Summary and Quiz

In this lesson, we’ll summarize what we’ve learned in this chapter and test our knowledge of the AWS management and governance services we learned with a short quiz.

Summary

Here’s a summary of the most important key takeaways from this chapter:

Auto Scaling

AWS Auto Scaling automatically adjusts compute resources to match the current demand for applications, ensuring they have the right capacity to handle traffic efficiently.

• Auto Scaling Groups (ASG): Manages collections of resources and defines the desired number of instances.

• Scaling policies: Target Tracking, Step Scaling, and Scheduled Scaling allow for customized scaling strategies.

AWS Control Tower

AWS Control Tower is an AWS tool designed for setting up and governing a multi-account AWS cloud infrastructure, aligning with AWS best practices. It’s particularly useful for large enterprises managing numerous applications and teams on AWS.

• Landing Zones: Landing Zones are pre-configured, multi-account AWS environments based on AWS best practices, providing a standardized setup for AWS accounts and resources. They utilize AWS Organization service for account structuring, AWS CloudTrail for centralized logging, and AWS Single Sign-On for identity management. A Control Tower Landing Zone includes several organizational units (OUs) like Root OU, Security OU, Sandbox OU, and Production OU, each serving a specific function in management and security.

• GuardRails/Controls: Control Tower uses GuardRails (also known as Controls) for enforcing governance and compliance policies across AWS environments. There are two types:

  • Preventive GuardRails: Prevent policy violations using service control policies (SCPs).

  • Detective GuardRails: Detect and alert on non-compliance or policy deviations.

• Account Factory: This feature simplifies the process of creating and managing AWS accounts. It automates account provisioning, ensuring new accounts adhere to the organization’s compliance and security standards from creation.

• Control Tower Dashboard: Provides a centralized view of the AWS environment, offering insights into AWS accounts’ operational status and compliance. It displays information about account numbers, GuardRail status, and policy violations, aiding in monitoring and management.

AWS License Manager

AWS License Manager is an automated tool for centrally managing software licenses across AWS and on-premises resources, helping to streamline management and optimize licensing costs.

AWS License Manager provides real-time visibility into license usage and works mainly with Amazon EC2 for hosting software applications and AWS IAM for permissions and access management.

AWS Systems Manager

AWS Systems Manager is a centralized management and automation solution for AWS resources and on-premises applications, acting as an operations hub for these resources.

AWS Health Dashboard

AWS Health Dashboard provides crucial insights and real-time information about AWS service availability and performance, aiding users in monitoring and managing cloud infrastructure efficiently.

• Views on AWS Health Dashboard: The AWS Health Dashboard supports the following views:

  • Service Health: Shows the status of AWS services affecting all AWS users, including disruptions and maintenance activities.

  • Your Account Health: Tailored to individual AWS accounts, providing performance alerts and remediation guidance.

  • Your Organization Health: Aggregates health events across all AWS accounts in an AWS Organization.

• Types of AWS Health Events: AWS Health Events are of the following types:

  • Account-specific Events: Affect individual accounts or organizations, like compromised AWS access credentials.

  • Public Events: Affect AWS services on a broader scale, impacting all AWS accounts and organizations, like a service issue in a specific region.

AWS Compute Optimizer

AWS Compute Optimizer is an AWS service that provides machine learning-based recommendations for optimal AWS compute resource configurations to enhance performance and reduce costs.

AWS Compute Optimizer generates recommendations for EC2 instances, EC2 Auto Scaling groups, EBS volumes, Lambda functions, and ECS services on AWS Fargate, as well as commercial software licenses.

AWS Resource Groups

AWS Resource Groups enable users to manage and automate tasks on multiple resources simultaneously, streamlining the management of large AWS environments.

Tag Editor

AWS Tag Editor is a tool that helps manage and apply tags across AWS resources, improving resource organization and cost management.

AWS Trusted Advisor

AWS Trusted Advisor is an AWS service that inspects our AWS account against several checks and gives recommendations to enhance the security, performance, availability, and cost.

• Trusted Advisor evaluation factors: Trusted Advisor validates and suggests changes to our AWS Account based on the following factors.

  • Cost optimization

  • Performance

  • Security

  • Fault-tolerance

  • Service limit

AWS Well-Architected Framework

The AWS Well-Architected Framework is a guide that follows the AWS Well-Architected Framework pillars:

• Operational excellence

• Security

• Reliability

• Performance efficiency

• Cost optimization

• Sustainability

The AWS Well-Architected Tool is a service offered by AWS that helps review the state of application workloads and compares them against AWS best practices defined by the AWS Well-Architected Framework.

AWS Launch Wizard

AWS Launch Wizard simplifies the deployment of complex enterprise applications on AWS by providing a guided, step-by-step process that ensures best practices for security, scalability, and availability.

AWS Service Catalog

AWS Service Catalog enables organizations to create, manage, and distribute catalogs of pre-approved IT services, ensuring consistent deployment and compliance across the organization.

Test your knowledge

Take a short quiz to validate that knowledge and to make sure you’ve not missed out on anything: