AWS CSA Notes '22: Part 6 of 8 - Management Tool Services

on

6 Management Tool Services

6.1 AWS CloudWatch

... is a monitoring and observability service that allows cloud users to collect, access, and correlate data on a single platform, from across all AWS services as well as applications and resources, both on AWS and on-premise.

With Amazon CloudWatch Logs, you can collect and store three main categories of logs -

custom, vented and published

- by AWS services.

6.2 AWS CloudTrail

... is a management service that lets cloud users continuously log, monitor, and retain account activity for every action that occurs across an entire AWS infrastructure.

CloudWatch helps you understand "What's happening on AWS" while CloudTrail enables you to understand "Who did what on AWS."

Additional features of AWS CloudTrail you should be familiar with:

  • Always on
    • By default can automatically view and download up to 90 days of account activity.
  • Multi-region configuration support
    • Deliver log files and data from different regions to a single S3 bucket for an account.
  • Log file encryption and identity validation
  • Integration with AWS Services
    • With CloudTrail Insights you can easily detect unusual activity in your account, such as bursts of IAM actions, spikes in resource provisioning, etcetera...
6.3 AWS CloudFormation
  • AWS CloudFormation allows a cloud user to create, provision, and manage a collection of AWS and 3rd-party resources in a secure, predictable and orderly fashion.
    • CloudFormation templates
6.4 AWS OpsWorks
  • AWS OpsWorks is a configuration management service that automates operational tasks like server scaling, package instalments, software configurations, continuous deployment, etcetera.
    • ... across on-prem compute or Amazon EC2 instances
    • Offers:
      • AWS OpsWorks Stacks
      • AWS OpsWorks for Puppet Enterprise
      • AWS OpsWorks for Chef Automate
  • CloudFormation enables the creation, provisioning, and management of a wide range of resources vs OpsWorks simplifies the application deployment, software configuration, scaling, and monitoring.
6.5 AWS Resource Access Manager (RAM)
  • RAM offers cloud users secure and easy sharing of resouces...
  • RAM can be used to share subnets, Transit Gateways, Route 53 Resolver rules, Licensing Manager license setups, and more.
  • With RAM ... can share resources across accounts by choosing RAM-managed permissions...


Glossary:
  • AES-256 = 256-bit Advanced Encryption Standard
  • AZ = Availability Zone
  • KMS = Key Management Service {AWS Key Management Service}
  • MFS = Multi-Factor Authentication

Comments

Post a Comment