In this session, you’ll learn how you can incorporate your IT product lifecycle into the cloud where you can define, publish, monitor, and manage your products. Central IT can enable end-users in their organizations to easily discover and provision these products, from a personalized portal. We will demonstrate using AWS services that enable IT to retain control of resources provisioned in the AWS cloud, track configuration changes and audit user activities. We will also show AWS Marketplace, that helps you find third-party software that you need, buy it, and easily deploy it in the AWS cloud.
3. Traditional Lifecycle of IT Products
Stage Who? How?
Provision IT Admin Tickets, Manual, Scripts
Monitor/Manage IT Admin Traditional tools to monitor, patch, backup
Track/Govern IT Admin Compliance tools, inspections, spreadsheets
IT Product: Server, Database, Desktop, Environment, Application
4. Self-service: The “New” way to administer
Stage Who? How?
Define IT Admin Documents
Publish IT Admin Portal, Spreadsheet
Request User Tickets
Provision IT Admin Scripts
Monitor/Manage IT Admin Traditional tools to monitor, patch, backup
Track/Govern IT Admin Compliance tools, inspections, spreadsheets
5. Lifecycle of IT Products in the cloud
Stage Who? How?
Define IT Admin
Publish IT Admin
Request
Provision
Monitor/Manage IT Admin
Track/Govern IT Admin
IT Products: Server, Database, Desktop, Environment, Application
6. Lifecycle of IT Products in AWS
Stage Cloud AWS
Define Infrastructure as code CloudFormation
Publish Service catalog CloudFormation,
Service Catalog
Request Self-Service Portal AWS APIs,
Service Catalog
Provision Self-Service Portal with automation Service Catalog
Monitor/Manage Metrics, visualizations & automated alerts CloudWatch
Track/Govern Audit logs, change events and alerts Config, CloudTrail
7. IT Product Lifecycle Management in AWS
CloudFormation
template
Admin
Define
AWS Service Catalog
Publish
CloudFormation
stack
Users
Browse and Launch
AWS CloudTrail
Amazon S3
Monitors
Logs all API calls
AWS CloudWatch
alarm
Monitors
Initiates
Notifies
AWS Config
Track changes
Notifies
ChangesChanges Provisions
8. IT Product Lifecycle Management in AWS
CloudFormation
template
Admin
Define
AWS Service Catalog
Publish
CloudFormation
stack
Users
Browse and Launch
AWS CloudTrail
Amazon S3
Logs all API calls
AWS CloudWatch
alarm
Monitors
Initiates
Notifies
AWS Config
Track changes
Notifies
ChangesChanges Provisions
9. Use cases enabled by CloudFormation
• Allows creating templates of your
infrastructure and applications
• Specify resources and their
relationships
• Easily version control, replicate or
update your environments
• Integrate with other development,
CI/CD, and management tools.
11. Create template –
For example, for the food catalog website
security group
Auto Scaling group
EC2
instance
Elastic Load
Balancing
Customer DB
Service
Inventory Service
Recommendation
s Service
ElastiCache
memcached cluster
Software pkgs,
config, & dataCloudWatch
alarms
13. Create template – Parameters
"Parameters"
:
{
"CustomerDBServiceEndPoint"
:
{
"Description"
:
"URL
of
the
Customer
DB
Service",
"Type"
:
"String"
},
"CustomerDBServiceKey"
:
{
"Description"
:
"API
key
for
the
Customer
DB
Service",
"Type"
:
"String",
"NoEcho"
:
"true"
},
"InstanceType"
:
{
"Description"
:
"WebServer
EC2
instance
type",
"Type"
:
"String",
"Default"
:
"m3.medium",
"AllowedValues"
:
["m3.medium","m3.large","m3.xlarge"],
"ConstraintDescription"
:
"Must
be
a
valid
instance
type"
Auto Scaling group
EC2
instance
Recommendation
s Service
Inventory
Service
Customer DB
Service
Info to Customize
Stack at
Creation.
Examples:
Instance Type,
App Pkg Version
CloudFormation
Template
14. Create template – Outputs
"Resources"
:
{
"LoadBalancer"
:
{},
...
},
"Outputs"
:
{
"WebsiteDNSName"
:
{
"Description"
:
"The
DNS
name
of
the
website",
"Value"
:
{
"Fn::GetAtt"
:
[
"LoadBalancer",
"DNSName"
]
}
}
}
Elastic Load
Balancing
CloudFormation
Template
16. Extend with Custom Resources
"Resources"
:
{
"WebAnalyticsTrackingID"
:
{
"Type"
:
"Custom::WebAnalyticsService::TrackingID",
"Properties"
:
{
"ServiceToken"
:
"arn:aws:sns:...",
"Target"
:
{"Fn::GetAtt"
:
["LoadBalancer",
"DNSName"]},
"Plan"
:
"Gold"
}
},
...
security group
Auto Scaling group
EC2
instance
Elastic Load
Balancing
ElastiCache
memcached cluster
Software pkgs,
config, & dataCloudWatch
alarms
Web Analytics
Service
AWS
CloudFormation
Provision
AWS Resources
“Success” + Metadata
“Create, Update, Rollback, or Delete”
+ Metadata
17. IT Product Lifecycle Management in AWS
CloudFormation
template
Admin
Define
AWS Service Catalog
Publish
CloudFormation
stack
Users
Browse and Launch
AWS CloudTrail
Amazon S3
Monitors
Logs all API calls
AWS CloudWatch
alarm
Monitors
Initiates
Notifies
AWS Config
Track changes
Notifies
ChangesChanges Provisions
18. What is the AWS Service Catalog?
AWS Service Catalog is a personalized portal for end-users in an
organization to browse and launch services listed by their IT departments
IT Developers
Control
Visibility
Compliance
Agility
Self-service
Time to market
19. Why should I use a Service Catalog?
Use cases
• Development/Test
Environments
• Line-of-business
applications
Benefits
• For organizations
– Promote compliance
– Cost Management
• For administrators
– Increase standardization
– Controlled access
– Centralized management
• For end-users (developers & applications users)
– Simple personalized portal
– Self-service provisioning
20. Creates portfolio
Adds constraints
and grant access
1
4
5
Administrator
Portfolio
Users
Browse Products
6Launch ProductsAWS CloudFormation
template
Creates
product3Authors template2
ProductX
ProductY
ProductZ
7
Deploys
stacks
Notifications
Notifications
8
8
Service Catalog flow
Create custom
services
and grant access
Use a
personalized
portal to find &
launch services
23. IT Product Lifecycle Management in AWS
CloudFormation
template
Admin
Define
AWS Service Catalog
Publish
CloudFormation
stack
Users
Browse and Launch
AWS CloudTrail
Amazon S3
Monitors
Logs all API calls
AWS CloudWatch
alarm
Monitors
Initiates
Notifies
AWS Config
Track changes
Notifies
ChangesChanges Provisions
24. AWS CloudWatch
• Monitoring service in AWS
• 300+ built-in metrics
• Publish your own custom metrics
• Alerts on metrics
• Centralized archive & access for logs
25. Use cases enabled by CloudWatch
• Monitor metrics & logs: errors, exceptions, HTTP responses
• Analyze metrics data using statistics (e.g. min, max, sum)
• Centralized repository of logs and metrics off-box
• Watching logs without connecting to host
• Correlate system status with change events
34. Visibility: In your datacenter
“I don’t have record of that box (server). It was before
my time. I don’t want to turn it off because something
may be running on it” – Anonymous Administrator
“I want to do stuff, but my IT approvals can get in the
way, so I go out and buy a server or get what I need
from the Cloud.” - Developer
35. Visibility: In the cloud
1. Developers in full control of Infrastructure!
2. Many users. Many new users.
3. Everything is changing all the time
4. Existing tools may not be efficient or effective
Visibility is even more important in the cloud
36. Get full visibility into resource configurations,
user activity, configuration changes continuously,
without affecting how developers consume AWS
38. Use cases enabled
• Security Analysis: Am I safe?
• Audit Compliance: Where is the evidence?
• Change Management: What will this change
affect?
• Troubleshooting: What has changed?
• Discovery: What resources exist?
39. Component Description Contains
Metadata Information about this configuration
item
Version ID, Configuration item ID,
Time when the configuration item
was captured, State ID indicating
the ordering of the configuration
items of a resource, MD5Hash, etc.
Common Attributes Resource attributes Resource ID, tags, Resource type.
Amazon Resource Name (ARN)
Availability Zone, etc.
Relationships How the resource is related to other
resources associated with the
account
EBS volume vol-1234567 is
attached to an EC2 instance i-
a1b2c3d4
Current Configuration Information returned through a call
to the Describe or List API of the
resource
e.g. for EBS Volume
State of DeleteOnTermination flag
Type of volume. For example, gp2,
io1, or standard
Related Events The AWS CloudTrail events that are
related to the current configuration
of the resource
AWS CloudTrail event ID
Configuration Item
47. IT Product Lifecycle Management in AWS
CloudFormation
template
Admin
Define
AWS Service Catalog
Publish
CloudFormation
stack
Users
Browse and Launch
AWS CloudTrail
Amazon S3
Monitors
Logs all API calls
AWS CloudWatch
alarm
Monitors
Initiates
Notifies
AWS Config
Track changes
Notifies
ChangesChanges Provisions
48. Introduction to AWS CloudTrail
Customers
are making
API calls...
On a growing
set of services
around the
world…
CloudTrail is
continuously
recording
API calls…
And
delivering
log files to
customers
49. Use cases enabled by CloudTrail
• Security Analysis
– Use log files as an input into log management and analysis solutions to perform security
analysis and to detect user behavior patterns
• Track API calls to AWS Resources
– Track creation, modification, and deletion of AWS resources such as Amazon EC2
instances, Amazon VPC security groups and Amazon EBS volumes
• Troubleshoot Operational Issues
– Identify the most recent actions made to resources in your AWS account
• Compliance Aid
– Easier to demonstrate compliance with internal policies and regulatory standards
57. Lifecycle of IT Products in AWS
Stage Who? How?
Define IT Admin
Publish IT Admin
Request
Provision
Monitor/Manage IT Admin
Track/Govern IT Admin
IT Products: Server, Database, Desktop, Environment, Application