1. The document discusses best practices for automating AWS resources using infrastructure as code. It recommends using AWS CloudFormation to define resources with templates and deploying infrastructure in a standardized, versioned manner.
2. AWS Service Catalog and AWS CloudFormation allow organizations to define approved templates and deploy IT services in a self-service way while enforcing constraints and access controls.
3. Automating health monitoring and remediation of AWS resources using AWS Personal Health Dashboard, AWS Health, and AWS Health Tools can help address operational issues continuously.
2. What to Expect from this Session
Learn automation best practices to:
• Build and deploy your AWS resources
• Customize health alerts to continuously monitor your
AWS resources
• Remediate any operational issues
3. What’s in your AWS account(s)?
Availability Zone #1
www.example.com
Elastic Load
Balancing
DatabaseEC2 instance
web app
server
Autoscaling Group #1
4. As you Expand and Change, Entropy Starts
Increasing…
CloudFront
Siemens
Customers
Internet
Route
53
On-Premises
Media
Sources
AWS Direct Connect
SQS
S3 Bucket
2
1
Availability Zone B
ELB
Processing Layer
EC2 App
Servers
EC2 App
Servers
Customer App
Layer
EC2 Web
Servers
EC2 Web
Servers
Web Layer
ProcessedMedia
Processed Data /
Meta-data
DynamoDB
Availability Zone A
4
G2
GPU-Optimized
Instances
G2
GPU-Optimized
Instances
ELB
3
5
6
Static Content
Unprocessed Media
Unprocessed Media
DynamicContent
5. Adding Complexity With Each Workload
AWS Cloud
Route
53
Users
CloudFr
ont
S3
Bucket Availability Zone
Auto scaling
Groups
Elastic Load Balancing
RDS
MySQL DB
RDS
MSSQL DB
RDS MySQL
DB
(Standby)
RDS MSSQL
DB
(Standby)
Web-
Servers
Private Subnet Private Subnet
Private Subnet Private Subnet
Dynamic
Websites
Static
Websites
.Net Stack LAMP Stack
SPS
Stack
Shared
Services
WAF WAF
Availability Zone
.Net
Stack
LAMP Stack
SPS
Stack
Shared
Services
Virtual Private
Cloud
Auto scaling
Groups
CloudFron
t
Siemens
Customer
s
Internet
Route
53
On-
Premise
s
Media
Sources
AWS Direct
Connect
SQS
S3
Bucket
2
1
Availability
Zone B
ELB
Processing
Layer
EC2 App
Servers
EC2 App
Servers
Customer
App Layer
EC2 Web
Servers
EC2 Web
Servers
Web Layer
ProcessedMedia
Processed Data
/ Meta-data
DynamoDB
Availability Zone A
4
G2
GPU-
Optimized
Instances
G2
GPU-
Optimized
Instances
ELB
3
5
6
Static Content
Unprocessed
Media
Unprocessed Media
Dynamic
Content
Availability Zone A Availability Zone B
Public Subnet Public Subnet
Private Subnet Private Subnet
Instance A
10.1.1.11 /24
Instance B
10.1.2.22 /24
Instance C
10.1.3.33 /24
Instance D
10.1.4.44 /24
10.1.1.0/16
10.1.2.0/16
10.1.3.0/16
Public Subnet
6. Maybe It’s the Right Time to Standardize…
1. Define the resources and landscapes
where software and application are
deployed
2. ‘Approve once and deploy many’
3. Enable self service deploy with
confidence
4. Continuously automate
8. AWS CloudFormation Overview
JSON/YAML formatted file
Parameter definition
Resource creation
Configuration actions
Framework
Stack creation
Stack updates
Error detection and rollback
Configured AWS resources
Comprehensive service support
Service event aware
Customizable
Template CloudFormation Stack
9. AWS CloudFormation Benefits
• Version control/replicate/update the templates like
application code
• Integrates with development, CI/CD, management tools
• No additional charge to use
14. AWS Service Catalog
AWS Service Catalog allows organizations to create and
manage catalogs of IT services. It enables users to quickly
deploy approved IT services they need in a self-service
manner.
Administrator Users
Control
Standardization
Governance
Agility
Self-service
Time to market
15. AWS Service Catalog – A Few Terms to Note
Product
Portfolio Stack
Constraint
an IT service that you
want to make available
for deployment on AWS.
a collection of products,
together with configuration
information.
restrict the ways that specific
AWS resources can be
deployed for a product
every AWS Service Catalog
product is launched as an AWS
CloudFormation stack
16. AWS Service Catalog
Enable
• 11 User API methods
• 40+ Admin API methods
• Share products across Portfolios and
AWS accounts
Orchestrate
• Version products
• Limit console access
• Provide various levels of user access
Automate
• Launch constraints
• Template constraints
17. Administrator Interaction
Creates portfolio and
assigns product portfolio
1
Administrator
Adds constraints, grant access
and add tags
2 Creates
product
Authors
template
ProductX
Versions
Portfolio BPortfolio A
• Users and Roles
• Constraints
• Tags
Service Catalog
3
DevOps
Automation
4
18. Opportunities to Strengthen the Handshake
User generated
products to foster
innovation
Back-end micro-services
acting on the stacks
Administrator
Products
20. AWS Health and AWS
Personal Health Dashboard
AWS service health, notifications and automation
21. PHD
Amazon
CloudWatch
Events
AWS Health and AWS Personal Health Dashboard
Visibility and
transparency
into your resources
Custom notifications and
automated actions
through Amazon
CloudWatch Events
Hundreds of known
operational, billing,
security event types
https://phd.aws.amazon.com/
22. AWS Service Integrations
Service-level
insights into
health
All AWS services
Amazon
EC2
Amazon EBS
Amazon
SES
Amazon
VPC
AWS Direct
Connect
Elastic Load
Balancing
Amazon
Elasticsearch Service
Amazon
Cognito
Amazon
ElastiCache
Amazon
RDS
Resource and
service-level
insights into
health
AWS Certificate
Manager
AWS
CloudTrail
23. AWS Health Workflow At a Glance
Collect Health Events
AWS Health
triggers AWS
Lambda functions
matching Amazon
CloudWatch rules
AWS Lambda executes
automated and custom
actions
24. With (not so) Great Automation Comes Great
Risks…
Production databases/instances could be considered idle.
- Low traffic period.
- Different system resource (e.g. memory) might be in use.
Database
25. AWS Health Tools
• Open source and community driven on GitHub:
https://github.com/aws/aws-health-tools
• Automated actions in response to AWS Health events.
• Sets up customized alerts in response to AWS Health
events.
26. AWS Health Tools Examples:
SMS Notifier – Send custom text or SMS notifications.
SNS Topic Publisher – Publish to an SNS topic.
Slack Notifier – Post to a Slack channel.
Instance Store Degraded Drive – Stop or terminate an
instance that has a degraded instance store drive.
Disable AWS CodePipeline Stage Transition – Stop
deployment when an issue arises.
27. • overall view of status
Personal Health
Dashboard
• describe-events
• describe-event-details
• describe-affected-entities
• …
API
• Set Rules to extract events of
interest
• Set Targets for rules (Amazon
SNS, Amazon SQS, AWS
Lambda, Amazon Kinesis)
Push notifications
through
CloudWatch
Events
AWS
Health
Service
In-house or
third-party
monitoring
and event
mgmt.
system
AWS Health Service Extended
28. Automation and Consistency Benefits
Standardize
Enforce Consistency
Limit Access
Enforce Tagging, Security Groups
One-Stop Shop
Easily Deploy Across
Multiple Environments
Continuously Monitor
and Remediate Issues
30. CloudPlatformTeam
# Small team
# Infrastructure with Amazon Web Services
# Supporting ~50 developers
# Micro Service Architectures
# Base Infrastructure
# Support Developers
47. Closing Thoughts
• Don’t mix IaC and manual configuration
• Separate infrastructure changes from code
deployment
• Hide complexity where it’s easy to test
• Testing infrastructure can be slow
• Snowflakes are beautiful - in nature
• Long uptime is not cool
• Version control the infrastructure
• Aim for a strategy where change is
easy to evaluate