O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

How Qantas is Scaling Cloud Operations with AWS Systems Manager - AWS Summit Sydney

94 visualizações

Publicada em

AWS Systems Manager gives you visibility and control of your infrastructure on AWS. AWS Systems Manager provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources. In this session you will learn how enterprises have embraced AWS Systems Manager to address many of the common operational challenges that have emerged on their journey to the cloud.

  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

How Qantas is Scaling Cloud Operations with AWS Systems Manager - AWS Summit Sydney

  1. 1. S U M M I T SYDNEY
  2. 2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T How Qantas is scaling cloud operations with AWS Systems Manager Emily Arnautovic Enterprise Solutions Architect Amazon Web Services Steven Tyson Cloud Services Lead Qantas Airways
  3. 3. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Scaling operations
  4. 4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T - Define - Discover - Monitor - Manage - Report - Respond - Agility - Innovation Governance Developmentspeed The challenge of governance vs. agility
  5. 5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Services to improve governance and agility Integrated & interoperable
  6. 6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Systems Manager Resource Groups Automation Run Command
  7. 7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Systems Manager Inventory Patch Manager Maintenance Window Resource Groups Automation Run Command
  8. 8. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Systems Manager Parameter Store State Manager Session Manager Distributor Resource Groups Automation Run Command Inventory Patch Manager Maintenance Window
  9. 9. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Qantas Airways • 100 year history • Domestic and international flights • Millions of customers • Safety is our highest priority • AWS customer since 2014 • Large, diverse technical stack • 100’s of applications and services • Large cloud and physical IT presence • Constellation app (flight planning) © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  10. 10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T A snapshot of Qantas at cloud scale Significant spend and growing
  11. 11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T A snapshot of Qantas at cloud scale Significant spend and growing
  12. 12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T A snapshot of Qantas at cloud scale Significant spend and growing
  13. 13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Infrastructure as code AWS CloudFormation AWS Lambda AWS Step Functions Auto Scaling GroupAmazon SQS Amazon EC2 AWS Identity and Access Management (IAM)
  14. 14. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Infrastructure as code Documents Parameter Store Run command AWS CloudFormation AWS Lambda AWS Step Functions Auto Scaling GroupAmazon SQS Amazon EC2 AWS Identity and Access Management (IAM)
  15. 15. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Scenario and challenges Image credit: Steve Buissinne from Pixabay © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  16. 16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Scenario and challenges © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Image credit: Steve Buissinne from Pixabay
  17. 17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Solutions 
  18. 18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Systems Manager – use case 1 Parameter Store
  19. 19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Use case 1: runtime parameter queries AWS Cloud VPC
  20. 20. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Use case 1: runtime parameter queries Parameter Store AWS Systems Manager AWS Cloud VPC
  21. 21. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Use case 1: runtime parameter queries Permissions Lambda function (deletion of stale values) Parameter Store AWS Systems Manager AWS Cloud VPC
  22. 22. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Systems Manager – use case 2 Run Command
  23. 23. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Use case 2: break glass access AWS Cloud VPC
  24. 24. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Use case 2: break glass access AWS Cloud VPC AWS Systems Manager
  25. 25. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Use case 2: break glass access AWS Cloud VPC AWS Systems Manager
  26. 26. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Systems Manager – use case 3 Parameter Store
  27. 27. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Use case 3: approved SOE central model AWS CloudFormation AWS Cloud
  28. 28. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Use case 3: approved SOE central model Parameter Store Approved AMIs AWS Systems Manager AWS CloudFormation AWS Cloud
  29. 29. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Use case 3: approved SOE central model Parameter Store Approved AMIs AWS Systems Manager CloudFormation AWS Cloud AWS Lambda function Permissions Custom resource
  30. 30. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Systems Manager – use case 4 Run Command Parameter Store
  31. 31. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Use case 4: authenticated instance scans AWS Lambda Pre-scan AWS Step Functions Document 3rd Party security scannerRun Command AWS Cloud Amazon EC2 Instance VPC Amazon Simple Queue Service
  32. 32. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Use case 4: authenticated instance scans Amazon Simple Queue Service AWS Lambda Scan AWS Step Function Amazon EC2 Instance Document 3rd Party security scannerRun Command AWS Cloud VPC Amazon Simple Queue Service AWS Lambda Pre-scan AWS Step Functions
  33. 33. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Use case 4: authenticated instance scans Amazon Simple Queue Service AWS Lambda Scan AWS Step Function Amazon EC2 Instance Document 3rd Party security scannerRun Command AWS Cloud VPC Amazon Simple Queue Service AWS Lambda Pre-scan AWS Step Functions Lambda Clean-Up Step Function
  34. 34. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Lessons learnt AWS Key Management Service key per application Use AWS Systems Manager Documents Leverage VPC Endpoints AWS Lambda for secrets workflow orchestration Secrets aren’t always forever AWS Identity and Access Management naming conventions Keep AWS Systems Manager (SSM) agents current AWS Systems Manager log expertise and management Parameter Store vs. AWS Secrets Manager – effort vs. flexibility
  35. 35. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Results with AWS Systems Manager  Injection of application specific secure strings • No sensitive values in code • No user details in SOE • Developers store and manage their secrets  Central source of truth for real time operational values  Central store of Amazon EC2 information • Store and push out updates centrally Image credit: Nenad Maric from Pixabay
  36. 36. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Systems Manager – future uses Patch Manager Maintenance Window Session Manager
  37. 37. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Systems Manager summary AWS Systems Manager • Visibility and control at scale • Balance governance with agility: empower development teams Scan your badge! Reference: Walkthroughs • Parameter Store and Amazon Cloud Formation • Looking up AMIs Reference: AWS Solutions • Server Fleet Management at scale
  38. 38. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Related breakouts Keep It Secret, Keep It Safe: Credentials and Secrets Management on AWS (Level 300) Maria Sokolova Security at Scale: Security Hub and the Well Architected Framework (Level 300) Tyson Garrett The Art of Successful Failure (Level 200) Becky Weiss
  39. 39. Thank you! S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Emily Arnautovic emilyarn@amazon.com

×