Management and Governance Flashcards
CloudWatch
Collection of service that help you monitor and observe your cloud resources
- detects anomalies in your environment
- set alarms with CloudWatch alarms
- monitor application logs with CloudWatch logs
- visualize time-series data with CloudWatch metrics
- trigger and event based on a condition with CloudWatch events
CloudTrail
Tracks user activity and API calls within your account
- log and retain account activity
- identify which user made changes
- track activity through the console, SDKs, and CLI
- identify which user made changes
- detect unusual activity in your account
Tags
Key/value pairs that help you sort and visualize cloud resources on AWS
- group and filter resources
Systems Manager
Management service that helps you automate administrative tasks across your AWS resources
- take automated actions on resource groups
- view aggregated operational data of resource groups
Systems Manager Parameter Store
- Provides secure, hierarchical storage for configuration data management and secrets management
- Can store data such as passwords, database strings, and license codes as parameter values
- You can then reference values by using the unique name that you specified when you created the parameter
AWS Health Dashboard
continuously monitors the health of AWS environment
- provides alerts and remediation guidance when AWS is experiencing events that may impact you
AWS Config
- Assess, audit and evaluate the configurations of AWS resources
- leverages predefined recommendations or creates custom rules
- detects non-compliant resources and alerts administrators in the console
- does not enforce standards, but audits adherence
Audit Manager
- centralize audit data from AWS Config and security services
- find root causes of non-compliance and generate reports
- provides pre-built auditing frameworks to meet industry standards
Trusted Advisor
online resource that helps you to reduce cost, increase performance and improve security by optimizing your AWS environment
- provides real-time guidance to help you provision resources following best practices
Advises on:
- cost optimization
- performance
- security
- fault tolerance
- service limits
AWS Service Catalog
allows organizations to create and manage catalogs of IT services that are approved for use on AWS
EventBridge
serverless event bus that makes it easier to build event-driven applications at scale using events generated from your applications
- set rules for actions to take place where certain events happen (ex. instance state changes, items uploaded to S3 bucket etc.)
Organizations
Allows you to consolidate multiple AWS accounts into an organization that you create and centrally manage
- root account + organizational units
- Service Control Policies (SCPs) can control tagging and the available API actions
consolidated billing includes:
- paying account: independent and cannot access resources of other accounts
- linked accounts - all linked accounts are independent
Control Tower
Provides a central hub (landing zone) for setting up, governing and securing multi-account AWS environments based on AWS best practices and security standards
Configures governance, compliance, and security guardrails for you:
- Disallowing public write access to Amazon S3 buckets
- Disallowing access as a root user without multi-factor authentication
- Enabling encryption for EBS volumes attached to EC2 instance
Config
Fully managed service that enables continuous monitoring and assessment of your AWS resource configurations
- discover existing and deleted AWS resources
- determine overall compliance against rules
- view configuration details of a resource at any point in time
Quick Start
Built by AWS solutions architects and partners to help you deploy popular technologies on AWS, based on AWS best practices for security and high availability.
- reduce hundreds of manual procedures into just a few steps, so you can build your production environment quickly and start using it immediately
- includes AWS CloudFormation templates that automate the deployment and a guide that discusses the architecture and provides step-by-step deployment instructions