SlideShare une entreprise Scribd logo

How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017

Amazon Web Services
Amazon Web Services

Amazon.com enables all of its developers to be productive on AWS by operating across tens-of-thousands of team-owned AWS accounts, all while raising the bar on security, visibility and operational control. Amazon has been able to achieve these seemingly conflicting ideals by automating setup and management of these accounts at scale using AWS Management Tools such as CloudFormation, Config, CloudTrail, CloudWatch and EC2 Systems Manager. In this session, discover more about how Amazon.com built ASAP using AWS Management tools, and understand some of the decisions they made as their usage of AWS evolved over time. You will learn about the design, architecture and implementation that Amazon.com went through as part of this effort.

1  sur  62
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How Amazon.com Uses AWS Management Tools M i k e B u r k e , P r i n c i p a l T e c h . P r o g r a m M a n a g e r , A m a z o n . c o m P r a s h a n t P r a h l a d , S r . M g r P r o d u c t M a n a g e m e n t , A W S D E V 3 4 0 N o v e m b e r 2 9 , 2 0 1 7 Guardrails, not Gates
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What can you expect from this session • Management Tools? • Your governance philosophy first, tools will follow • Amazon.com’s journey • Role of management tools in journey • You too can implement similar mechanisms
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Getting situated in the Cloud Common questions: • What AWS Account structure should I use? • How much governance should I put in place? • How do I keep up with my company’s AWS usage? (and have a life) • Do I have adequate metadata for verification/analysis?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The challenge - Define - Discover - Monitor - Manage - Report - Respond - Agility - Innovation Governance Developmentspeed
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS enables you to do both - Define - Discover - Monitor - Manage - Report - Respond - Agility - Innovation Governance Developmentspeed With AWS you can programmatically: • Define provisioning and configuration of resources • Continuously discover new resources and changes to existing resources • Monitor resources and operations for compliance • Manage, report on, and respond to changes to your resources
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.  CloudFormation  Service Catalog  CloudTrail  Config  CloudWatch  Trusted Advisor  EC2 Systems Manager  Parameter Store // State Manager // Inventory // Maintenance Windows // Patch Manager // Run Command Introducing AWS Management Tools
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Discover Manage Monitor Report Respond Define AWS CloudFormation AWS Service Catalog Amazon EC2 Systems Manager AWS Config AWS CloudTrail Amazon CloudWatch Trusted Advisor AWS Management Tools: You choose
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Management Tools: CliffsNotes 1.Tools that automate lifecycle management of AWS resources, especially as you scale usage 2.No need to trade off visibility/control against agility 3.Provide better visibility and control than customers experienced previously 4.Primitives that can match changes to customers governing philosophy
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Customers who use AWS Management Tools
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS at Amazon
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Behind The Scenes Exclusive
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Behind The Scenes Exclusive
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How We Roll Two-Pizza Teams +
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How We Roll Two-Pizza Teams + Single Threaded Ownership +
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How We Roll Two-Pizza Teams + Single Threaded Ownership + Bias For Action +
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How We Roll Two-Pizza Teams + Single Threaded Ownership + Bias For Action + Continuous Deployment =
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How We Roll Two-Pizza Teams + Single Threaded Ownership + Bias For Action + Continuous Deployment = A LOT OF CHANGE
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. A Brief History
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Initial Approach On-Premise Network us-east-1 eu-west-1 us-west-2 … Shared Account
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. On-Premise Network Team Accounts Today us-east-1 eu-west-1 us-west-2 … Shared Account
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Today • Prime Day 2016 “Amazon retail team increased the size of their EC2 fleet, adding capacity that was equal to all of AWS and Amazon.com back in 2009” • Prime Day 2017 • DynamoDB: 3.34 trillion requests, peaking at 12.9 million per second • AWS Config: over 14 million configuration items tracked • AWS CloudTrail: 50 billion events, 419 billion API calls • CloudFormation: Nearly 31,000 stacks created for Prime Day https://aws.amazon.com/blogs/aws/prime-day-2017-powered-by-aws
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Two Models, Different Challenges Team AccountsShared Account
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Access Control
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Access Control Amazon RDS Instance
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Access Control Amazon RDS Instance
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Access Control Upgrade DB Engine Version Amazon RDS Instance
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Access Control Amazon RDS Instance Delete Instance
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Traditional Approach – Central Team
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Traditional Approach – Central Team
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Alternative 1 – Build A Wrapper
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Alternative 2 – Resource Permissions "Action":[ ”rds:*” ], "Effect":"Allow", "Resource":"*", "Condition":{ "StringEquals":{ ”rds:db-tag/team-name": [”finance"] } }
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Many Accounts
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Initial Approach - Restricting IAM • Take away root credentials • All IAM Roles are created through a management layer • AuthZ through an identity broker
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Restricting IAM - Identity Broker 1. Authenticate + Authorize 2. Assume Role 3. STS Token 4. URL 5. Launch Console Identity Broker I am: Bob Roberts I want to: Manage-RDS On: AWS Account 1234367
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Restricting IAM – Lessons • Yet Another Shim! • Prevents some automation • Not granular enough
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Getting Out Of The Way
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ASAP SNS Topic AWS ConfigAWS Cloudtrail AWS Account Amazon Cloudwatch Events
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ASAP SNS Topic SQS Notification Queue Event Dispatcher Rule Evaluators AWS ConfigAWS Cloudtrail ASAP AWS Account Describe state Amazon Cloudwatch Events
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ASAP SNS Topic SQS Notification Queue Event Dispatcher Rule Evaluators Reactor SNS Topics AWS ConfigAWS Cloudtrail ASAP AWS Account Describe state Reactors Amazon Cloudwatch Events
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Things that changed • Baselines and drift detection • Change notification with rich data AWS Config AWS Account SNS Topic AWS Config
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon CloudWatch Events • Things that happened • Not just user-initiated events • Scheduled and custom events SNS Topic AWS Account Amazon Cloudwatch Events
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • User and application activity • Every API call captured and logged • Broad coverage of AWS features • With Cloudwatch Events – no log crawls AWS Cloudtrail SNS Topic AWS Account AWS Cloudtrail Amazon Cloudwatch Events
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ASAP IRL AWS Account Amazon RDS Instance
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ASAP IRL AWS Account AWS Cloudtrail [{ ... "arn:aws:iam::123456789012:user/Mike", "eventTime": "2017-11-10T21:22:54Z", "eventSource": ”rds.amazonaws.com", "eventName": ”CreateDbInstance", "awsRegion": "us-east-2", "requestParameters": { ”dbInstanceId": ”mine-all-mine”, “MultiAZ” : “false” } ... Amazon RDS Instance
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ASAP IRL AWS Account AWS Cloudtrail Amazon Cloudwatch Events Amazon RDS Instance
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ASAP IRL AWS Account AWS Cloudtrail SNS Topic Amazon Cloudwatch Events Amazon RDS Instance
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ASAP IRL AWS Account AWS Cloudtrail SNS Topic ASAP SQS Notification Queue Event Dispatcher Rule Evaluators Amazon Cloudwatch Events Amazon RDS Instance
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ASAP IRL AWS Account Reactor AWS Cloudtrail SNS Topic ASAP SQS Notification Queue Event Dispatcher Rule Evaluators Reactor SNS TopicsAmazon Cloudwatch Events Amazon RDS Instance
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ASAP IRL AWS Account Reactor AWS Cloudtrail SNS Topic ASAP SQS Notification Queue Event Dispatcher Rule Evaluators Reactor SNS Topics Ticket / Notification Amazon Cloudwatch Events Amazon RDS Instance
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ASAP in Action SNS Topic SQS Notification Queue Event Dispatcher Rule Evaluators Reactor SNS TopicsAmazon Cloudwatch Events AWS Cloudtrail ASAP AWS Account Reactor Amazon RDS Instance Ticket / Notification
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What do we get? • Scale • Ability to assess the broader context • Catch problems early • Rich feedback and teaching tools • Ability to automatically escalate, mitigate or reverse (careful!)
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Other considerations • Anti-entropy checks • Tamper detection • Exceptions • Regular sweeps
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Looking ahead • Not just security • Simplify fixes • AWS CloudFormation StackSets and AWS Config Rules
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Avoiding Problems
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS CloudFormation • Be secure by default • ‘Known Good’ configurations: • VPC • Static Website via S3 + CloudFront • Amazon Aurora Clusters • Standard resources: • Cloudwatch Log Groups • Default IAM roles
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon EC2 Systems Manager (SSM) • Automated patching • Patch Group – what instances get patched? • Patch Baseline – what patches are applied? {PatchFilterGroup= {PatchFilters=[ {Key=PRODUCT,Values=[AmazonLinux2017.09]}, {Key=CLASSIFICATION,Values=[Security]}]}, ApproveAfterDays=0}
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Takeaways • Shared accounts have scaling limits • AWS enables people to move faster .. try to stay out of their way. • Everything changes when everything is an API. • Set people off on the right path, help them stay on it.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Takeaways • Shared accounts have scaling limits • AWS enables people to move faster .. try to stay out of their way. • Everything changes when everything is an API. • Set people off on the right path, help them stay on it. Governance vs. Agility doesn’t have to be a binary decision!
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Actions • Pick your governance philosophy early and know it will evolve • Select management tools that help you implement your governance philosophy • Adopt services when you’re ready and be comfortable to deprecate what you have built • You can build ASAP too!
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Management Tools: CliffsNotes 1.Tools that automate lifecycle management of AWS resources, especially as you scale usage 2.No need to trade off visibility/control against agility 3.Provide better visibility and control than customers experienced previously 4.Primitives that can match changes to customers governing philosophy
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Easy to try Management Tools 1. On the internet: https://aws.amazon.com/products/management/ 2. AWS Management Tools blog post : https://aws.amazon.com/blogs/mt/ 3. You can learn a lot just by turning on AWS Config Rules: https://github.com/awslabs/aws-config-rules 4. Use the console!
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you! P l e a s e s u b m i t y o u r s u r v e y

Recommandé

Use Amazon EC2 Systems Manager to Perform Automated Resilience Testing in You...
Use Amazon EC2 Systems Manager to Perform Automated Resilience Testing in You...Use Amazon EC2 Systems Manager to Perform Automated Resilience Testing in You...
Use Amazon EC2 Systems Manager to Perform Automated Resilience Testing in You...Amazon Web Services
 
Using AWS Management Tools to Enable Governance, Compliance, Operational, and...
Using AWS Management Tools to Enable Governance, Compliance, Operational, and...Using AWS Management Tools to Enable Governance, Compliance, Operational, and...
Using AWS Management Tools to Enable Governance, Compliance, Operational, and...Amazon Web Services
 
DEV332_Using AWS to Achieve Both Autonomy and Governance at 3M
DEV332_Using AWS to Achieve Both Autonomy and Governance at 3MDEV332_Using AWS to Achieve Both Autonomy and Governance at 3M
DEV332_Using AWS to Achieve Both Autonomy and Governance at 3MAmazon Web Services
 
Serverless DevOps to the Rescue - SRV330 - re:Invent 2017
Serverless DevOps to the Rescue - SRV330 - re:Invent 2017Serverless DevOps to the Rescue - SRV330 - re:Invent 2017
Serverless DevOps to the Rescue - SRV330 - re:Invent 2017Amazon Web Services
 
Deep-Dive for AWS X-Ray - DEV402 - re:Invent 2017
Deep-Dive for AWS X-Ray - DEV402 - re:Invent 2017Deep-Dive for AWS X-Ray - DEV402 - re:Invent 2017
Deep-Dive for AWS X-Ray - DEV402 - re:Invent 2017Amazon Web Services
 
SID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security TeamSID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security TeamAmazon Web Services
 
GPSTEC323-SaaS and OpenID Connect The Secret Sauce Multi-Tenant Identity and ...
GPSTEC323-SaaS and OpenID Connect The Secret Sauce Multi-Tenant Identity and ...GPSTEC323-SaaS and OpenID Connect The Secret Sauce Multi-Tenant Identity and ...
GPSTEC323-SaaS and OpenID Connect The Secret Sauce Multi-Tenant Identity and ...Amazon Web Services
 
Stack Mastery: Create and Optimize Advanced AWS CloudFormation Templates - DE...
Stack Mastery: Create and Optimize Advanced AWS CloudFormation Templates - DE...Stack Mastery: Create and Optimize Advanced AWS CloudFormation Templates - DE...
Stack Mastery: Create and Optimize Advanced AWS CloudFormation Templates - DE...Amazon Web Services
 

Recommandé

Use Amazon EC2 Systems Manager to Perform Automated Resilience Testing in You...
Use Amazon EC2 Systems Manager to Perform Automated Resilience Testing in You...Use Amazon EC2 Systems Manager to Perform Automated Resilience Testing in You...
Use Amazon EC2 Systems Manager to Perform Automated Resilience Testing in You...Amazon Web Services
 
Using AWS Management Tools to Enable Governance, Compliance, Operational, and...
Using AWS Management Tools to Enable Governance, Compliance, Operational, and...Using AWS Management Tools to Enable Governance, Compliance, Operational, and...
Using AWS Management Tools to Enable Governance, Compliance, Operational, and...Amazon Web Services
 
DEV332_Using AWS to Achieve Both Autonomy and Governance at 3M
DEV332_Using AWS to Achieve Both Autonomy and Governance at 3MDEV332_Using AWS to Achieve Both Autonomy and Governance at 3M
DEV332_Using AWS to Achieve Both Autonomy and Governance at 3MAmazon Web Services
 
Serverless DevOps to the Rescue - SRV330 - re:Invent 2017
Serverless DevOps to the Rescue - SRV330 - re:Invent 2017Serverless DevOps to the Rescue - SRV330 - re:Invent 2017
Serverless DevOps to the Rescue - SRV330 - re:Invent 2017Amazon Web Services
 
Deep-Dive for AWS X-Ray - DEV402 - re:Invent 2017
Deep-Dive for AWS X-Ray - DEV402 - re:Invent 2017Deep-Dive for AWS X-Ray - DEV402 - re:Invent 2017
Deep-Dive for AWS X-Ray - DEV402 - re:Invent 2017Amazon Web Services
 
SID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security TeamSID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security TeamAmazon Web Services
 
GPSTEC323-SaaS and OpenID Connect The Secret Sauce Multi-Tenant Identity and ...
GPSTEC323-SaaS and OpenID Connect The Secret Sauce Multi-Tenant Identity and ...GPSTEC323-SaaS and OpenID Connect The Secret Sauce Multi-Tenant Identity and ...
GPSTEC323-SaaS and OpenID Connect The Secret Sauce Multi-Tenant Identity and ...Amazon Web Services
 
Stack Mastery: Create and Optimize Advanced AWS CloudFormation Templates - DE...
Stack Mastery: Create and Optimize Advanced AWS CloudFormation Templates - DE...Stack Mastery: Create and Optimize Advanced AWS CloudFormation Templates - DE...
Stack Mastery: Create and Optimize Advanced AWS CloudFormation Templates - DE...Amazon Web Services
 
Deploying Business Analytics at Enterprise Scale - AWS Online Tech Talks
Deploying Business Analytics at Enterprise Scale - AWS Online Tech TalksDeploying Business Analytics at Enterprise Scale - AWS Online Tech Talks
Deploying Business Analytics at Enterprise Scale - AWS Online Tech TalksAmazon Web Services
 
Monitoring and Troubleshooting in a Serverless World - SRV303 - re:Invent 2017
Monitoring and Troubleshooting in a Serverless World - SRV303 - re:Invent 2017Monitoring and Troubleshooting in a Serverless World - SRV303 - re:Invent 2017
Monitoring and Troubleshooting in a Serverless World - SRV303 - re:Invent 2017Amazon Web Services
 
Serverless Applications at Global Scale with Multi-Regional Deployments - AWS...
Serverless Applications at Global Scale with Multi-Regional Deployments - AWS...Serverless Applications at Global Scale with Multi-Regional Deployments - AWS...
Serverless Applications at Global Scale with Multi-Regional Deployments - AWS...Amazon Web Services
 
WIN204-Simplifying Microsoft Architectures with AWS Services
WIN204-Simplifying Microsoft Architectures with AWS ServicesWIN204-Simplifying Microsoft Architectures with AWS Services
WIN204-Simplifying Microsoft Architectures with AWS ServicesAmazon Web Services
 
WIN401_Migrating Microsoft Applications to AWS
WIN401_Migrating Microsoft Applications to AWSWIN401_Migrating Microsoft Applications to AWS
WIN401_Migrating Microsoft Applications to AWSAmazon Web Services
 
Serverless Architectural Patterns
Serverless Architectural PatternsServerless Architectural Patterns
Serverless Architectural PatternsAmazon Web Services
 
CON320_Monitoring, Logging and Debugging Containerized Services
CON320_Monitoring, Logging and Debugging Containerized ServicesCON320_Monitoring, Logging and Debugging Containerized Services
CON320_Monitoring, Logging and Debugging Containerized ServicesAmazon Web Services
 
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWSAmazon Web Services
 
How to Assess Your Organization's Readiness to Migrate at Scale to AWS - ENT2...
How to Assess Your Organization's Readiness to Migrate at Scale to AWS - ENT2...How to Assess Your Organization's Readiness to Migrate at Scale to AWS - ENT2...
How to Assess Your Organization's Readiness to Migrate at Scale to AWS - ENT2...Amazon Web Services
 
Optimising Cost and Efficiency on AWS
Optimising Cost and Efficiency on AWSOptimising Cost and Efficiency on AWS
Optimising Cost and Efficiency on AWSAmazon Web Services
 
DAT309_Best Practices for Migrating from Oracle and SQL Server to Amazon RDS
DAT309_Best Practices for Migrating from Oracle and SQL Server to Amazon RDSDAT309_Best Practices for Migrating from Oracle and SQL Server to Amazon RDS
DAT309_Best Practices for Migrating from Oracle and SQL Server to Amazon RDSAmazon Web Services
 
Launch Applications the Amazon Way - AWS Online Tech Talks
Launch Applications the Amazon Way - AWS Online Tech TalksLaunch Applications the Amazon Way - AWS Online Tech Talks
Launch Applications the Amazon Way - AWS Online Tech TalksAmazon Web Services
 
SRV312_Taking Serverless to the Edge
SRV312_Taking Serverless to the EdgeSRV312_Taking Serverless to the Edge
SRV312_Taking Serverless to the EdgeAmazon Web Services
 
SID344-Soup to Nuts Identity Federation for AWS
SID344-Soup to Nuts Identity Federation for AWSSID344-Soup to Nuts Identity Federation for AWS
SID344-Soup to Nuts Identity Federation for AWSAmazon Web Services
 
GPSTEC314-GPS From Monolithic to Serverless - Why and How to Move
GPSTEC314-GPS From Monolithic to Serverless - Why and How to MoveGPSTEC314-GPS From Monolithic to Serverless - Why and How to Move
GPSTEC314-GPS From Monolithic to Serverless - Why and How to MoveAmazon Web Services
 
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Amazon Web Services
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
 
DEV322_Continuous Integration Best Practices for Software Development Teams
DEV322_Continuous Integration Best Practices for Software Development TeamsDEV322_Continuous Integration Best Practices for Software Development Teams
DEV322_Continuous Integration Best Practices for Software Development TeamsAmazon Web Services
 
Embrace DevOps and Learn How to Automate Operations - DEV306 - re:Invent 2017
Embrace DevOps and Learn How to Automate Operations - DEV306 - re:Invent 2017Embrace DevOps and Learn How to Automate Operations - DEV306 - re:Invent 2017
Embrace DevOps and Learn How to Automate Operations - DEV306 - re:Invent 2017Amazon Web Services
 
Soup to Nuts: Identity Federation for AWS
Soup to Nuts: Identity Federation for AWSSoup to Nuts: Identity Federation for AWS
Soup to Nuts: Identity Federation for AWSAmazon Web Services
 
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...Amazon Web Services
 
Leveraging a Cloud Policy Framework - From Zero to Well Governed - ENT318 - r...
Leveraging a Cloud Policy Framework - From Zero to Well Governed - ENT318 - r...Leveraging a Cloud Policy Framework - From Zero to Well Governed - ENT318 - r...
Leveraging a Cloud Policy Framework - From Zero to Well Governed - ENT318 - r...Amazon Web Services
 

Contenu connexe

Tendances

Deploying Business Analytics at Enterprise Scale - AWS Online Tech Talks
Deploying Business Analytics at Enterprise Scale - AWS Online Tech TalksDeploying Business Analytics at Enterprise Scale - AWS Online Tech Talks
Deploying Business Analytics at Enterprise Scale - AWS Online Tech TalksAmazon Web Services
 
Monitoring and Troubleshooting in a Serverless World - SRV303 - re:Invent 2017
Monitoring and Troubleshooting in a Serverless World - SRV303 - re:Invent 2017Monitoring and Troubleshooting in a Serverless World - SRV303 - re:Invent 2017
Monitoring and Troubleshooting in a Serverless World - SRV303 - re:Invent 2017Amazon Web Services
 
Serverless Applications at Global Scale with Multi-Regional Deployments - AWS...
Serverless Applications at Global Scale with Multi-Regional Deployments - AWS...Serverless Applications at Global Scale with Multi-Regional Deployments - AWS...
Serverless Applications at Global Scale with Multi-Regional Deployments - AWS...Amazon Web Services
 
WIN204-Simplifying Microsoft Architectures with AWS Services
WIN204-Simplifying Microsoft Architectures with AWS ServicesWIN204-Simplifying Microsoft Architectures with AWS Services
WIN204-Simplifying Microsoft Architectures with AWS ServicesAmazon Web Services
 
WIN401_Migrating Microsoft Applications to AWS
WIN401_Migrating Microsoft Applications to AWSWIN401_Migrating Microsoft Applications to AWS
WIN401_Migrating Microsoft Applications to AWSAmazon Web Services
 
Serverless Architectural Patterns
Serverless Architectural PatternsServerless Architectural Patterns
Serverless Architectural PatternsAmazon Web Services
 
CON320_Monitoring, Logging and Debugging Containerized Services
CON320_Monitoring, Logging and Debugging Containerized ServicesCON320_Monitoring, Logging and Debugging Containerized Services
CON320_Monitoring, Logging and Debugging Containerized ServicesAmazon Web Services
 
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWSAmazon Web Services
 
How to Assess Your Organization's Readiness to Migrate at Scale to AWS - ENT2...
How to Assess Your Organization's Readiness to Migrate at Scale to AWS - ENT2...How to Assess Your Organization's Readiness to Migrate at Scale to AWS - ENT2...
How to Assess Your Organization's Readiness to Migrate at Scale to AWS - ENT2...Amazon Web Services
 
Optimising Cost and Efficiency on AWS
Optimising Cost and Efficiency on AWSOptimising Cost and Efficiency on AWS
Optimising Cost and Efficiency on AWSAmazon Web Services
 
DAT309_Best Practices for Migrating from Oracle and SQL Server to Amazon RDS
DAT309_Best Practices for Migrating from Oracle and SQL Server to Amazon RDSDAT309_Best Practices for Migrating from Oracle and SQL Server to Amazon RDS
DAT309_Best Practices for Migrating from Oracle and SQL Server to Amazon RDSAmazon Web Services
 
Launch Applications the Amazon Way - AWS Online Tech Talks
Launch Applications the Amazon Way - AWS Online Tech TalksLaunch Applications the Amazon Way - AWS Online Tech Talks
Launch Applications the Amazon Way - AWS Online Tech TalksAmazon Web Services
 
SRV312_Taking Serverless to the Edge
SRV312_Taking Serverless to the EdgeSRV312_Taking Serverless to the Edge
SRV312_Taking Serverless to the EdgeAmazon Web Services
 
SID344-Soup to Nuts Identity Federation for AWS
SID344-Soup to Nuts Identity Federation for AWSSID344-Soup to Nuts Identity Federation for AWS
SID344-Soup to Nuts Identity Federation for AWSAmazon Web Services
 
GPSTEC314-GPS From Monolithic to Serverless - Why and How to Move
GPSTEC314-GPS From Monolithic to Serverless - Why and How to MoveGPSTEC314-GPS From Monolithic to Serverless - Why and How to Move
GPSTEC314-GPS From Monolithic to Serverless - Why and How to MoveAmazon Web Services
 
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Amazon Web Services
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
 
DEV322_Continuous Integration Best Practices for Software Development Teams
DEV322_Continuous Integration Best Practices for Software Development TeamsDEV322_Continuous Integration Best Practices for Software Development Teams
DEV322_Continuous Integration Best Practices for Software Development TeamsAmazon Web Services
 
Embrace DevOps and Learn How to Automate Operations - DEV306 - re:Invent 2017
Embrace DevOps and Learn How to Automate Operations - DEV306 - re:Invent 2017Embrace DevOps and Learn How to Automate Operations - DEV306 - re:Invent 2017
Embrace DevOps and Learn How to Automate Operations - DEV306 - re:Invent 2017Amazon Web Services
 
Soup to Nuts: Identity Federation for AWS
Soup to Nuts: Identity Federation for AWSSoup to Nuts: Identity Federation for AWS
Soup to Nuts: Identity Federation for AWSAmazon Web Services
 

Tendances (20)

Deploying Business Analytics at Enterprise Scale - AWS Online Tech Talks
Deploying Business Analytics at Enterprise Scale - AWS Online Tech TalksDeploying Business Analytics at Enterprise Scale - AWS Online Tech Talks
Deploying Business Analytics at Enterprise Scale - AWS Online Tech Talks
 
Monitoring and Troubleshooting in a Serverless World - SRV303 - re:Invent 2017
Monitoring and Troubleshooting in a Serverless World - SRV303 - re:Invent 2017Monitoring and Troubleshooting in a Serverless World - SRV303 - re:Invent 2017
Monitoring and Troubleshooting in a Serverless World - SRV303 - re:Invent 2017
 
Serverless Applications at Global Scale with Multi-Regional Deployments - AWS...
Serverless Applications at Global Scale with Multi-Regional Deployments - AWS...Serverless Applications at Global Scale with Multi-Regional Deployments - AWS...
Serverless Applications at Global Scale with Multi-Regional Deployments - AWS...
 
WIN204-Simplifying Microsoft Architectures with AWS Services
WIN204-Simplifying Microsoft Architectures with AWS ServicesWIN204-Simplifying Microsoft Architectures with AWS Services
WIN204-Simplifying Microsoft Architectures with AWS Services
 
WIN401_Migrating Microsoft Applications to AWS
WIN401_Migrating Microsoft Applications to AWSWIN401_Migrating Microsoft Applications to AWS
WIN401_Migrating Microsoft Applications to AWS
 
Serverless Architectural Patterns
Serverless Architectural PatternsServerless Architectural Patterns
Serverless Architectural Patterns
 
CON320_Monitoring, Logging and Debugging Containerized Services
CON320_Monitoring, Logging and Debugging Containerized ServicesCON320_Monitoring, Logging and Debugging Containerized Services
CON320_Monitoring, Logging and Debugging Containerized Services
 
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
 
How to Assess Your Organization's Readiness to Migrate at Scale to AWS - ENT2...
How to Assess Your Organization's Readiness to Migrate at Scale to AWS - ENT2...How to Assess Your Organization's Readiness to Migrate at Scale to AWS - ENT2...
How to Assess Your Organization's Readiness to Migrate at Scale to AWS - ENT2...
 
Optimising Cost and Efficiency on AWS
Optimising Cost and Efficiency on AWSOptimising Cost and Efficiency on AWS
Optimising Cost and Efficiency on AWS
 
DAT309_Best Practices for Migrating from Oracle and SQL Server to Amazon RDS
DAT309_Best Practices for Migrating from Oracle and SQL Server to Amazon RDSDAT309_Best Practices for Migrating from Oracle and SQL Server to Amazon RDS
DAT309_Best Practices for Migrating from Oracle and SQL Server to Amazon RDS
 
Launch Applications the Amazon Way - AWS Online Tech Talks
Launch Applications the Amazon Way - AWS Online Tech TalksLaunch Applications the Amazon Way - AWS Online Tech Talks
Launch Applications the Amazon Way - AWS Online Tech Talks
 
SRV312_Taking Serverless to the Edge
SRV312_Taking Serverless to the EdgeSRV312_Taking Serverless to the Edge
SRV312_Taking Serverless to the Edge
 
SID344-Soup to Nuts Identity Federation for AWS
SID344-Soup to Nuts Identity Federation for AWSSID344-Soup to Nuts Identity Federation for AWS
SID344-Soup to Nuts Identity Federation for AWS
 
GPSTEC314-GPS From Monolithic to Serverless - Why and How to Move
GPSTEC314-GPS From Monolithic to Serverless - Why and How to MoveGPSTEC314-GPS From Monolithic to Serverless - Why and How to Move
GPSTEC314-GPS From Monolithic to Serverless - Why and How to Move
 
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
 
DEV322_Continuous Integration Best Practices for Software Development Teams
DEV322_Continuous Integration Best Practices for Software Development TeamsDEV322_Continuous Integration Best Practices for Software Development Teams
DEV322_Continuous Integration Best Practices for Software Development Teams
 
Embrace DevOps and Learn How to Automate Operations - DEV306 - re:Invent 2017
Embrace DevOps and Learn How to Automate Operations - DEV306 - re:Invent 2017Embrace DevOps and Learn How to Automate Operations - DEV306 - re:Invent 2017
Embrace DevOps and Learn How to Automate Operations - DEV306 - re:Invent 2017
 
Soup to Nuts: Identity Federation for AWS
Soup to Nuts: Identity Federation for AWSSoup to Nuts: Identity Federation for AWS
Soup to Nuts: Identity Federation for AWS
 

Similaire à How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017

Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...Amazon Web Services
 
Leveraging a Cloud Policy Framework - From Zero to Well Governed - ENT318 - r...
Leveraging a Cloud Policy Framework - From Zero to Well Governed - ENT318 - r...Leveraging a Cloud Policy Framework - From Zero to Well Governed - ENT318 - r...
Leveraging a Cloud Policy Framework - From Zero to Well Governed - ENT318 - r...Amazon Web Services
 
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...Amazon Web Services
 
AWS re:Invent 2017 | CloudHealth Tech Session
AWS re:Invent 2017 | CloudHealth Tech SessionAWS re:Invent 2017 | CloudHealth Tech Session
AWS re:Invent 2017 | CloudHealth Tech SessionCloudHealth by VMware
 
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Amazon Web Services
 
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Amazon Web Services
 
SID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategySID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategyAmazon Web Services
 
Automate Best Practices and Operational Health for AWS Resources with AWS Tru...
Automate Best Practices and Operational Health for AWS Resources with AWS Tru...Automate Best Practices and Operational Health for AWS Resources with AWS Tru...
Automate Best Practices and Operational Health for AWS Resources with AWS Tru...Amazon Web Services
 
Introduction to the Security Perspective of the Cloud Adoption Framework
Introduction to the Security Perspective of the Cloud Adoption FrameworkIntroduction to the Security Perspective of the Cloud Adoption Framework
Introduction to the Security Perspective of the Cloud Adoption FrameworkAmazon Web Services
 
ARC325_Managing Multiple AWS Accounts at Scale
ARC325_Managing Multiple AWS Accounts at ScaleARC325_Managing Multiple AWS Accounts at Scale
ARC325_Managing Multiple AWS Accounts at ScaleAmazon Web Services
 
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017Amazon Web Services
 
NEW LAUNCH! Gain Operational Insights and Take Action on AWS Resources with A...
NEW LAUNCH! Gain Operational Insights and Take Action on AWS Resources with A...NEW LAUNCH! Gain Operational Insights and Take Action on AWS Resources with A...
NEW LAUNCH! Gain Operational Insights and Take Action on AWS Resources with A...Amazon Web Services
 
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...Amazon Web Services
 
Applying AWS Organizations to Complex Account Structures - April 2017 AWS Onl...
Applying AWS Organizations to Complex Account Structures - April 2017 AWS Onl...Applying AWS Organizations to Complex Account Structures - April 2017 AWS Onl...
Applying AWS Organizations to Complex Account Structures - April 2017 AWS Onl...Amazon Web Services
 
Introduction to the Security Perspective of the Cloud Adoption Framework
Introduction to the Security Perspective of the Cloud Adoption FrameworkIntroduction to the Security Perspective of the Cloud Adoption Framework
Introduction to the Security Perspective of the Cloud Adoption FrameworkAmazon Web Services
 
The 1%: Identity and Governance Patterns from the Most Advanced AWS Customers...
The 1%: Identity and Governance Patterns from the Most Advanced AWS Customers...The 1%: Identity and Governance Patterns from the Most Advanced AWS Customers...
The 1%: Identity and Governance Patterns from the Most Advanced AWS Customers...Amazon Web Services
 
Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference
Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference
Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference Amazon Web Services
 
Achieving Continuous Compliance using AWS Config - AWS Public Sector Summit S...
Achieving Continuous Compliance using AWS Config - AWS Public Sector Summit S...Achieving Continuous Compliance using AWS Config - AWS Public Sector Summit S...
Achieving Continuous Compliance using AWS Config - AWS Public Sector Summit S...Amazon Web Services
 

Similaire à How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017 (20)

Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...
 
Leveraging a Cloud Policy Framework - From Zero to Well Governed - ENT318 - r...
Leveraging a Cloud Policy Framework - From Zero to Well Governed - ENT318 - r...Leveraging a Cloud Policy Framework - From Zero to Well Governed - ENT318 - r...
Leveraging a Cloud Policy Framework - From Zero to Well Governed - ENT318 - r...
 
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...
 
AWS re:Invent 2017 | CloudHealth Tech Session
AWS re:Invent 2017 | CloudHealth Tech SessionAWS re:Invent 2017 | CloudHealth Tech Session
AWS re:Invent 2017 | CloudHealth Tech Session
 
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
 
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
 
Getting started with AWS
Getting started with AWSGetting started with AWS
Getting started with AWS
 
SID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategySID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account Strategy
 
Getting Started with AWS
Getting Started with AWSGetting Started with AWS
Getting Started with AWS
 
Automate Best Practices and Operational Health for AWS Resources with AWS Tru...
Automate Best Practices and Operational Health for AWS Resources with AWS Tru...Automate Best Practices and Operational Health for AWS Resources with AWS Tru...
Automate Best Practices and Operational Health for AWS Resources with AWS Tru...
 
Introduction to the Security Perspective of the Cloud Adoption Framework
Introduction to the Security Perspective of the Cloud Adoption FrameworkIntroduction to the Security Perspective of the Cloud Adoption Framework
Introduction to the Security Perspective of the Cloud Adoption Framework
 
ARC325_Managing Multiple AWS Accounts at Scale
ARC325_Managing Multiple AWS Accounts at ScaleARC325_Managing Multiple AWS Accounts at Scale
ARC325_Managing Multiple AWS Accounts at Scale
 
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017
 
NEW LAUNCH! Gain Operational Insights and Take Action on AWS Resources with A...
NEW LAUNCH! Gain Operational Insights and Take Action on AWS Resources with A...NEW LAUNCH! Gain Operational Insights and Take Action on AWS Resources with A...
NEW LAUNCH! Gain Operational Insights and Take Action on AWS Resources with A...
 
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
 
Applying AWS Organizations to Complex Account Structures - April 2017 AWS Onl...
Applying AWS Organizations to Complex Account Structures - April 2017 AWS Onl...Applying AWS Organizations to Complex Account Structures - April 2017 AWS Onl...
Applying AWS Organizations to Complex Account Structures - April 2017 AWS Onl...
 
Introduction to the Security Perspective of the Cloud Adoption Framework
Introduction to the Security Perspective of the Cloud Adoption FrameworkIntroduction to the Security Perspective of the Cloud Adoption Framework
Introduction to the Security Perspective of the Cloud Adoption Framework
 
The 1%: Identity and Governance Patterns from the Most Advanced AWS Customers...
The 1%: Identity and Governance Patterns from the Most Advanced AWS Customers...The 1%: Identity and Governance Patterns from the Most Advanced AWS Customers...
The 1%: Identity and Governance Patterns from the Most Advanced AWS Customers...
 
Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference
Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference
Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference
 
Achieving Continuous Compliance using AWS Config - AWS Public Sector Summit S...
Achieving Continuous Compliance using AWS Config - AWS Public Sector Summit S...Achieving Continuous Compliance using AWS Config - AWS Public Sector Summit S...
Achieving Continuous Compliance using AWS Config - AWS Public Sector Summit S...
 

Plus de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Plus de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017

  • 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How Amazon.com Uses AWS Management Tools M i k e B u r k e , P r i n c i p a l T e c h . P r o g r a m M a n a g e r , A m a z o n . c o m P r a s h a n t P r a h l a d , S r . M g r P r o d u c t M a n a g e m e n t , A W S D E V 3 4 0 N o v e m b e r 2 9 , 2 0 1 7 Guardrails, not Gates
  • 2. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What can you expect from this session • Management Tools? • Your governance philosophy first, tools will follow • Amazon.com’s journey • Role of management tools in journey • You too can implement similar mechanisms
  • 3. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Getting situated in the Cloud Common questions: • What AWS Account structure should I use? • How much governance should I put in place? • How do I keep up with my company’s AWS usage? (and have a life) • Do I have adequate metadata for verification/analysis?
  • 4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The challenge - Define - Discover - Monitor - Manage - Report - Respond - Agility - Innovation Governance Developmentspeed
  • 5. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS enables you to do both - Define - Discover - Monitor - Manage - Report - Respond - Agility - Innovation Governance Developmentspeed With AWS you can programmatically: • Define provisioning and configuration of resources • Continuously discover new resources and changes to existing resources • Monitor resources and operations for compliance • Manage, report on, and respond to changes to your resources
  • 6. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.  CloudFormation  Service Catalog  CloudTrail  Config  CloudWatch  Trusted Advisor  EC2 Systems Manager  Parameter Store // State Manager // Inventory // Maintenance Windows // Patch Manager // Run Command Introducing AWS Management Tools
  • 7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Discover Manage Monitor Report Respond Define AWS CloudFormation AWS Service Catalog Amazon EC2 Systems Manager AWS Config AWS CloudTrail Amazon CloudWatch Trusted Advisor AWS Management Tools: You choose
  • 8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Management Tools: CliffsNotes 1.Tools that automate lifecycle management of AWS resources, especially as you scale usage 2.No need to trade off visibility/control against agility 3.Provide better visibility and control than customers experienced previously 4.Primitives that can match changes to customers governing philosophy
  • 9. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Customers who use AWS Management Tools
  • 10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS at Amazon
  • 11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Behind The Scenes Exclusive
  • 12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Behind The Scenes Exclusive
  • 13. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How We Roll Two-Pizza Teams +
  • 14. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How We Roll Two-Pizza Teams + Single Threaded Ownership +
  • 15. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How We Roll Two-Pizza Teams + Single Threaded Ownership + Bias For Action +
  • 16. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How We Roll Two-Pizza Teams + Single Threaded Ownership + Bias For Action + Continuous Deployment =
  • 17. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How We Roll Two-Pizza Teams + Single Threaded Ownership + Bias For Action + Continuous Deployment = A LOT OF CHANGE
  • 18. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. A Brief History
  • 19. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Initial Approach On-Premise Network us-east-1 eu-west-1 us-west-2 … Shared Account
  • 20. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. On-Premise Network Team Accounts Today us-east-1 eu-west-1 us-west-2 … Shared Account
  • 21. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Today • Prime Day 2016 “Amazon retail team increased the size of their EC2 fleet, adding capacity that was equal to all of AWS and Amazon.com back in 2009” • Prime Day 2017 • DynamoDB: 3.34 trillion requests, peaking at 12.9 million per second • AWS Config: over 14 million configuration items tracked • AWS CloudTrail: 50 billion events, 419 billion API calls • CloudFormation: Nearly 31,000 stacks created for Prime Day https://aws.amazon.com/blogs/aws/prime-day-2017-powered-by-aws
  • 22. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Two Models, Different Challenges Team AccountsShared Account
  • 23. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Access Control
  • 24. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Access Control Amazon RDS Instance
  • 25. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Access Control Amazon RDS Instance
  • 26. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Access Control Upgrade DB Engine Version Amazon RDS Instance
  • 27. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Access Control Amazon RDS Instance Delete Instance
  • 28. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Traditional Approach – Central Team
  • 29. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Traditional Approach – Central Team
  • 30. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Alternative 1 – Build A Wrapper
  • 31. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Alternative 2 – Resource Permissions "Action":[ ”rds:*” ], "Effect":"Allow", "Resource":"*", "Condition":{ "StringEquals":{ ”rds:db-tag/team-name": [”finance"] } }
  • 32. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Many Accounts
  • 33. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Initial Approach - Restricting IAM • Take away root credentials • All IAM Roles are created through a management layer • AuthZ through an identity broker
  • 34. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Restricting IAM - Identity Broker 1. Authenticate + Authorize 2. Assume Role 3. STS Token 4. URL 5. Launch Console Identity Broker I am: Bob Roberts I want to: Manage-RDS On: AWS Account 1234367
  • 35. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Restricting IAM – Lessons • Yet Another Shim! • Prevents some automation • Not granular enough
  • 36. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Getting Out Of The Way
  • 37. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ASAP SNS Topic AWS ConfigAWS Cloudtrail AWS Account Amazon Cloudwatch Events
  • 38. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ASAP SNS Topic SQS Notification Queue Event Dispatcher Rule Evaluators AWS ConfigAWS Cloudtrail ASAP AWS Account Describe state Amazon Cloudwatch Events
  • 39. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ASAP SNS Topic SQS Notification Queue Event Dispatcher Rule Evaluators Reactor SNS Topics AWS ConfigAWS Cloudtrail ASAP AWS Account Describe state Reactors Amazon Cloudwatch Events
  • 40. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Things that changed • Baselines and drift detection • Change notification with rich data AWS Config AWS Account SNS Topic AWS Config
  • 41. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon CloudWatch Events • Things that happened • Not just user-initiated events • Scheduled and custom events SNS Topic AWS Account Amazon Cloudwatch Events
  • 42. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • User and application activity • Every API call captured and logged • Broad coverage of AWS features • With Cloudwatch Events – no log crawls AWS Cloudtrail SNS Topic AWS Account AWS Cloudtrail Amazon Cloudwatch Events
  • 43. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ASAP IRL AWS Account Amazon RDS Instance
  • 44. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ASAP IRL AWS Account AWS Cloudtrail [{ ... "arn:aws:iam::123456789012:user/Mike", "eventTime": "2017-11-10T21:22:54Z", "eventSource": ”rds.amazonaws.com", "eventName": ”CreateDbInstance", "awsRegion": "us-east-2", "requestParameters": { ”dbInstanceId": ”mine-all-mine”, “MultiAZ” : “false” } ... Amazon RDS Instance
  • 45. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ASAP IRL AWS Account AWS Cloudtrail Amazon Cloudwatch Events Amazon RDS Instance
  • 46. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ASAP IRL AWS Account AWS Cloudtrail SNS Topic Amazon Cloudwatch Events Amazon RDS Instance
  • 47. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ASAP IRL AWS Account AWS Cloudtrail SNS Topic ASAP SQS Notification Queue Event Dispatcher Rule Evaluators Amazon Cloudwatch Events Amazon RDS Instance
  • 48. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ASAP IRL AWS Account Reactor AWS Cloudtrail SNS Topic ASAP SQS Notification Queue Event Dispatcher Rule Evaluators Reactor SNS TopicsAmazon Cloudwatch Events Amazon RDS Instance
  • 49. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ASAP IRL AWS Account Reactor AWS Cloudtrail SNS Topic ASAP SQS Notification Queue Event Dispatcher Rule Evaluators Reactor SNS Topics Ticket / Notification Amazon Cloudwatch Events Amazon RDS Instance
  • 50. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ASAP in Action SNS Topic SQS Notification Queue Event Dispatcher Rule Evaluators Reactor SNS TopicsAmazon Cloudwatch Events AWS Cloudtrail ASAP AWS Account Reactor Amazon RDS Instance Ticket / Notification
  • 51. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What do we get? • Scale • Ability to assess the broader context • Catch problems early • Rich feedback and teaching tools • Ability to automatically escalate, mitigate or reverse (careful!)
  • 52. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Other considerations • Anti-entropy checks • Tamper detection • Exceptions • Regular sweeps
  • 53. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Looking ahead • Not just security • Simplify fixes • AWS CloudFormation StackSets and AWS Config Rules
  • 54. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Avoiding Problems
  • 55. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS CloudFormation • Be secure by default • ‘Known Good’ configurations: • VPC • Static Website via S3 + CloudFront • Amazon Aurora Clusters • Standard resources: • Cloudwatch Log Groups • Default IAM roles
  • 56. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon EC2 Systems Manager (SSM) • Automated patching • Patch Group – what instances get patched? • Patch Baseline – what patches are applied? {PatchFilterGroup= {PatchFilters=[ {Key=PRODUCT,Values=[AmazonLinux2017.09]}, {Key=CLASSIFICATION,Values=[Security]}]}, ApproveAfterDays=0}
  • 57. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Takeaways • Shared accounts have scaling limits • AWS enables people to move faster .. try to stay out of their way. • Everything changes when everything is an API. • Set people off on the right path, help them stay on it.
  • 58. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Takeaways • Shared accounts have scaling limits • AWS enables people to move faster .. try to stay out of their way. • Everything changes when everything is an API. • Set people off on the right path, help them stay on it. Governance vs. Agility doesn’t have to be a binary decision!
  • 59. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Actions • Pick your governance philosophy early and know it will evolve • Select management tools that help you implement your governance philosophy • Adopt services when you’re ready and be comfortable to deprecate what you have built • You can build ASAP too!
  • 60. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Management Tools: CliffsNotes 1.Tools that automate lifecycle management of AWS resources, especially as you scale usage 2.No need to trade off visibility/control against agility 3.Provide better visibility and control than customers experienced previously 4.Primitives that can match changes to customers governing philosophy
  • 61. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Easy to try Management Tools 1. On the internet: https://aws.amazon.com/products/management/ 2. AWS Management Tools blog post : https://aws.amazon.com/blogs/mt/ 3. You can learn a lot just by turning on AWS Config Rules: https://github.com/awslabs/aws-config-rules 4. Use the console!
  • 62. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you! P l e a s e s u b m i t y o u r s u r v e y