AWS Management Services in a Nutshell
AWS Management Services in a nutshell includes a suit of AWS services that empower users to efficiently manage our operational tasks, design and architecture, accounts, users, and compliance requirements.
1. The Nutshell View
These management services collectively enable organizations to centrally handle a wide range of operational tasks, design and architecture requirements, manage accounts and users, and maintain compliance with industry standards and best practices within the AWS ecosystem.
The table in the next section highlights the key features and here is a brief description of these services.
Accounts & Compliance Management
- AWS Organizations: AWS Organizations helps you centrally manage and govern your AWS accounts. It enables you to create a hierarchy of organizational units, apply policies across accounts, and consolidate billing. This service simplifies the management of multiple AWS accounts within an enterprise environment.
- AWS Control Tower: AWS Control Tower provides a landing zone that helps set up and govern a secure, multi-account AWS environment. It establishes a well-architected environment using AWS best practices and security standards. Control Tower automates the setup of an AWS environment, ensuring a secure and compliant foundation for your workloads.
Infrastructure Management
These services simplifies the creating, updating, deleting and managing your AWS infrastructure or resources.
- AWS CloudFormation: AWS CloudFormation allows you to describe your infrastructure in code, enabling automated provisioning and management of resources. It simplifies the process of creating, updating, and deleting stacks of AWS resources.
- AWS Systems Manager: AWS Systems Manager simplifies hybrid cloud management, allowing you to automate operational tasks, secure your environment, and manage your infrastructure at scale. It provides features like Systems Manager Automation, Run Command, State Manager, and Patch Manager, enabling efficient resource management, configuration management, and software patching.
- AWS License Manager: AWS License Manager helps you manage software licenses from vendors such as Microsoft, SAP, Oracle, and IBM across your AWS and on-premises environments. It enables you to enforce licensing rules, automate license discovery, and optimize license usage to ensure compliance and cost efficiency.
- AWS Config: AWS Config continuously monitors and records your AWS resource configurations and changes. It provides a detailed view of the configuration of AWS resources and helps you assess and audit resource configurations for compliance. AWS Config enables you to automate the evaluation of recorded configurations against desired configurations, ensuring security and compliance.
Assessment & Advisory Services These services are quite helpful in guiding us manage our infrastructure in an efficient and optimized manner based various beat practices.
- AWS Compute Optimizer: A machine learning based AWS service that analyzes your AWS resource utilization and recommends optimal configurations.
- AWS Trusted Advisor: It provides recommendations that help you follow AWS best practices using a series of checks. These checks identify ways to optimize your AWS infrastructure, improve security and performance, reduce costs, and monitor service quotas.
- AWS Well-Architected Tool(WA Tool): A AWS tool that can evaluate your architecture using AWS best practices. It provides actionable insights and step-by-step guidance to improve your architecture based on the six pillars of the AWS Well-Architected Framework.
- AWS Resilience Hub: You can define, assess and track the resilience posture of your infrastructure. It can identify the changes to the resilience features for your applications & provides actionable recommendations to improve it.
2. Brief Descriptions, Features & Usages of the Management Services
2.1 Accounts Management Services
| Service | Description | Sample Usage |
|---|---|---|
| Accounts Management | ||
| AWS Control Tower | Multi-account - Controls Management AWS Control Tower provides a central location to define and enforce policies across your AWS Organization, and it can be used to monitor policies defined in AWS Organization, AWS Security Hub, and AWS Config in a consolidated way for compliance purposes. Key features include : 1. Account Factory 2. Multi-Account Controls 3. Controls Management Dasboard | Account Factory : Standardize provisioning of new accounts by using the AWS Control Tower predefined account blueprint with default resources, configurations, or VPC settings. Controls Management:Controls are prepackaged governance rules for security, operations, and compliance that you can select and apply enterprise-wide or to specific groups of accounts. Dashboard : To monitor the cross-accounts controls deployments & non-compliances. " |
| AWS Organizations | AWS Organizations is an account management service. Centralizes management of your AWS accounts: - Create, Invite, Delete Accounts - Attach Policies Across Multiple Accounts for budgetary, security, or compliance needs. - Group your accounts into organizational units (OUs) - You can nest OUs within other OUs to a depth of five levels. Capabilities of AWS Organizations includes: - Account management, - Consolidated billing and - Centralized policy controls. | Consolidated billing for all member accounts: - Consolidate billing for multiple accounts. - Analyze consolidated bills using Cost Explorer. Centralized control policies across organization: - Service Control Policies (SCPs): You can use SCPs to centrally define controls on AWS resources. - Tag Policies: You can use tag policies to standardize tags across the resources in your accounts. - Backup Policies: Use backup policies to configure automatic backups. - AI Services Opt-out Policies: To opt out of data collection and storage. |
2.2 Infrastructure Management Services
| Service | Description | Sample Usage |
|---|---|---|
| Infrastructure Management | ||
| AWS Systems Manager | Operations hub for your AWS applications and resources. It enables users to efficiently manage, monitor, and automate operational tasks across their AWS infrastructure. AWS Systems Manager keeps track of our software inventory, helps us apply OS patches, create system images, enables us to create workflows to automate tasks and empowers us to perform many such operational stuffs. | Some key features : Parameter Store: Store sensitive information securely, such as passwords, API keys, and configuration data, using AWS Key Management Service (KMS) encryption. Session Manager: It can securely connect to instances without the need for SSH or RDP. Run Command: With this feature we can automate common administrative tasks, execute scripts, install software, or make configuration changes across multiple instances simultaneously. Patch Manager: Automate the process of patching managed instances. Schedule patching windows, scan for missing patches, and apply patches based on specified rules. And many more such operational tasks. |
| AWS CloudFormation | Service to define, provision and manage your Infrastructure as Code With AWS CloudFormation, you use templates and stacks to define and provision your infrastructure using JSON or YAML. Templates: Use it to describe your AWS resources and their configurable properties for it's reusability. Stacks: Build on your templates and provision the resources that are described in your templates. Stack Management: Organize related resources into stacks to manage them a single unit. Use stacks to create, update, delete, and inspect resources as a whole. Change Sets: Use this feature to preview changes before executing them, to ensure safe updates. | More Features for Infrastructure Management: Resource Dependencies: Define dependencies, to ensure that the resources are created or updated in the correct order. Rollback and Recovery: Automatically rolls back to the previous known state if any part of the update fails, ensuring that the stack remains consistent. Cross-Stack References: Reference resources from other stacks, enabling modular and scalable template designs. Integration with AWS Services: Seamlessly integrates with other AWS services like AWS IAM, AWS KMS, and AWS CloudTrail for enhanced security and auditing. |
| AWS License Manager | Track, manage, and control licenses. AWS License Manager can help you manage AWS-provided, custom-built, or third-party licenses. It simplifies your task to manage licenses, maintain compliance, optimize costs, and efficient utilization across AWS and on-premises environments. It simplifies the tracking of licenses and ensures compliance with software usage terms. | Key Features: License Tracking: Centrally track and manage licenses across AWS accounts and on-premises environments. BYOL (Bring Your Own License) Support: Allows you to bring existing licenses to AWS and track their usage within the cloud environment. License Usage Reports: Provides detailed usage reports, allowing you to understand how licenses are being utilized. License Consumption Control: Set rules to control license consumption by users, groups or accounts, ensuring that licenses are used efficiently. Cost Optimization: Helps in optimizing costs by ensuring that licenses are used efficiently, preventing over-provisioning and minimizing unused licenses. |
| AWS Config | Centrally monitor and enforce compliance policies on your AWS resource configurations and their changes. It continuously monitors and records your AWS resource configurations, their historical changes and allows you to enforce compliance policies. | Key Features: Resource Inventory: Keeps track of resource inventory by automatically collecting and tracking AWS resources configurations. Resource Relationships: Provides insights into resource relationships helping you understand and manage the depedencies. Configuration History: Enable you to track historical record of changes made to configurations. Config Rules: Define custom rules or use pre-built rules to assess resource configurations for compliance. Configuration Snapshots: Allows you to captures configuration snapshots at specified intervals. Change Notifications: It can send notifications when resource configurations change. Compliance Dashboards: Provides customizable dashboards and reports that display compliance status. Multi-Account, Multi-Region Support: Supports multi-account and multi-region configurations. |
2.3 Assessement & Advisory Services
| Service | Description | Sample Usage |
|---|---|---|
| AWS Compute Optimizer | A machine learning based AWS service that analyzes your AWS resource utilization and recommends optimal configurations. Compute Optimizer generates optimization recommendations, provides graphs on recent as well as projected utilization for it's recommendations, which you can use to evaluate which recommendations. | Compute Optimizer generates recommendations for the following resources: - AWS EC2 instances, - AWS EC2 Auto Scaling groups, - AWS EBS, AWS Lambda, - AWS ECS serviceon Fargate, - Commercial software licenses. |
| AWS Trusted Advisor | Provides recommendations that help you follow AWS best practices. Trusted Advisor evaluates your account by using checks. These checks identify ways to optimize your AWS infrastructure, improve security and performance, reduce costs, and monitor service quotas. AWS Basic Support and AWS Developer Support customers can access core security checks and checks for service quotas. AWS Business Support and AWS Enterprise Support customers can access all checks. | 1. Dashboard: It provides a dashboard summarizing your AWS environment, highlighting areas that need attention. 2. Recommendations: It offers actionable recommendations in categories like Cost Optimization, Performance, Security, Fault Tolerance, and Service Limits. These suggestions are based on AWS best practices and your specific usage patterns. 3. Alerts: It can be configured to send alerts when it identifies opportunities to save money, improve system performance, or enhance security. 4. Integration: It integrates with AWS Management Console, providing an easy-to-use interface for reviewing recommendations and taking action. |
| AWS Well-Architected Tool(WA Tool) | A AWS tool that can evaluate your architecture using AWS best practices. It provides actionable insights and step-by-step guidance to improve your architecture based on the six pillars of the AWS Well-Architected Framework. | AWS WA Tool helps you in your cloud design and architecture by: - Providing recommendations for improving your workload based on best practices. - Guiding you in making your workloads more reliable, secure, efficient, and cost-effective. - Custom lenses : Custom lenses extend the guidance provided by the AWS lenses. - You can use custom lenses to measure your workload using your own best practices. |
| AWS Resilience Hub | Define, Assess and Track the Resilience Posture. Identifies the changes to the resilience features for your applications & provides actionable recommendations to improve it. | Features of AWS Resilience Hub: - Provides recommendations to improve the resiliency of your applications. - Can help you evaluate recovery time objective (RTO) and recovery point objective (RPO) targets under different conditions. - Optimize business continuity while reducing recovery costs. - Identify and resolve resiliency issues before they occur in production. - You can add AWS Resilience Hub to your CI/CD pipeline to validate every build for resiliency issues. |