect
    Dev Sandbox: Experiments, Learning
    Dev: Development
    Pre-Prod: Staging
    Prod: Production
    Team SS: Team Shared Services, Data Lake
    Infrastructure
    Boris
    
    

    View Slide

22. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    

    View Slide

23. © 2020, Amazon Web Services, Inc. or its Affiliates.
    What is where, and how
    does it look like?
    

    View Slide

24. © 2020, Amazon Web Services, Inc. or its Affiliates.
    

    View Slide

25. © 2020, Amazon Web Services, Inc. or its Affiliates.
    Collect information about your instances and the
    software installed on them.
    Collect data about:
    Inventory
    • Applications
    • AWS components
    • Files
    • Network configuration
    • Windows updates
    • Instance details
    • Services
    • Tags
    • Windows Registry
    • Windows roles
    • Custom inventory
    

    View Slide

26. © 2020, Amazon Web Services, Inc. or its Affiliates.
    Insights Dashboard
    Automatically aggregates and displays operational data
    for each resource group through a dashboard.
    • View compliance history and change tracking for
    Patch
    • Customize Systems Manager Compliance to create
    your own compliance types
    • Remediate issues by using Systems Manager Run
    Command, State Manager, or Amazon CloudWatch
    Events
    

    View Slide

27. © 2020, Amazon Web Services, Inc. or its Affiliates.
    Explorer
    Explorer is a customizable dashboard, providing key
    insights and analysis into the operational health and
    performance of your AWS environment.
    • Sync data across your AWS Organization
    • OpsItems
    • Non-compliant instances for patching
    • Managed Instances
    • Instance Count
    • Instance by AMI
    

    View Slide

28. © 2020, Amazon Web Services, Inc. or its Affiliates.
    You cannot measure what you do not see
    • Insight into what is running in your workload
    • Understand the operational health
    • Multi-Account/Hybrid
    

    View Slide

29. © 2020, Amazon Web Services, Inc. or its Affiliates.
    How do you react to is
    events?
    

    View Slide

30. © 2020, Amazon Web Services, Inc. or its Affiliates.
    View, investigate, and resolve operational work items
    (OpsItems) related to AWS resources.
    • Integrated with Amazon CloudWatch Events
    • Create CloudWatch Events rules that automatically
    create OpsItems
    • Easy remediation using runbooks
    • Runbooks can be associated with OpsItems
    • Designed to complement your existing case
    management systems
    OpsCenter
    

    View Slide

31. © 2020, Amazon Web Services, Inc. or its Affiliates.
    Enough talk – I want action!
    

    View Slide

32. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    

    View Slide

33. © 2020, Amazon Web Services, Inc. or its Affiliates.
    

    View Slide

34. © 2020, Amazon Web Services, Inc. or its Affiliates.
    Stay in control, but keep
    moving fast at scale?
    

    View Slide

35. © 2020, Amazon Web Services, Inc. or its Affiliates.
    

    View Slide

36. © 2020, Amazon Web Services, Inc. or its Affiliates.
    Safely automate common and repetitive IT operations
    and management tasks.
    • Execute Python
    • Execute PowerShell
    • Optionally require approvals
    • Call AWS APIs
    • Run commands on EC2 Instances
    • Run a combinations of these actions
    • Trigger via CloudWatch Events or execute using the
    AWS Management Console, CLI and SDKs
    Automation
    

    View Slide

37. © 2020, Amazon Web Services, Inc. or its Affiliates.
    ▶
    
    

    View Slide

38. © 2020, Amazon Web Services, Inc. or its Affiliates.
    Safe, secure remote management of your instances at
    scale without logging into your servers.
    • Automate common admin tasks
    • Install or bootstrap applications
    • Build a deployment pipeline
    • Capture Log Files
    • Join instances to a domain
    Run Command
    

    View Slide

39. © 2020, Amazon Web Services, Inc. or its Affiliates.
    We need to limit access to our
    resources! Create a bastion-host so
    that we can have a secure point of
    access to the rest of the servers!
    ⚠
    

    View Slide

40. © 2020, Amazon Web Services, Inc. or its Affiliates.
    
    

    View Slide

41. © 2020, Amazon Web Services, Inc. or its Affiliates.
    Session Manager
    A browser-based interactive shell and CLI for managing
    Windows and Linux EC2 instances.
    • Grant and Revoke access with IAM policies
    • Audit user access
    • Log commands to S3 or CloudWatch
    • Port forwarding
    

    View Slide

42. © 2020, Amazon Web Services, Inc. or its Affiliates.
    

    View Slide

43. © 2020, Amazon Web Services, Inc. or its Affiliates.
    Select and deploy operating system and software
    patches automatically across large groups of Amazon
    EC2 or on-premises instances.
    • Automate patching
    • Use patch baselines to set rules for auto approval
    • Create exceptions to approve or reject patches
    • Schedule maintenance windows
    • Scan for compliance
    Patch Manager
    

    View Slide

44. © 2020, Amazon Web Services, Inc. or its Affiliates.
    I was told there would be demos
    

    View Slide

45. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    

    View Slide

46. © 2020, Amazon Web Services, Inc. or its Affiliates.
    

    View Slide

47. © 2020, Amazon Web Services, Inc. or its Affiliates.
    Change Calendar
    Systems Manager Change Calendar lets you set up date
    and time ranges when actions you specify may or may
    not be performed in your AWS account.
    • Query the calendar using the API or CLI
    • Review changes before they're applied
    • Apply changes only during appropriate times
    • Get the current or upcoming state of the calendar
    

    View Slide

48. © 2020, Amazon Web Services, Inc. or its Affiliates.
    

    View Slide

49. © 2020, Amazon Web Services, Inc. or its Affiliates.
    A centralized store to manage your configuration data,
    whether plain-text data such as database strings or
    secrets such as passwords.
    • A secure, scalable, hosted secrets management
    service
    • Improve your security posture by separating your
    data from your code
    • Store configuration data and secure strings in
    hierarchies and track versions
    • Control and audit access at granular levels
    Parameter Store
    

    View Slide

50. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    

    View Slide

51. © 2020, Amazon Web Services, Inc. or its Affiliates.
    Takeaways!
    • Understand how is what and where is it
    • When doing something – do it at scale, but make sure to be safe doing so
    • Remove all the heavy lifting you do not need to do!
    

    View Slide

52. Thank you!
    © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Darko Meszaros
    Developer Advocate - AWS
    @darkosubotica
    ln/darko-mesaros
    twitch.tv/ruptwelve
    youtu.be/ruptwelve
    

    View Slide