Managing Resource Groups
Start course
5h 1m

This section provides detail on the AWS management services relevant to the Solution Architect Associate exam. These services are used to help you audit, monitor and evaluate your AWS infrastructure and resources.  These management services form a core component of running resilient and performant architectures. 

Want more? Try a lab playground or do a Lab Challenge!

Learning Objectives

  • Understand the benefits of using AWS CloudWatch and audit logs to manage your infrastructure
  • Learn how to record and track API requests using AWS CloudTrail
  • Learn what AWS Config is and its components
  • Manage your accounts with AWS Organizations, including single sign-on with AWS SSO
  • Learn how to carry out logging with CloudWatch, CloudTrail, CloudFront, and VPC Flow Logs
  • Understand how to design cost-optimized architectures in AWS
  • Learn about AWS data transformation tools such as AWS Glue and data visualization services like Amazon Athena and QuickSight

Systems Manager includes over 20 features and integrations, each with their own capabilities and functionality. Some of them are the Fleet Manager, Session Manager, Run Command, Parameter Store, Patch Manager, and State Manager, among others. Most of these features use Systems Manager documents to define the operations to be performed. They also use Maintenance Windows to define the date and time when those operations can take place. Together, they provide you a comprehensive dashboard and essential tools to set up and manage the life cycle of your instances. You can manage inventory and patch assets, run commands and manage desired state, and even securely connect to EC2 instances in private subnets.

In general, using Systems Manager entails grouping your AWS resources, examining their relevant operational data via dashboards, and finally, take action to mitigate any issues reported. The instances to be operated can be selected using one of three general mechanisms. The first one is manually. This is where you select the instances that you want to register as targets individually, using the Systems Manager console. You can also use instance tags where you specify one or more tag key-value pairs to select the instances that share those tags. You can then save the results as a Resource Group to execute operations on the same set of instances in the future.

Finally, you can use Resource Groups where you can perform a query based on existing resource tags or choose an existing Resource Group that already includes the instances you want to target. Systems Manager operates on logical units of managed instances via Resource Groups. This is the most powerful way to define your targets for AWS Systems Manager to operate. In general, if you work across a range of different AWS resources that are related, AWS Resource Groups can help you organize them for better visibility and aggregation in terms of management, ownership and categories.

Resource Groups begin their life by defining common tags with key-value pairs describing the items in the categorization. A Resource Group is a collection of AWS resources in the same region that match a particular description. Resource Groups can be tag based, which represent a group of resources as being part of a development tier, production tier, a specific owner, a department, or dedicated for a particular project among many other possible categories. Systems Manager can also operate on Resource Groups that are based on CloudFormation stacks. These groups are resources created by the same CloudFormation stack in a particular region. The Resource Group will have the same logical structure as the stack. Systems Manager and Resource Groups allow you to create custom consoles that show organized and consolidated information about Resource Groups, and offer helpful visibility for operation and management.

As a default, the AWS Management Console shows resources organized by service category, as you may have already observed in the EC2 Management Console. The Tag Editor allows you to define tags and what will become a Resource Group. It allows for bulk editing and application of tags to resources in a specific region. The Tag Policy Editor can help enforce tagging across your resources in a particular account or the entire organization. You can manage Resource Groups and find the Tag Editor under the AWS Resource Group service in the Management Tools sections of your AWS Console. Also, as you provision resources on the console, a section of the provisioning will always permit you to define tags.

As you may have noticed, establishing the best practice of tagging your resources becomes essential in order for you to use and take advantage of the features of Systems Manager. As you build your fleet of instances, it is important to catalog these resources using tags. Later, it becomes significantly easier to group them and operate on them using Systems Manager.

About the Author
Learning Paths

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.

Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.