The services within the AWS Management Fundamentals course focus on maintaining and monitoring AWS applications and systems, to ensure they are compliant, properly configured, operating at required utilization thresholds, and protected from any potential outside threats.
This course covers a range of different services, including:
AWS Trusted Advisor
AWS Personal Health Dashboard
- Describe the basic functions that each service in this course performs within a cloud solution
- Recognize the basic components and features of each AWS management service in this course
- Understand the role each service plays to maintain a properly operating application on AWS
This course is has been designed for:
- Anyone preparing for the AWS Certified Cloud Practitioner.
- Managers, sales professionals and other roles within the cloud where a relatively non-technical understanding of AWS compute services is desired.
Before reading this example, you should have a general understanding of the basic concepts of cloud computing. If you are familiar with common compliance requirements for IT systems, this will also help.
If you have thoughts or suggestions for this course, please contact Cloud Academy at email@example.com.
Hello and welcome to this final lecture where I'd like to recap over what I've already covered by highlighting the main points from the previous lectures within the course.
I started off by discussing the AWS CloudTrail service and within this lecture, we learnt that its primary function is to record and track all AWS API requests made, and each API called represents a new event within the CloudTrail log file. Also, CloudTrail records metadata with all events, for example, the identity of the caller of the API, the timestamp of when the request was initiated, and the source IP address. New log files are typically created every five minutes which are then delivered and stored within S3. These log files can also be delivered to CloudWatch logs. I also highlighted that AWS CloudTrail is a global service with support for all regions and I then spoke about some common use cases of CloudTrail where I explained that it can be used as a security analysis tool, it can help resolve and manage day-to-day operational issues and problems, and CloudTrail can be an effective method of tracking changes to resources within your environment. And it can also be used to achieve compliance from a governance and security legislation perspective.
Following this lecture, I then looked at AWS Config. Here I identified that AWS Config is a service within the Management Tools category that can perform a number of useful functions when it comes to resource configuration, visibility, and compliance, such as capturing resource changes, acting as a resource inventory, storing configuration history for individual resources, providing a snapshot in time of current resource configurations, enabling notifications of when a change has occurred on a resource, providing information on who made the change and when through the use of AWS CloudTrail integrations, enforcing rules that check the compliance of your resources against specific controls, and it allows you to perform security analysis within your AWS environment, and it provides relationship connectivity information between resources. We also discussed that AWS Config only supports a number of different services and resource types, which can all be found using the link on the screen. Another important point is that AWS Config is configured on a region-by-region basis. As such, you can have different resources being monitored and recorded in each region, as you will have a different configuration recorder.
Next, I focus on AWS Trusted Advisor and here I explain that the service can be found within the Management Tools category in the Management Console. The main function of Trusted Advisor is to recommend improvements across your AWS account to help optimize your environment based on AWS best practices. Trusted Advisor focuses on four categories with a list of best practices checks in each, Cost Optimization, Performance, Security, and Fault Tolerance. There are currently over 50 different checks when you combine all four categories. Your list of available checks are very dependent on your AWS Support Plan and Business and Enterprise support can take full advantage of all the check available. All other AWS accounts only have access to six free core checks, these being: Service Limits, Security Groups, Specific Ports Unrestricted, Amazon EBS Public Snapshots, Amazon RDS Public Snapshots, IAM Use, and MFA on root account. There are a number of useful features within Trusted Advisor, these being, Trusted Advisor Notifications and this tracks your resource check changes and cost saving estimates over the course of a week and emails you a report. Exclude Items, this allows you to select specific resources to be excluded from appearing in the console within a specific check. Action Links. Action Links leads you on to remediate any issues identified. Access Management, using IAM, you can grant different levels of access to Trusted Advisor. And Refresh, you can perform a manual refresh five minutes after the previous refresh against either individual checks or against all checks.
Next I focused on Amazon CloudWatch. Within this lecture, I explained that the primary function of Amazon CloudWatch is to provide a means of monitoring resources that you are running within AWS via a series of metrics and each service and resource sends its data to your CloudWatch dashboard as metrics. Amazon CloudWatch offers the ability of creating custom metrics for your applications and Basic Monitoring is the default monitoring type which records metrics every five minutes. And Detailed Monitoring for instances types ensures the metric data is recorded at one-minute intervals and Detailed Monitoring comes at an additional cost. Any data captured by Amazon CloudWatch is retained for two weeks, even if your resources have been terminated and CloudWatch alarms allow you to respond to events that occur within your environment, and these alarms have three possible states: OK, Alarm, and Insufficient Data. And CloudWatch can be used for a repository for logging.
Finally, I gave a brief summary of the AWS Health Dashboards and this short lecture covered the following key points. AWS offers two Health Dashboards, the AWS Service Health Dashboard and the Personal Health Dashboard. The AWS Service Health Dashboard provides a complete health check of all services in all regions at any one time. It also allows you to view the history of the service and this history of the service interruptions is kept for one year by AWS. The Personal Health Dashboard will notify you of any service interruptions that may affect the resources and services that you are using within your own account, and your Personal Health Dashboard can be accessed via the following link. And this dashboard is split between Open Issues, Scheduled Changes, and other Notifications.
That now brings me to the end of this lecture and to the end of this course. You should now have a greater understanding of some of the management capabilities using a number of different AWS services to perform different functions. If you have any feedback on this course, positive or negative, please do contact us at firstname.lastname@example.org. Your feedback is greatly appreciated.
Thank you for your time and good luck with your continued learning of cloud computing. Thank you.
About the Author
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data centre and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 60++ courses relating to Cloud, most within the AWS category with a heavy focus on security and compliance
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.