On-request reporting - AMS Accelerate Operations Plan

On-request reporting

AMS collates data from various native AWS services to provide value added reports on major AMS offerings. For a copy of these reports, make a request to your Cloud Service Delivery Manager (CSDM).

Patch reporting

Instance Details Summary

The objective of this report is to provide instance details gathered for instances that are onboarded to reporting. This is an informational report that helps identify all the instances onboarded, account status, instance details, maintenance window coverage, maintenance window execution time, stack details, and platform type.

This report provides:

  1. Insights into Production and Non-Production Instances of an account. Note: Production and Non-Production stage is derived from the Account Name and not from the Instance Tags.

  2. Insights into distribution of instances by platform type. Note: 'N/A' platform type is when AWS Systems Manager (SSM) is not able to get the platform information.

  3. Insights into distribution of state of instances, number of instances running/stopped/terminating.

Field Name Definition
Report Datetime The date and time the report was generated.
Account Id AWS Account ID to which the instance ID belongs
Account Name AWS account name
Production Account Identifier of AMS prod, non-prod accounts, depending on whether account name include value 'PROD', 'NONPROD'. Example: PROD, NONPROD, Not Available
Account Status AMS account status. For example: ACTIVE, INACTIVE
AMS account service commitment

PREMIUM, PLUS

Landing Zone Flag for account landing zone type. For example: MALZ, NON-MALZ
Access Restrictions Regions to which access is restricted. For example: US SOIL
Instance Id ID of EC2 instance
Instance Name Name of EC2 instance
Instance Platform Type Operating System (OS) type. For example: Windows, Linux, and so forth
Instance Platform Name Operating System (OS) name. For example: MicrosoftWindowsServer2012R2Standard, RedHatEnterpriseLinuxServer
Stack Name Name of stack that contains instance
Stack Type AMS stack (AMS infrastructure within customer account) or Customer stack (AMS managed infrastructure that supports customer applications). Examples: AMS, CUSTOMER
Auto Scaling Group Name Name of Auto Scaling Group (ASG) that contains the instance
Instance Patch Group Patch group name used to group instances together and apply the same maintenance window. If the patch group is unassigned the value will be “Unassigned”
Instance Patch Group Type Patch group type. DEFAULT: default patch group w/ default maintenance window, determined by AMSDefaultPatchGroup:True tag on the instance CUSTOMER: customer created patch group NOT_ASSIGNED: no patch group assigned
Instance State State within the EC2 instance lifecycle. Examples: TERMINATED, RUNNING, STOPPING, STOPPED, SHUTTING-DOWN, PENDING.

For more information, see Instance lifecycle.

Maintenance Window Coverage If there is a future Maintenance Window on this instance. Examples: COVERED or NOT_COVERED
Maintenance Window Execution Datetime Next time the maintenance window is expected to execute. If NULL, single window execution, i.e. not recurring

Patch Details

The objective of this report is to provide patch details and maintenance window coverage of various instances.

This report provides:

  1. Insights on Patch groups and its types.

  2. Insights on Maintenance Windows, duration, cutoff, future dates of maintenance window executions (schedule) and instances impacted in each window.

  3. Insights on all the operating systems under the account and number of instances that operating system is installed.

Field Name Definition
Report Datetime The date and time the report was generated.
Account Id AWS Account ID to which the instance ID belongs
Account Name AWS account name
Instance Id ID of EC2 instance
Production Account Identifier of AMS prod, non-prod accounts, depending on whether account name include value 'PROD', 'NONPROD'. If data is not available value will be “Not Available”
Account Status AMS account status. For example: ACTIVE, INACTIVE
Instance Platform Type Operating System (OS) type. For example: Windows, Linux
Instance Platform Name Operating System (OS) name. For example: MicrosoftWindowsServer2012R2Standard, RedHatEnterpriseLinuxServer
Stack Type AMS stack (AMS infrastructure within customer account) or Customer stack (AMS managed infrastructure that supports customer applications). For example: AMS, CUSTOMER
Instance Patch Group Patch group name used to group instances together and apply the same maintenance window. If the patch group is unassigned the value will be “Unassigned”
Instance Patch Group Type Patch group type. DEFAULT: default patch group w/ default maintenance window, determined by AMSDefaultPatchGroup:True tag on the instance CUSTOMER: customer created patch group UNASSIGNED: no patch group assigned
Instance State State within the EC2 instance lifecycle. For example: TERMINATED, RUNNING, STOPPING, STOPPED, SHUTTING-DOWN, PENDING

For more information, see Instance lifecycle.

Maintenance Window Id Maintenance window identifier
Maintenance Window State Possible values are ENABLED or DISABLED.
Maintenance Window Type Maintenance window type
Maintenance Window Next Execution Datetime Next time the maintenance window is expected to execute. If NULL, single window execution, i.e. not recurring
Last Execution Maintenance Window The latest time the maintenance window was executed
Maintenance Window Duration (hrs) The duration of the maintenance window in hours
Maintenance Window Coverage The maintenance window coverage
Patch Baseline Id Patch baseline currently attached to instance
Patch Status Overall patch compliance status. For example: COMPLIANT, NON_COMPLIANT. If there is at least one missing patch, instance is considered noncompliant, otherwise compliant.
Compliant - Total Count of compliant patches (all severities)
Noncompliant - Total Count of noncompliant patches (all severities)
Compliant - Critical Count of compliant patches with "critical" severity
Compliant - High Count of compliant patches with "high" severity
Compliant - Medium Count of compliant patches with "medium" severity
Compliant - Low Count of compliant patches with "low" severity
Compliant - Informational Count of compliant patches with "informational" severity
Compliant - Unspecified Count of compliant patches with "unspecified" severity
Noncompliant - Critical Count of noncompliant patches with "critical" severity
Noncompliant - High Count of noncompliant patches with "high" severity
Noncompliant - Medium Count of noncompliant patches with "medium" severity
Noncompliant - Low Count of noncompliant patches with "low" severity
Noncompliant - Informational Count of noncompliant patches with "informational" severity
Noncompliant - Unspecified Count of noncompliant patches with "unspecified" severity

Instances that missed patches

The objective of this report is to provide details on instances that missed patches during the last maintenance window execution.

This report provides:

  1. Insights on missing patches at the patch ID level.

  2. Insights on all the instances which have at least one patch missing along with attributes such as patch severity, unpatched days, range, and release date of the patch.

Field Name Definition
Report Datetime The date and time the report was generated.
Account Id AWS Account ID to which the instance ID belongs
Account Name AWS account name
Production Account Identifier of AMS prod, non-prod accounts, depending on whether the account name includes the value 'PROD', 'NONPROD'.
Account Status AMS account status. For example: ACTIVE or INACTIVE
AMS account service tier PREMIUM or PLUS
Instance Id ID of EC2 instance
Instance Platform Type Operating System (OS) type. For example: Windows
Instance State State of the EC2 instance lifecycle. For example: TERMINATED, RUNNING, STOPPING, STOPPED, SHUTTING-DOWN, PENDING For more information, see Instance lifecycle.
Patch Id ID of released patch. For example: KB3172729
Patch Severity Severity of patch per publisher. For example: CRITICAL, IMPORTANT, MODERATE, LOW, UNSPECIFIED
Patch Classification Classification of patch per publisher. For example: CRITICALUPDATES, SECURITYUPDATES, UPDATEROLLUPS, UPDATES, FEATUREPACKS
Patch Release Datetime (UTC) Release date of patch per publisher
Patch Install State Install state of patch on instance per SSM. For example: INSTALLED, MISSING, NOT APPLICABLE
Days Unpatched Number of days instance unpatched since last SSM scanning
Days Unpatched Range Bucketing of days unpatched. For example: <30 DAYS, 30-60 DAYS, 60-90 DAYS, 90+ DAYS

Backup reporting

Backup snapshot success/failure

Backup snapshot success/failure reporting

This report provides:

  1. Insights on number of distinct snapshots taken.

  2. The backup success rate.

Field Name Definition
Report Datetime The date and time the report was generated
AWS Account ID AWS Account ID to which the resource belongs
Account Name AWS account name
Backup Type The type of backup if there is a plan
Backup Plan Name User defined backup plan name
Backup Vault Name The name of the backup vault
Resource Type The type of resource that is being backed up
# of Resources The number of resources that were backed up
Resource Region The region of the backed up resource
Backup State The state of the backup
Recovery Point ID The unique identifier of the recovery point

Backup summary

Backup summary reporting

This report provides: Insights on important backup metrics.

Field Name Definition
Customer Name Customer name for situations where multiple sub-customers are
Backup Month Month of the backup
Backup Year Year of the backup
Resource Type The type of resource that is being backed up
# of Resources The number of resources that were backed up
Distinct Snapshots Number of distinct snapshots
Backup Success Rate The rate of successful backups
Max Snapshot Age The maximum snapshot age
Backups Greater Than 30 Days Old The count of backups that are over 30 days old

Backup snapshot aged

Backup snapshot aged reporting

This report provides:

  1. Aging of backup snapshots.

  2. Classify backup snapshots into different aging buckets.

  3. Understand which resources are out of backup compliance.

Field Name Definition
Report Datetime The date and time the report was generated
AWS Account ID AWS Account ID to which the resource belongs
Account Name AWS account name
Backup Type The type of backup if there is a plan
Backup Plan Name User defined backup plan name
Backup Vault Name The name of the backup vault
Resource Type The type of resource that is being backed up
# of Resources The number of resources that were backed up
Resource Region The region of the backed up resource
Backup State The state of the backup
Recovery Point ID The unique identifier of the recovery point
Distinct Snapshots The number of distinct snapshots
Snapshot Age (days) The age in days of the snapshot
Backups Greater Than 30 Days Old The number of backups that are over 30 days old
Backups 15-30 Days Old The number of backups that are between 15 and 30 days
Backups Less Than 15 Days Old The number of backups that are less than 15 days old

AWS Config reporting

AWS Config reporting

Provides an in-depth look at resource and config rule compliance of AMS accounts.

This report provides:

  • Insights on top non-compliant resources in your environment to discover potential threats and misconfigurations.

  • Insights on compliance of resources and config rules over time.

  • Insights on config rule description, recommended severity of rule, and remediation steps to fix non-compliant resources.

Field  Description 
Date Report date
Customer name Customer name
AWS account ID Associated AWS account ID for customer
Source identifier AWS Config rule unique source identifier
Rule Description AWS Config rule description
Rule Type AWS Config rule type
Compliance Flag AWS Config rule compliance state
Resource Type AWS resource type
Resource Name AWS resource name
Severity Default recommended severity defined by AMS for the AWS config rule
Remediation Category Associated remediation response category for a config rule
Remediation Description Remediation action explained to make config rule to be compliant
Customer action Customer action required to make the config rule to be compliant
Delta metrics report Changes for compliance of a rule between given 2 dates

Billing reporting

AMS Billing Charges Details reporting

The objective of this report is to provide details about AMS billing charges with linked accounts and respective AWS services.

This report provides:

  1. Insights on AMS service-level charges, uplift percentages, account-level AMS service tiers and AMS fees.

  2. Insights on linked accounts and AWS usage charges

Field Name Definition
Billing Month The month and year of the service billed
Payer Account Id The 12 digit id identifying the account that will be responsible for paying the ams charges
Linked Account Id The 12 digit id identifying the AMS account that consumes services that generates expanses
AWS Service Name The AWS service that was used
AWS Charges The AWS charges for the AWS service name in AWS Service Name
Pricing Plan The pricing plan associated with the linked account
Uplift Proportion The uplift percentage (as a decimal V.WXYZ) based on pricing_plan, SLA, and AWS service
Adjusted AWS Charges AWS usage adjusted for AMS
Uplifted AWS Charges The percentage of AWS charges to be charged for AMS; adjusted_aws_charges * uplift_percent
Instances EC2 RDS Spend Spend on EC2 and RDS instances
AMS Charges Total ams charges for the product; uplifted_aws_charges + instance_ec2_rds_spend + uplifted_ris + uplifted_sp
Prorated Minimum Fee The amount we charge to meet the contractual minimum
Minimum Fee AMS Minimum Fees (if applicable)
Linked Account Total AMS Charges Sum of all charges for the linked_account
Payer Account Total AMS Charges Sum of all charges for payer account