AWS service management tools - Management and Governance Cloud Environment Guide

AWS service management tools

The AWS Management & Governance product suite allows you to enable, provision, and operate AWS resources to determine the health and predictability of your cloud workloads. The following AWS services can be used to help you meet the prescribed benefits of the M&G Guide, establish a cloud operational baseline, and align to your ITSM solution implementation:

AWS Systems Manager is a management service that helps you automatically collect software inventory, apply operating system patches, create system images, and configure Windows and Linux operating systems. These capabilities help you define and track system configurations, prevent drift, and maintain software compliance of your Amazon EC2 and on-premises configurations. By providing a management approach that is designed for the scale and agility of the cloud but extends into your on-premises data center, Systems Manager makes it easier for you to seamlessly bridge your existing infrastructure with AWS.

AWS Systems Manager Explorer is a customizable dashboard providing key insights and analysis into the operational health and performance of your AWS environments. Systems Manager Explorer aggregates operational data from across AWS accounts and AWS Regions to help you prioritize and identify where action might be required.

AWS Systems Manager Automation allows you to safely automate common and repetitive IT operations and management tasks. With Systems Manager Automation, you can use predefined runbooks, or you can build, run, and share wiki-style automated playbooks to enable AWS resource management across multiple accounts and AWS Regions. The runbooks can also be used to remediate issues such as AWS Systems Manager OpsCenter OpsItems.

AWS Systems Manager OpsCenter and Incident Manager provide an issue management mechanism that you can enable across your AWS accounts. This service provides a central location where operations engineers and IT professionals can view, investigate, and resolve operational issues related to any AWS resource. OpsCenter aggregates and standardizes operational issues, referred to as OpsItems, while providing contextually-relevant data that helps with diagnosis and remediation.

AWS Systems Manager Change Manager simplifies the way you request, approve, implement, and report on operational changes to your application configuration and infrastructure in the AWS Cloud and on premises. With Change Manager, you can use pre-approved change workflows to help avoid unintentional results when making operational changes. Change Manager helps you safely implement changes, while detecting schedule conflicts with important business events and automatically notifying impacted approvers. Using Change Manager’s change reports, you can monitor progress and operational changes across your organization, providing improved visibility and accountability.

AWS Config is a service that enables detective controls to assess, monitor, and evaluate the configurations of supported AWS resources. AWS Config monitors and records AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. With AWS Config, you are able to not only track the relationships among resources and quickly review the history of the resource's configuration but you can also identify the compliance of resources based on defined config rules. Use AWS Config to view status, compliance, and the relationships of your provisioned AWS resources. Getting started with AWS Config entails turning on recording and establishing the right detective controls based on your governance and compliance requirements.

AWS Security Hub is a service that gives you a comprehensive view of your security alerts and security posture across your AWS accounts. With Security Hub, you have a single place that aggregates, organizes, and prioritizes your security alerts, or findings. Security Hub findings can also enable your organization to create incidents within ITSM tooling via integrations depending on the finding’s severity level.

Service Catalog allows you to centrally manage commonly deployed AWS services and provisioned software products. The curated products are vetted and enable end users to request services and resources as needed without having direct permissions enabling segregation of duty. Service Catalog also helps your organization achieve consistent governance and compliance requirements, while enabling users to quickly deploy only the approved AWS services they need.