Advanced CloudFormation Skills
AWS Systems Manager
AWS Secrets Manager
Parameter Store vs. Secrets Manager
AWS Service Catalog
AWS Control Tower
Managing Product Licenses
Amazon Managed Grafana
Amazon Managed Service for Prometheus
AWS Resilience Hub
The course is part of this learning path
This course provides detail on the AWS Management & Governance services relevant to the AWS Certified DevOps Engineer - Professional exam.
Want more? Try a lab playground or do a Lab Challenge!
- Learn how AWS AppConfig can reduce errors in configuration changes and prevent application downtime
- Understand how the AWS Cloud Development Kit (CDK) can be used to model and provision application resources using common programming languages
- Get a high-level understanding of Amazon CloudWatch
- Learn about the features and use cases of the service
- Create your own CloudWatch dashboard to monitor the items that are important to you
- Understand how CloudWatch dashboards can be shared across accounts
- Understand the cost structure of CloudWatch dashboards and the limitations of the service
- Review how monitored metrics go into an ALARM state
- Learn about the challenges of creating CloudWatch Alarms and the benefits of using machine learning in alarm management
- Know how to create a CloudWatch Alarm using Anomaly Detection
- Learn what types of metrics are suitable for use with Anomaly Detection
- Create your own CloudWatch log subscription
- Learn how AWS CloudTrail enables auditing and governance of your AWS account
- Understand how Amazon CloudWatch Logs enables you to monitor and store your system, application, and custom log files
- Explain what AWS CloudFormation is and what it’s used for
- Determine the benefits of AWS CloudFormation
- Understand what the core components are and what they are used for
- Create a CloudFormation Stack using an existing AWS template
- Learn what VPC flow logs are and what they are used for
- Determine options for operating programmatically with AWS, including the AWS CLI, APIs, and SDKs
- Learn about the capabilities of AWS Systems Manager for managing applications and infrastructure
- Understand how AWS Secrets Manager can be used to securely encrypt application secrets
Systems Manager includes over 20 features and integrations, each with their own capabilities and functionality. Some of them are the Fleet Manager, Session Manager, Run Command, Parameter Store, Patch Manager, and State Manager, among others. Most of these features use Systems Manager documents to define the operations to be performed. They also use Maintenance Windows to define the date and time when those operations can take place. Together, they provide you a comprehensive dashboard and essential tools to set up and manage the life cycle of your instances. You can manage inventory and patch assets, run commands and manage desired state, and even securely connect to EC2 instances in private subnets.
In general, using Systems Manager entails grouping your AWS resources, examining their relevant operational data via dashboards, and finally, take action to mitigate any issues reported. The instances to be operated can be selected using one of three general mechanisms. The first one is manually. This is where you select the instances that you want to register as targets individually, using the Systems Manager console. You can also use instance tags where you specify one or more tag key-value pairs to select the instances that share those tags. You can then save the results as a Resource Group to execute operations on the same set of instances in the future.
Finally, you can use Resource Groups where you can perform a query based on existing resource tags or choose an existing Resource Group that already includes the instances you want to target. Systems Manager operates on logical units of managed instances via Resource Groups. This is the most powerful way to define your targets for AWS Systems Manager to operate. In general, if you work across a range of different AWS resources that are related, AWS Resource Groups can help you organize them for better visibility and aggregation in terms of management, ownership and categories.
Resource Groups begin their life by defining common tags with key-value pairs describing the items in the categorization. A Resource Group is a collection of AWS resources in the same region that match a particular description. Resource Groups can be tag based, which represent a group of resources as being part of a development tier, production tier, a specific owner, a department, or dedicated for a particular project among many other possible categories. Systems Manager can also operate on Resource Groups that are based on CloudFormation stacks. These groups are resources created by the same CloudFormation stack in a particular region. The Resource Group will have the same logical structure as the stack. Systems Manager and Resource Groups allow you to create custom consoles that show organized and consolidated information about Resource Groups, and offer helpful visibility for operation and management.
As a default, the AWS Management Console shows resources organized by service category, as you may have already observed in the EC2 Management Console. The Tag Editor allows you to define tags and what will become a Resource Group. It allows for bulk editing and application of tags to resources in a specific region. The Tag Policy Editor can help enforce tagging across your resources in a particular account or the entire organization. You can manage Resource Groups and find the Tag Editor under the AWS Resource Group service in the Management Tools sections of your AWS Console. Also, as you provision resources on the console, a section of the provisioning will always permit you to define tags.
As you may have noticed, establishing the best practice of tagging your resources becomes essential in order for you to use and take advantage of the features of Systems Manager. As you build your fleet of instances, it is important to catalog these resources using tags. Later, it becomes significantly easier to group them and operate on them using Systems Manager.
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.
Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.