SRV212

Too Many Tools?

How AWS Systems Manager Bridges Operational Models

Carmen Puccio
Principal Solutions Architect, Amazon Web Services

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Cloud Management Challenges
Managing cloud and hybrid environments using a traditional toolset
is complex and costly

Traditional IT toolset not Maintaining Deploying multiple Licensing costs

built for cloud scale enterprise-wide visibility is products is a significant and complexity
infrastructure challenging overhead

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Customer Challenges

Operate safely and Map resources to Diverse set of tools Complex licensing and Ability to build
securely at scale applications and for managing hybrid hard to manage the custom solutions to
environments cloud management meet specific business
infrastructure needs

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Operate Safely and At Scale
The operations cockpit for any cloud at any scale

Group
The building blocks of your applications

Support AWS and On-Premises

Visualize
Use cross-platform capabilities manage both
Operational insights for applications Windows and Linux
Brings other AWS services in a single console

Act
Using AWS best practices with built-in safeties

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Extensible

Hybrid Compliance Open Source Cross-platform Extensible

Works in hybrid Use existing tools like SSM Agent is open- Windows and Extensible capabilities
and multi-cloud Ansible, PowerShell sourced on GitHub Linux support to collect custom
environments DSC, and InSpec for inventory from
configuration instances
and Compliance

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Systems Manager Customers & Partners

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Manage Resources at Scale
Resource groups
Define the building blocks of
your application
Give a meaning to a collection
of AWS resources (as an app, env,
or business unit)
Group AWS resources based on
tags using a simple query
Save a search as a heterogeneous
group of (dynamic) resources
Interact with a group directly rather than
individual resources

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Improved Visibility And Control

Setup operational dashboards

Build and customize your
own ops-dashboards
Leverage your existing Amazon CloudWatch
dashboards
Leverage your existing
CloudWatch metrics
Monitor Compliance
Visualize your application’s metrics

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Compliance with Patch Manager
corp data center

Default Patch Baseline Web Server

for the OS Patch Baseline
Patch Group=WebServers

Patch Manager
Patch Group=SQLCluster
Individual instances
not grouped

Maintenance
Compliance Notifications!
Window

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
 Demo

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Safe and Secure Operations
corp data center

VPC2

Tags
IAM
Tags

VPC1

Auditing

CloudTrail Run Command Amazon CloudWatch

Events

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Gain Insights From Multi-Account Instances
corp data center

Account 2

Account 1
AWS Inventory
Config

Any BI Tool! Amazon S3

Data Lake

Amazon
QuickSight

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Easy To Use Automation

Automation Input Role and permission Run the automation

document

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Config And Secrets Data Management

App

Dev Test Prod

Rotate
password

/app/test/db_password /app/prod/db_password Change notifications Email

(event-based) notification

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Manage Configuration Drift

Instances

State manager

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Systems Manager Capabilities

Resource Groups Patch Manager State Manager

Run Command Automation Maintenance Window

Inventory Parameter Store

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
 Demo

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Other Enterprise Features

Available in all AWS

Accessible through
Integrated with AWS
regions including services such as
AWS PrivateLink
GovCloud
IAM: granular RBAC
CloudTrail: audited actions
SSM Agent is CloudWatch Events:
Systems Manager is
installed on notification and remediation
SOC, ISO and
AWS Windows Server
PCI compliant, HIPAA Config: configuration history
and Amazon Linux
enabled
AMIs

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Useful Links

1 AWS Management Tools Blog

https://aws.amazon.com/blogs/mt/category/management-tools/amazon-ec2-systems-manager/

2 AWS Blog
https://aws.amazon.com/blogs/aws/category/amazon-ec2-systems-manager/

3 Product Page
https://aws.amazon.com/systems-manager/

4 Feedback
[email protected]

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Thank you!

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
After This Session…

Your feedback is important to us.

Rate this session via the event app.

Tap your badge as you leave to receive

an email with additional resource links
from this session.

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.