Add Superpowers to your Operations with AWS Systems Manager

Slide 1

Slide 1 text

Add Superpowers to your Operations with AWS SSM Darko Meszaros Developer Advocate - AWS @darkosubotica ln/darko-mesaros twitch.tv/ruptwelve youtu.be/ruptwelve

Slide 2

Slide 2 text

Slide 3

Slide 3 text

Slide 4

Slide 4 text

Slide 5

Slide 5 text

© 2020, Amazon Web Services, Inc. or its Affiliates. Operations with agility Optimize Analyze and reduce cost, improve efficiency and security posture Act Take operational action on resources Audit Audit resource configurations, user access, and policy enforcement Monitor Monitor resources and applications

Slide 6

Slide 6 text

© 2020, Amazon Web Services, Inc. or its Affiliates. Operations with agility Monitor resources and applications Optimize to reduce cost and improve security posture Manage resources and take operational action Audit user activity and resource configurations Amazon CloudWatch AWS Trusted Advisor AWS Cost and Usage Report AWS Cost Explorer AWS Systems Manager AWS CloudTrail AWS Config

Slide 7

Slide 7 text

Slide 8

Slide 8 text

© 2020, Amazon Web Services, Inc. or its Affiliates. Any environment Operate any AWS or external resource centrally Open Agent is open-sourced on GitHub Multi-platform Windows and Linux support Automated Multi-account, multi-Region automation AWS Systems Manager Centrally manage cloud resources at any scale

Slide 9

Slide 9 text

© 2020, Amazon Web Services, Inc. or its Affiliates. Benefits Shorten the time to detect problems Easy to use Automation Improve Visibility and Control Manage Hybrid Environments Maintain Security and Compliance

Slide 10

Slide 10 text

© 2020, Amazon Web Services, Inc. or its Affiliates. How it works AWS Systems Manager Systems Manager helps you safely manage and operate your resources at scale Group resources Create groups of resources across different AWS services, such as applications or different layers of an application stack Visualize data View aggregated operational data by resource group Take Action Respond to insights and automate operational actions across resource groups

Slide 11

Slide 11 text

Slide 12

Slide 12 text

Slide 13

Slide 13 text

Slide 14

Slide 14 text

Slide 15

Slide 15 text

Slide 16

Slide 16 text

Slide 17

Slide 17 text

Slide 18

Slide 18 text

Slide 19

Slide 19 text

Slide 20

Slide 20 text

© 2020, Amazon Web Services, Inc. or its Affiliates. You Build It, You Run It “This brings developers into contact with the day-to-day operation of their software. It also brings them into day-to- day contact with the customer.” – Werner Vogels CTO, Amazon.com

Slide 21

Slide 21 text

© 2020, Amazon Web Services, Inc. or its Affiliates. Developer Sandbox Dev Pre-Prod Workloads Security Security AWS Organizations Shared Services Network Log Archive Prod Team Shared Services Network Path Sandbox Data Center Orgs: Account management Log Archive: Security logs Security: Security tools, AWS Config rules Shared services: Directory, limit monitoring Network: AWS Direct Connect Dev Sandbox: Experiments, Learning Dev: Development Pre-Prod: Staging Prod: Production Team SS: Team Shared Services, Data Lake Infrastructure Boris

Slide 22

Slide 22 text

Slide 23

Slide 23 text

Slide 24

Slide 24 text

Slide 25

Slide 25 text

© 2020, Amazon Web Services, Inc. or its Affiliates. Collect information about your instances and the software installed on them. Collect data about: Inventory • Applications • AWS components • Files • Network configuration • Windows updates • Instance details • Services • Tags • Windows Registry • Windows roles • Custom inventory

Slide 26

Slide 26 text

© 2020, Amazon Web Services, Inc. or its Affiliates. Insights Dashboard Automatically aggregates and displays operational data for each resource group through a dashboard. • View compliance history and change tracking for Patch • Customize Systems Manager Compliance to create your own compliance types • Remediate issues by using Systems Manager Run Command, State Manager, or Amazon CloudWatch Events

Slide 27

Slide 27 text

© 2020, Amazon Web Services, Inc. or its Affiliates. Explorer Explorer is a customizable dashboard, providing key insights and analysis into the operational health and performance of your AWS environment. • Sync data across your AWS Organization • OpsItems • Non-compliant instances for patching • Managed Instances • Instance Count • Instance by AMI

Slide 28

Slide 28 text

Slide 29

Slide 29 text

Slide 30

Slide 30 text

© 2020, Amazon Web Services, Inc. or its Affiliates. View, investigate, and resolve operational work items (OpsItems) related to AWS resources. • Integrated with Amazon CloudWatch Events • Create CloudWatch Events rules that automatically create OpsItems • Easy remediation using runbooks • Runbooks can be associated with OpsItems • Designed to complement your existing case management systems OpsCenter

Slide 31

Slide 31 text

Slide 32

Slide 32 text

Slide 33

Slide 33 text

Slide 34

Slide 34 text

Slide 35

Slide 35 text

Slide 36

Slide 36 text

© 2020, Amazon Web Services, Inc. or its Affiliates. Safely automate common and repetitive IT operations and management tasks. • Execute Python • Execute PowerShell • Optionally require approvals • Call AWS APIs • Run commands on EC2 Instances • Run a combinations of these actions • Trigger via CloudWatch Events or execute using the AWS Management Console, CLI and SDKs Automation

Slide 37

Slide 37 text

Slide 38

Slide 38 text

© 2020, Amazon Web Services, Inc. or its Affiliates. Safe, secure remote management of your instances at scale without logging into your servers. • Automate common admin tasks • Install or bootstrap applications • Build a deployment pipeline • Capture Log Files • Join instances to a domain Run Command

Slide 39

Slide 39 text

Slide 40

Slide 40 text

Slide 41

Slide 41 text

© 2020, Amazon Web Services, Inc. or its Affiliates. Session Manager A browser-based interactive shell and CLI for managing Windows and Linux EC2 instances. • Grant and Revoke access with IAM policies • Audit user access • Log commands to S3 or CloudWatch • Port forwarding

Slide 42

Slide 42 text

Slide 43

Slide 43 text

© 2020, Amazon Web Services, Inc. or its Affiliates. Select and deploy operating system and software patches automatically across large groups of Amazon EC2 or on-premises instances. • Automate patching • Use patch baselines to set rules for auto approval • Create exceptions to approve or reject patches • Schedule maintenance windows • Scan for compliance Patch Manager

Slide 44

Slide 44 text

Slide 45

Slide 45 text

Slide 46

Slide 46 text

Slide 47

Slide 47 text

© 2020, Amazon Web Services, Inc. or its Affiliates. Change Calendar Systems Manager Change Calendar lets you set up date and time ranges when actions you specify may or may not be performed in your AWS account. • Query the calendar using the API or CLI • Review changes before they're applied • Apply changes only during appropriate times • Get the current or upcoming state of the calendar

Slide 48

Slide 48 text

Slide 49

Slide 49 text

© 2020, Amazon Web Services, Inc. or its Affiliates. A centralized store to manage your conﬁguration data, whether plain-text data such as database strings or secrets such as passwords. • A secure, scalable, hosted secrets management service • Improve your security posture by separating your data from your code • Store conﬁguration data and secure strings in hierarchies and track versions • Control and audit access at granular levels Parameter Store

Slide 50

Slide 50 text

Slide 51

Slide 51 text

© 2020, Amazon Web Services, Inc. or its Affiliates. Takeaways! • Understand how is what and where is it • When doing something – do it at scale, but make sure to be safe doing so • Remove all the heavy lifting you do not need to do!

Slide 52

Slide 52 text