Manage and Track Application and Infrastructure Configuration Changes using AWS Config
HTML-код
- Опубликовано: 13 сен 2024
- Understanding the right tools to manage compliance for your application and infrastructure is critical to running operationally excellent workloads in the cloud. In this virtual workshop we will dive into the AWS Config service, and demonstrate some of the ways our customer’s use AWS Config to manage and track configuration changes in their environment.
Implementing Observability in applications is required for Operational Excellence. A well implemented Observability plan allows customers to react to operational events, run workloads effectively and gain insights into their applications. In this virtual workshop we will cover services and features our customer’s use to gain visibility into their workloads.
Learning objectives:
-Gain an understanding of the different components of the Config service, from config rules, config items, as well as remediation actions
-Gain hands on experience using the Config service to remediate non compliant items
-Learn how to use Config Advanced Query to quickly search for items that have a specific configuration applied
Learn more here: aws.amazon.com... Subscribe to AWS Online Tech Talks On AWS:
www.youtube.co...
Follow Amazon Web Services:
Official Website: aws.amazon.com...
Twitch: / aws
Twitter: / awsdevelopers
Facebook: / amazonwebservices
Instagram: / amazonwebservices
☁️ AWS Online Tech Talks cover a wide range of topics and expertise levels through technical deep dives, demos, customer examples, and live Q&A with AWS experts. Builders can choose from bite-sized 15-minute sessions, insightful fireside chats, immersive virtual workshops, interactive office hours, or watch on-demand tech talks at your own pace. Join us to fuel your learning journey with AWS.
#AWS
12:00 Giving Config a role
12:30 Choose a bucket/topic
13:30 select some managed rules
13:45 review
14:20 checking C-Formation Template was deployed
14:55 Returning to Config
15:15 Rules explained [fun fact: now 290 managed rules!]
16:00 Example rule: EC2-volume-inuse-check
17:05 Example rule: eip-attached
18:00 Example rule: s3-account-level-public-access-blocks
19:16 restricted-common-ports
20:00 How to set up a rule
21:14 Demo, by leaving port open on SG
24:00 click on "view instances"...
24:15 Return to Config
25:30 SG shown to be branded NONCOMPLIANT
25:55 Rule itself branded as NONCOMPLIANT
26:00 Remediation actions
26:40 click "manage remediation"
27:05 automatic or manual?
27:30 specify action
28:00 AWS-DisablePublicAccessForSecurityGroup
28:30 This triggers an SSM
28:50 click on save changes
29:50 demo-ing the remediation action
31:40 success!
32:00 resource timeline
CONFIGURATION EVENTS
COMPLIANCE EVENTS
CLOUDTRAIL EVENTS
35:04 Conformance packs
"a collection of AWS Config rules and remediation actions that can be deployed and monitored as a *single entity* in your AWS account"
37:27 Choose upload template
38:28 Conformance pack details
39:40 DEPLOY CONFORMANCE PACK!
...etc
45:25 Advanced Queries
46:28 opening the Query Editor
47:38 Example: "give me all the relationships involving this particular instance"
48:50 aggregations (GROUP BY)
49:55 show me EBS volumes not in use
51:24 CLI demo
52:00 Using CloudShell to query
53:15 Summary
55:00 Cleanup
great deep drive demo, many thanks for sharing... BTW i have watched @1.25x speed
Hi,
Great demo :) how can I get access to the cloudformation template.
Thanks
Can I list all EC2 that are mangled by System manager (with installed amazon-ssm-agent) across my Organisation (aggregation is already set up)?
Awesome😍
Where can I find the cloudformation template what is inside in it
Hi, Sofonias! 👋 While we cannot provide you with the exact name of the template, you can find all our downloadable templates, here: go.aws/3MNZ8x4. 👈 ^RF