Date post: | 22-Jan-2018 |
Category: |
Technology |
Upload: | api-talent |
View: | 183 times |
Download: | 0 times |
AUCKLAND
Cloud OpsLife after an AWS Migration
Paul Dunlop – Principal Cloud Architect
@pauldunlopnz
@apitalent
Somethings Missing!
“Service Delivery Platform”
Backups?
Monitoring?Logging?
Active Directory?
Automation?
Service Limits?
Patch Management?
Image Maintenance?
Identity & Access?
Security?
Hybrid / Network
Connectivity?
Billing?Tagging?
Configuration Management?
SDP Exists in Every Account
Review SDP Artefacts
Network Connectivity
Did Anyone Think About
Routing?Network Register
Identity & Access
User Accounts In Each AWS Account Is Like
Having Local Users On Every Windows
Server. Don’t do it.
RPG
IAM Roles, Policies, Groups (RPG)
Tagging
Security
Billing
Business
Automation
Backups
How Can I Use Tags To Backup
My Instances?
Patch & Image Management
HOW DO I KEEP MY EC2 INSTANCES
PATCHED
HOW DO I PATCH MY GOLD IMAGES?
EC2 Systems Manager
EC2 / PATCHES IS SIMILAR TO WSUS
27
Configuration Management
HOW DO WE TRACK AWS RESOURCE
STATE AND CONFIGURATION
CHANGES IN AWS?
• Config is also Rules based
• Rules can be Lambda functions
Enable It
On All
Accounts
Security Auditing
AWS CloudTrail
Event Occurs
Generating API
Activity
Cloudtrail
Captures And
Records The API
Activity
Enable It
On All
Accounts
Pro Tip
System Logs And Application Metrics
Are Not Logged By Default
CloudWatch
Amazon CloudWatch collects and tracks
metrics, collects and monitors log files, set
alarms, and automatically react to changes in
your AWS resources.
Bucket Overflow
OPS
38
Centralise Logging
Optimisation & Automation
Service Limits
https://aws.amazon.com/answers/account-management/limit-monitor/
• Each AWS account comes
with a Service Delivery
Platform
• Architects should advocate
the Cloud Center of
Excellence and drive new
operational standards
• Automate, Centralise & Log
everything
IMPORTANT MESSAGE
BEFORE YOU GO :)
API Talent Booth Promotions
Crazy Cloud Native Idea
Migration and Managed Services
This might be an API or other type
of cloud native app. We will select two
best ideas from the jar and implement
them.
We’ll migrate a lucky customers’ workloads
to AWS and provide 12 months managed
services!
JAR 1
JAR 2
@pauldunlopnz
@apitalent
Paul Dunlop – Principal Cloud Architect