What is AWS Managed Services?

Welcome to AWS Managed Services (AMS), infrastructure operations management for Amazon Web Services (AWS). AMS is an enterprise service that provides ongoing management of your AWS infrastructure.

This user guide is intended for IT and application developer professionals. A basic understanding of IT functionality, networking, and application deployment terms and practices is assumed.

AMS implements best practices and maintains your infrastructure to reduce your operational overhead and risk. AMS provides full-lifecycle services to provision, run, and support your infrastructure, and automates common activities such as change requests, monitoring, patch management, security, and backup services. AMS enforces your corporate and security infrastructure policies, and enables you to develop solutions and applications using your preferred development approach.

To better understand AMS architecture, see these diagrams.

Topics

• About this guide
• Getting started
• AMS operations plans
• Key terms
• Service description
• What we do, what we do not do
• AMS Amazon Machine Images (AMIs)
• AMS information resources
• AMS compliance
• AMS interfaces
• AMS VPC endpoints
• How integration between AD FS and AMS works
• AMS Managed Active Directory
• AMS application deployments
• AMS reserved prefixes

Note

New AWS Regions are added frequently. For the most recent AMS-supported AWS Regions, and the most recent AMS-supported operating systems, see Supported configurations.

To learn more about AWS Regions, see Managing AWS Regions.

AMS seeks to continuously improve our services based on your feedback. We use several mechanisms to enable your self-service, to automate repetitive tasks, and to implement new AWS services and features as they are released. You can submit an AMS service request at any time to suggest new features or feature improvements.

AMS business hours are 24 hours a day, 7 days a week, 365 days a year.

AMS follows a set of practices for IT service management (ITSM) that focuses on aligning IT services with the needs of your business.

About this guide

This user guide is intended for AMS Advanced customers with either a multi-account or single-account landing zone. Previously, AMS Advanced offered two separate user guides, one for each type of landing zone. The content was mostly the same, therefore, we have merged the content into one, consolidated user guide. You will notice that multi-account landing zone content is more prominent and single-account landing zone content is called out as different where needed. For more details about the AMS landing zone offerings, see the AMS Key Terms; also see Multi-Account Landing Zone architecture and Single-Account Landing Zone architecture.

AMS interfaces

There are six interfaces you can use to interact with AMS.

• AMS Change management API – Read/Write: Use the change management API (CM API) to request additions and specific changes to your managed infrastructure including resource monitoring, log, backup, and patch configurations. Also, use this API to request access to resources, delete resources, create AMIs, and create IAM instance profiles. You can access the CM API through the AMS CLI and SDKs.

• AMS SKMS API – Read-Only: Use this API to list managed resources and get information needed for reporting or preparing requests for change.

• AMS Consoles: AMS has a console for each of the operations plans: AMS Advanced and AMS Accelerate. Each are available through the AWS Management Console, once you have an account with that operations paln.

  You use the AMS Accelerate console to view summaries all your current incidents and service requests, and resource security status including compliance and real-time threat detection, and to quickly access configuration panels.

  You use the AMS console to create RFCs, report and respond to incidents, make service requests, and find information on existing VPCs and stacks. When in doubt of what to do, or when you need help with AMS or your managed resources, create a service request by using this interface.

• AWS Support API: Use the standard AWS Support API to programmatically create and respond to incidents and service requests. To learn more, see Getting Started with AWS Support.

• AWS Management Console: Many AWS consoles can be useful for viewing AMS information, for example:

  • Amazon EC2 console: Use to view instance information including bastion IP addresses, Amazon EC2 Auto Scaling groups, and load balancers.

  • Multi-Account Landing Zone Config Rules compliance: You can view compliance status across your accounts and identify non-compliant resources.

  • AWS CloudFormation console: Use to view stack information including stack IDs (you can find RDS stacks and RDS instance IDs here, and event information).

  • RDS console: Use to view event information such as a post made to a WordPress app on a site in your account. Note you must have the RDS instance ID.

  Depending on the mode of your login role, you have different level of access to the AWS Management Console. For more information on modes, see AMS modes.

• AWS APIs – Read Only: Your main IT administrator can use the AWS APIs to see all resources under management, view CloudTrail logs, billing information, and many other read functions.