7 hours 31 minutes
So welcome back, you cloud construction worker Bees to module 7.6 a. W s management reporting in trouble shooting. This is our last module on the AWS public cloud platform. But we can't close this big module out until we will talk through the day to day life of you, your organization's cloud administrator and what it's gonna look like
Making moves adds changes to your cloud. Service is reporting logging. All that information that you need to get from your cloud service is
and then even troubleshooting your cloud service is. So if you're ready, let's put on our tool belt and let's go get our sledge hammers out because we're gonna knock down some of these walls. And then the words of John Cougar Mellencamp, one of my favorite musicians.
Well, these walls came tumbling down and the walls came tumbling in Rome. Berlin. So from our AWS management console home page, we're gonna go appeared Service's
and in right here in the middle management and governance, we're gonna click on AWS organizations. So in a W s, there is this account management service called an organization And what an organization unit or oh, you is is a way of creating,
ah, way of centralizing management and centralizing policy underneath the organizational unit of these things called user accounts. So we're going to create an organizational unit domain and put all of the AWS user accounts
under that domain that we want to manage. And we're going to be able to create centralize policy,
centralized service's roles and responsibilities for there's a W esque accounts under our organization on unit. So maybe we create a billing. Oh, you Maybe we created sales. Oh, you Maybe we create an engineering and the service is Oh, you
ah, for those that need to do work on service is and work on the architecture, et cetera.
So when under R o. U, we can create that and do so here and then when we're ready, what happens is it looks like that workflow We're going to create an organization,
and then under that organization, we're going to create the organizational units and we will apply our user accounts to those oh use. And then we're going to create our centralized service controls and our policies that we want to apply to those members. Those user accounts under R O u
and then we're gonna test those restrictions
pretty good stuff.
So there are a ton of management tools in AWS and there's this nifty one called a W S cloudwatch. With cloudwatch, you can monitor your AWS works based deployments by creating cloudwatch alarms. Alarms will give you the visibility to your total connections. Your overall health of your AWS workspaces
cloudwatch. You could measure things like the number of work spaces that are running and their current health issues
workspaces that air at a stop. State your AWS workspaces that air in maintenance mode and work spaces that are unhealthy and not responding to your cloudwatch Health Check Alarm Monitor's. You can create cloudwatch events to monitor an alarm on almost any service in a W S
from easy two instances, too cold building projects and Lambda functions. Cloudwatch event is a change in your AWS environment, and we can control our AWS resource is by creating rules so that when these changes occur, adventure triggered.
So an example of a trigger event that we can create is on the left. When our health status of our resource changes were notified, Veer are cloudwatch dashboard. We can log to another service for the purpose of triple A accounting authorization and authentication. When we create our policy, we identify our targets. A target is a service that processes are events
like our network management system in a mess.
And then a rule matches incoming events and routes them two targets for processing.
So from our AWS management console, we're gonna go over here to management and governance, and then we're going to click on the service called Cloudtrail. So Cloudtrail is an event logging dashboard, and we can use event histories in the Cloud Trail Consul to view, search, analyze and respond to almost any activity or condition that we see
in R A. W s infrastructure.
So this includes almost any activity that we can create events and see those logs and R A. W s management console or from anything that's been inputted re our command line interface, Eli or software development kit says decays. And AP eyes,
we create a trail on anything new that we want to see, and we're gonna generate an event log and then we can create custom descriptors.
Ah, like this event name and what this customer scriptures allow us to do is come up here and use these different filters and allow us to search through all our event logs over time so that we can get right to the data within the time range, etcetera. That we want to see
So from our AWS management console and service is we're going to scroll down here. Two systems manager
So eight of us sisters manager allows us to view from one single pane of glass. Multiple AWS management service is So here's our cloudwatch dashboard that's pulled in, for example, ops center compliance and state manager.
So what we've got here is with ties in multiple AWS management service is and tools and allows us to automate our day to day operational tasks along our AWS resource is So, for example, we can with systems miniter
um, we can come in and this will help us when our organization needs to maintain security and complaints by performing scans.
And we could manage R E. C s instances and report on them, or take a corrective action on them when any of our security policies, airboat violated our or detected another example that we can use would be
to ah, let's say we need to do some patching against all of our certain Windows Server 2016 instances. So what we would do here is we
identify are easy to instances and then we identify what software patches we want to apply. And then we tell system to manager where we went toe long. Our change states of our server farm to our software patching process. And then we schedule our maintenance windows via a systems manager to schedule our patching operations during the outage window.
So our user service's
So we give her outage window a name, our type,
we create our targets. Ah, when does the window start scheduled degeneration
schedule the time zone, and then we create the maintenance window.
So with a W s license manager, it easy to manage your licenses in A. W. S. And on premise servers from software vendors like Microsoft, Oracle s AP and IBM license manager allows our organization's administrators to create customized rules that can emulate the terms and conditions of our licensing agreements.
And then whenever organization launches, for example, in easy to instance,
our administrators can control and limit how our company's licensing is applied for example, when someone wants to spend up new Windows Server instance and we're out of licensing, we can prevent over. Ridge is by using Maur licensing than our Microsoft vendor Agreement stipulates. And then we can stop that instance from lodging.
Our rules were created. License manager, for example, might notify our administrators that a licensing infringement
we can see all our licensing from the AWS license manager dashboard. And with this visibility and control we have via the license manager policies and rules that we can create, we can reduce the risk of our company's noncompliance, miss reporting and avoid any additional license over its costs and back building penalties.
So we better take the time for a learning check. We want to avoid any construction job site mistakes. We better turn on our cloud management tools so that we can get busy making sure that we don't get any system crashes, system errors or a W s system flameouts.
So what are the three knobs were gonna tweak when creating a new cloudwatch event?
What is an AWS organization?
Uh, okay, so I'm not sure what we do here, but we better make sure cloudtrail is event logging and that our issues well. Ah! Oh, you just better go talk to your IittIe director because somebody broke something. And, well, this one's gonna hurt
to go open a ticket. And when you have resolution, come on back and we'll review our answers together.
Okay? So welcome back. And I'm glad we got that. Care to trouble ticket resolved. I was worried there for a second. Not about you and your job, but those Internet trolls out there for this instructor when I make a mistake, well, they're relentless.
So the three knobs or controls that we can configure in effect when creating a cloudwatch event, are we create our policy. We choose our targets that we report our event too.
And then we create our rules on what we want to happen when that event occurs. And a W s organization helps you centrally managed. Your cloud resource is in workloads. But when creating in a W s organization, you create groups have accounts to reflect your business needs and then placed those accounts and organizational units or oh, use to centralize policy
for group governance. Cloudtrail is an event logging portal. And when you start getting a ton along as it can be a little tough to start searching through all that locking data descriptors
allow you to create descriptions that by using filters in the cloud Trail service well, you can filter on those descriptor keywords and then you only get the logging data that you care about and the AWS license manager You can pretty much control any of your vendors licensing. But what is cool is that
license manager can be a portal to manage all of your premise based licenses as well as your crown based licenses that you use in A W s cloud spaces and platform instances.
So, basically, it could manage all of your licensing, not just that that you use in a W s
So we hope you enjoyed Module seven of Cloud Architecture Foundation. This whole Amazon Web service is thing that, as you can see now, it's kind of a big deal, and there's a lot to it. Now make sure you're doing your homework
that you're playing with all your nerd knobs in your AWS free tier account. We hope you're spending some time in the cyber a course supplementals performing some of those hands on labs and looking deeper into some of the AWS temper
apology in terminology that we shared with you in lecture. And don't forget to have fun. I t is not just about a paycheck. It's about having fun, learning technology and sharing it with the end users. You support and appears that you work with, teach, learn and share just a little of your technical knowledge each and every day. And it's by doing so
by learning by doing and learning by sharing. That's when we truly become professionals.
Crowded, congrats and cheerio for finishing module seven. So on behalf of all of us at the Cyber Security and I t Learning Team, we want to say Thank you so much for joining us. We want you to take care.
Be nice to those users in your network.
See you again real soon
and happy packets
Certificate of Cloud Security Knowledge (CCSK)
This course prepares you to take the Certificate of Cloud Security Knowledge (CCSK) certification by ...
10 CEU/CPE Hours Available
Certificate of Completion Offered
In the VMware Foundations course, students will learn virtualization basics and core concepts, the components ...
3 CEU/CPE Hours Available
Certificate of Completion Offered