search
GitHub

Management & Governance Tools

circle-info

Useful for:

  • Provisioning

  • Monitoring and Logging

  • Operations Management

  • Configuration Management

hashtag
CloudFormation

  • Allow us to implement our infrastructure as code. (JSON or YAML templates)

  • Version control capability.

  • Template describes all the AWS resources and CloudFormation takes care of provisioning and configuring.

hashtag
Stacks

  • All of our related resources that are defined in our CloudFormation template or multiple templates can be managed as a single unit called stack.

  • Stacks are managed using the console.

  • Before making changes to your resources, you can generate a change set.

    • This allows you to view the changes to your resources on a review screen before you actually implement those changes.

hashtag
Template Sections

  • A template is made up of a number of different sections.

    • Format Version: Template conforms to.

      • What version of Template you are actually using.

    • Description: Must always follow Format Version.

      • Just a description of what the Template is about.

    • Metadata: JSON objects and keys that provide additional info.

      • If you want to put something specific in that Template, you could put that in as a Metadata.

    • Parameters: Allow values to be passed at stack creation.

      • Very useful if other people will be using your Template.

      • Used to define parameters so when the template and the Stack are begin created, the CloudFormation servkce can prompt the person that is deploying for parameters.

        • E.g: What type of EC2 instance you want to lauch.

    • Mappings: Match keus to corresponding name value pairs.

    • Transforms: Optional transforms such as SAM, snippets.

      • To prepare this CloudFormation Template for other services, such as the serverless application model.

    • Outputs: Declares output values.

      • Can be very useful when you want to see what is going on with your CloudFormation Template.

      • You can put at different stages outputs that can output messages to the console.

    • Resources (required): Declares the resources to be included for deploy.

    • Conditions: Define when a resource can be created or a property defined.

      • E.g: You may put in a condition that an EC2 resource cannot be deployed until the VPC has been created.

hashtag
CloudFormation Designer

  • Visual tool that provides a drag-and-drop interface for adding resources to templates.

    • Similar to UML templates.

    • In the template you have:

      • Boxes indicating the type of resources.

      • Arrows linking resources indicate conditions or any relationships between them.

      • Colored dots to indicate some configurations on the resources.

  • Supports JSON and YAML.

  • Changes done on the visual representation are automatically converted to JSON or YAML.

hashtag
Service Catalog

  • Allow enterprises to catalog resources that can be deployed on the cloud.

  • This allows an enterprise to achieve common governance and compliance for its IT resources by clearly defining what is allowed to be deployed on the AWS cloud.

hashtag
CloudWatch

circle-info

Mainly monitors performance.

  • The Monitoring and Observability service to:

    • Collect logs, metrics and custom metrics of AWS resources.

    • Monitor metrics, statistics and alarms in dashboards.

    • Act on alarms and events. Implement corrective action.

    • Analyze metrics with CloudWatch Log Insights.

    • Compliance and Security controlled with IAM and data encryption at rest and in transit.

  • It can be used for triggering scaling operations, or it can also be used for providing insight into your deployed resources.

hashtag
Monitor resources like

  • EC2 instances.

  • Autoscaling groups.

  • Elastic LoadBalancer.

  • Health check of Route 53.

  • Monitor performance of EBS volumes.

  • Storage Gateway latency.

  • CloudFront.

hashtag
Custom Metrics

  • Publish your own metrics to CloudWatch using AWS CLI or an API/SDK.

  • Standard resolution, one-minute granularity. (Samples will be taken every minute)

  • High resolution, one-second granularity. (Samples will be taken every second)

  • Metrics produced by AWS services are standard resolution by default.

  • Metrics include:

    • CPU

    • Network

    • Disk

    • Status check

hashtag
Alarms

  • Billing alarms as well as resource alarms.

  • Integrates with SNS.

  • Three states:

    • Ok

    • ALARM

    • INSUFFICIENT_DATA

  • If a metric is above the alarm threshold for the number of time periods definied by the evaluation period, an alarm is invoked.

hashtag
Logs

  • Agent installed on instance.

  • Monitor, store, and access your log files from EC2 instances, CloudTrail, or other sources.

  • Search and Analyse data with CloudWatch Log Insights.

hashtag
Systems Manager

  • Provides a unified user interface that allows you view operational data from multiple AWS services and to automate tasks across those resources.

  • That helps to shorten the time to detect and resolve any operational problems.

hashtag
CloudTrail

circle-info

Mainly monitors API calls done on AWS.

  • Monitors and logs AWS account activity, including actions taken through the AWS management console, the AWS software development kits, the command line tools, and other AWS services.

  • So, this greatly sympathize security and analysis of the activity of users of your account.

  • It can log calls to AWS services from the AWS API.

    • Logs are stored in a bucket and can be analysed (Amazon Athena, EMR, etc).

It logs which AWS Users called, from what IP address and the Date of the call.

hashtag
AWS Config

  • Enables you to access, audit, and evaluate the configurations of your AWS resources.

  • This greatly simplifies compliance auditing, security analysis, change management and control, and also operational troubleshooting.

hashtag
OpsWorks

  • It is a configuration management service fully managed by AWS.

  • AWS OpsWorks for Chef Automate.

  • AWS OpsWorks for Puppet Enterprise.

  • AWS OpsWorks for Stacks.

    • Define different parts of an application with layers.

    • Chef Recipies define configuration of layers.

  • These allows us to define different parts of our application with layers. and each one of the layers will have a Chef Recipe to define the configuration and resources inside of those layers.

    • Chef and Puppet can be used to configure and automate the deployment of AWS resources.

hashtag
Example - with Chef or Puppet

  • Application instances are registered to a Chef or Puppet OpsWork instance.

  • Chef or Puppet configurations used to manage application instances.

hashtag
Example - with Stacks

  • A stack is divided into layers representing different parts of the application.

  • Chef recipes are used to define layer configurations.

  • Some AWS resources (e.g: Amazon RDS) need to be created ourside OpsWork and added to the layer.

hashtag
Elastic BeanStalk (Deployment Service)

  • Usually used for Web Apps.

  • Uses CloudFormation under the hood.

  • Allows to quickly deploy and manage applications on environments.

  • Automatically handles capacity provisioning, load balancing, scaling, and application health monitoring.

  • New versions of the code can be uploaded through the console or CLI, and also complete environments can be re-deployed.

    • Applications can be:

      • Docker containers.

      • Node.js, Java, .NET, PHP, Ruby, Python and Go.

      • On servers such as Apache, Nginx, Passenger and IIS.

hashtag
Highly Available & Fault Tolerant Architecture

  • Beanstalk will automatically create one, without us having to do anything.

hashtag
Deployment Options

  • Management & Governance Tools.

    • If you have like 20 EC2 instances, it will deploy on all of them at once.

  • Immutable (All at Once - without downtime). (Two environments temporarily)

    • It will duplicate the 20 EC2 instances as "temporary backup", while the 20 original ones are deploying at once.

    • It will double the resources, but will not have downtime.

  • Management & Governance Tools (a batch at a time), Rolling with additional batch.

    • It will deploy on batches of X instances at a time.

  • Management & Governance Tools (two environments).

    • It is like having two environments like "Development" and "Production" environment.

    • Then when ready for deploying, the "Development" will be deployed and will turn into the "Production", and the "Production" will become the "Development", so that there is no downtime.

hashtag
Trusted Advisor

Similar to Management & Governance Tools.

  • Is an online expert system that can analyze your AWS account in real time and the resources inside it, and then it can advise you on how to best achieve high security and best performance from those resources.

  • It helps you to reduce costs, raise performance and security, optmizing you AWS environment.

hashtag
Check Categories

Check Category
Min. Support Level
Description

Cost Optimization

Basic (Limited)

Recommendations that can potentially save you money.

Performance

Basic (Limited); Developer (Full)

Recommendations that can improve the speed and responsiveness of your applications.

Security

Basic (Limited); Business (Full)

Recommendations for security settings.

Fault Tolerance

Basic (Limited); Developer (Full)

Recommendations that help increase the resiliency of your solutions.

Service Limits

Basic (Limited); Developer (Full)

Checks the usage for your account and whether your account approaches or exceeds limits.

Operational Excellence

Business (Full)

Recommendations to help you operate your AWS environment effectively.

PreviousNetworking & Content DeliveryNextAnalytics

Last updated