Managing Resource Groups
Start course
6h 2m

This section of the AWS Certified Solutions Architect - Professional learning path introduces the AWS management and governance services relevant to the AWS Certified Solutions Architect - Professional exam. These services are used to help you audit, monitor, and evaluate your AWS infrastructure and resources and form a core component of resilient and performant architectures. 

Want more? Try a Lab Playground or do a Lab Challenge!

Learning Objectives

  • Understand the benefits of using AWS CloudWatch and audit logs to manage your infrastructure
  • Learn how to record and track API requests using AWS CloudTrail
  • Learn what AWS Config is and its components
  • Manage multi-account environments with AWS Organizations and Control Tower
  • Learn how to carry out logging with CloudWatch, CloudTrail, CloudFront, and VPC Flow Logs
  • Learn about AWS data transformation tools such as AWS Glue and data visualization services like Amazon Athena and QuickSight
  • Learn how AWS CloudFormation can be used to represent your infrastructure as code (IaC)
  • Understand SLAs in AWS

Systems Manager includes over 20 features and integrations, each with their own capabilities and functionality. Some of them are the Fleet Manager, Session Manager, Run Command, Parameter Store, Patch Manager, and State Manager, among others. Most of these features use Systems Manager documents to define the operations to be performed. They also use Maintenance Windows to define the date and time when those operations can take place. Together, they provide you a comprehensive dashboard and essential tools to set up and manage the life cycle of your instances. You can manage inventory and patch assets, run commands and manage desired state, and even securely connect to EC2 instances in private subnets.

In general, using Systems Manager entails grouping your AWS resources, examining their relevant operational data via dashboards, and finally, take action to mitigate any issues reported. The instances to be operated can be selected using one of three general mechanisms. The first one is manually. This is where you select the instances that you want to register as targets individually, using the Systems Manager console. You can also use instance tags where you specify one or more tag key-value pairs to select the instances that share those tags. You can then save the results as a Resource Group to execute operations on the same set of instances in the future.

Finally, you can use Resource Groups where you can perform a query based on existing resource tags or choose an existing Resource Group that already includes the instances you want to target. Systems Manager operates on logical units of managed instances via Resource Groups. This is the most powerful way to define your targets for AWS Systems Manager to operate. In general, if you work across a range of different AWS resources that are related, AWS Resource Groups can help you organize them for better visibility and aggregation in terms of management, ownership and categories.

Resource Groups begin their life by defining common tags with key-value pairs describing the items in the categorization. A Resource Group is a collection of AWS resources in the same region that match a particular description. Resource Groups can be tag based, which represent a group of resources as being part of a development tier, production tier, a specific owner, a department, or dedicated for a particular project among many other possible categories. Systems Manager can also operate on Resource Groups that are based on CloudFormation stacks. These groups are resources created by the same CloudFormation stack in a particular region. The Resource Group will have the same logical structure as the stack. Systems Manager and Resource Groups allow you to create custom consoles that show organized and consolidated information about Resource Groups, and offer helpful visibility for operation and management.

As a default, the AWS Management Console shows resources organized by service category, as you may have already observed in the EC2 Management Console. The Tag Editor allows you to define tags and what will become a Resource Group. It allows for bulk editing and application of tags to resources in a specific region. The Tag Policy Editor can help enforce tagging across your resources in a particular account or the entire organization. You can manage Resource Groups and find the Tag Editor under the AWS Resource Group service in the Management Tools sections of your AWS Console. Also, as you provision resources on the console, a section of the provisioning will always permit you to define tags.

As you may have noticed, establishing the best practice of tagging your resources becomes essential in order for you to use and take advantage of the features of Systems Manager. As you build your fleet of instances, it is important to catalog these resources using tags. Later, it becomes significantly easier to group them and operate on them using Systems Manager.

About the Author
Learning Paths

Danny has over 20 years of IT experience as a software developer, cloud engineer, and technical trainer. After attending a conference on cloud computing in 2009, he knew he wanted to build his career around what was still a very new, emerging technology at the time — and share this transformational knowledge with others. He has spoken to IT professional audiences at local, regional, and national user groups and conferences. He has delivered in-person classroom and virtual training, interactive webinars, and authored video training courses covering many different technologies, including Amazon Web Services. He currently has six active AWS certifications, including certifications at the Professional and Specialty level.