Options for Operating Programmatically with AWS
Using the AWS Command Line Interface
AWS Systems Manager
AWS Secrets Manager
AWS Cloud Development Kit (CDK)
The course is part of this learning path
This course provides detail on the AWS Management & Governance services relevant to the AWS Certified Developer - Associate exam.
Want more? Try a lab playground or do a Lab Challenge!
- Learn how AWS AppConfig can reduce errors in configuration changes and prevent application downtime
- Understand how the AWS Cloud Development Kit (CDK) can be used to model and provision application resources using common programming languages
- Get a high-level understanding of Amazon CloudWatch
- Learn about the features and use cases of the service
- Create your own CloudWatch dashboard to monitor the items that are important to you
- Understand how CloudWatch dashboards can be shared across accounts
- Understand the cost structure of CloudWatch dashboards and the limitations of the service
- Review how monitored metrics go into an ALARM state
- Learn about the challenges of creating CloudWatch Alarms and the benefits of using machine learning in alarm management
- Know how to create a CloudWatch Alarm using Anomaly Detection
- Learn what types of metrics are suitable for use with Anomaly Detection
- Create your own CloudWatch log subscription
- Learn how AWS CloudTrail enables auditing and governance of your AWS account
- Understand how Amazon CloudWatch Logs enables you to monitor and store your system, application, and custom log files
- Explain what AWS CloudFormation is and what it’s used for
- Determine the benefits of AWS CloudFormation
- Understand what each of the core components are and what they are used for
- Create a CloudFormation Stack using an existing AWS template
- Learn what VPC flow logs are and what they are used for
- Determine options for operating programmatically with AWS, including the AWS CLI, APIs, and SDKs
- Learn about the capabilities of AWS Systems Manager for managing applications and infrastructure
- Understand how AWS Secrets Manager can be used to securely encrypt application secrets
For any number of instances prepared as discussed earlier, what can we do with Systems Manager? One of the first things that we can do is that we can take a look at our fleet. You can go to the Systems Manager console and under the node management section, you will see the Fleet Manager feature. All of your managed instances will be displayed in this console. Fleet Manager will give you visibility into the details of each managed instance.
Another action that we can take is that we can connect to any of the instances securely using the Session Manager feature. Under the node management section of systems manager, you will notice the Session Manager feature. The Session Manager is a fully managed capability that lets you connect to any managed instance, using an interactive browser shell as a login. It requires no open inbound ports and no need to manage bastion host or SSH keys for connectivity to your instances. Communication between Session Manager and the instances is secure and Session Manager tracks all commands and output produced in a session for auditing and compliance reasons.
The third item that we can do is that we can also execute one or more commands on any of the instances or all of them, if we desire. The Systems Manager Run Command will permit you to execute a command on one or more of your managed instances. The complexity of the command to be executed is defined on the command document as discussed earlier. Documents define the actions that the agent performs on your instances on our shared resources in the Systems Manager console.
In general, the Run Command will require that you specify a document and specify the target instances where the document is to be executed. For any particular instance, you see a status as well as the output of a command on that instance. Like most features that caused a change in your instances the Run Command can define a rate control or what percentage of your fleet is updated at the same time, using a value or a percentage for concurrency and under what error thresholds should the command stop executing altogether in order to investigate any issues that have been observed.
We can separate configuration data from code with systems manager Parameter Store. Parameter Store provides a centralized storage to manage your configuration in plain text data such as database connections or license codes and strings or secrets such as passwords or any other application configuration data. Parameter Store is integrated with AWS Key Management Service or KMS.
For you to be able to automatically encrypt parameter values if needed, you can track parameter changes by using versions, create parameter change notifications and your own custom validation routines using AWS Lambda functions, Parameter stored data accessibility is not limited to AWS Systems Manager. Parameters can be referenced by other AWS services such as Amazon ECS, AWS Lambda, CloudFormation, CodeDeploy, CodePipeline, and your own custom applications.
The Maintenance Window feature of Systems Manager is the next item that we will review. With Maintenance Windows you can run potentially disruptive pass manually or during a predefined time. A Maintenance Window gives you the ability to schedule tasks such as patching an operating system, updating drivers, or installing software and managed instances. You can set limits for simultaneous executions and allowable error rates.
The Maintenance Window is an independent resource that allows you to define and run complex tasks using a Run Command document, and AWS step function, or an AWS Lambda function. You can also view a history of all tasks executed in a Maintenance Window if you desire. Once a Maintenance Window is created, you can register targets to it by name, which assigns a set of instances to your Maintenance Window. You specify instance tags, choose a resource group, or choose instances manually. Maintenance Windows can run any number of tasks on your managed instances, avoiding operational downtime so that you can run administration tasks that are potentially disruptive during a predefined period where changes can be applied with little to no impact to the availability of your application.
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.
Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.