AUCKLAND

Cloud OpsLife after an AWS Migration

Paul Dunlop – Principal Cloud Architect

@pauldunlopnz

@apitalent

Somethings Missing!

“Service Delivery Platform”

Backups?

Monitoring?Logging?

Active Directory?

Automation?

Service Limits?

Patch Management?

Image Maintenance?

Identity & Access?

Security?

Hybrid / Network

Connectivity?

Billing?Tagging?

Configuration Management?

SDP Exists in Every Account

Review SDP Artefacts

Network Connectivity

Did Anyone Think About

Routing?Network Register

Identity & Access

User Accounts In Each AWS Account Is Like

Having Local Users On Every Windows

Server. Don’t do it.

RPG

IAM Roles, Policies, Groups (RPG)

Tagging

Security

Billing

Business

Automation

Backups

How Can I Use Tags To Backup

My Instances?

Patch & Image Management

HOW DO I KEEP MY EC2 INSTANCES

PATCHED

HOW DO I PATCH MY GOLD IMAGES?

EC2 Systems Manager

EC2 / PATCHES IS SIMILAR TO WSUS

27

Configuration Management

HOW DO WE TRACK AWS RESOURCE

STATE AND CONFIGURATION

CHANGES IN AWS?

• Config is also Rules based

• Rules can be Lambda functions

Enable It

On All

Accounts

Security Auditing

AWS CloudTrail

Event Occurs

Generating API

Activity

Cloudtrail

Captures And

Records The API

Activity

Enable It

On All

Accounts

Pro Tip

System Logs And Application Metrics

Are Not Logged By Default

CloudWatch

Amazon CloudWatch collects and tracks

metrics, collects and monitors log files, set

alarms, and automatically react to changes in

your AWS resources.

Bucket Overflow

OPS

38

Centralise Logging

Optimisation & Automation

Service Limits

https://aws.amazon.com/answers/account-management/limit-monitor/

• Each AWS account comes

with a Service Delivery

Platform

• Architects should advocate

the Cloud Center of

Excellence and drive new

operational standards

• Automate, Centralise & Log

everything

IMPORTANT MESSAGE

BEFORE YOU GO :)

API Talent Booth Promotions

Crazy Cloud Native Idea

Migration and Managed Services

This might be an API or other type

of cloud native app. We will select two

best ideas from the jar and implement

them.

We’ll migrate a lucky customers’ workloads

to AWS and provide 12 months managed

services!

JAR 1

JAR 2

@pauldunlopnz

@apitalent

Paul Dunlop – Principal Cloud Architect