(SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
-
Upload
amazon-web-services -
Category
Technology
-
view
2.697 -
download
0
description
Transcript of (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014
November 12, 2014
Prashant Prahlad, Amazon Web Services
Change /CHānj/ (v)….to make the form and future course
different from what it is or from what it would be if left alone
“Currently we are scanning AWS and collecting a set of resource configurations
and store those information in an in-our-data-center database – this is a giant
effort on our part.” – AWS Customer
“We poll critical resources, such as our production security groups, at a higher
frequency to ensure we don’t miss changes.” – AWS Customer
“Infrastructure configuration management is designed for infrequent, controlled
changes.”– AWS Customer
“Normalizing different resources just makes understanding them so much
simpler.”– AWS Customer
Continuous ChangeRecordingChanging
Resources
AWS Config
History
Stream
Snapshot (ex. 2014-11-05)
AWS Config
Infrastructure
Change Log
Audits
Regulatory
Compliance
Engine
Changes
Amazon EC2Instance, ENI...
Amazon EBSVolumes
AWS CloudTrailLog
Amazon VPCVPC, Subnet...
Resource Type Resource
Amazon EC2 EC2 Instance
EC2 Elastic IP (VPC only)
EC2 Security Group
EC2 Network Interface
Amazon EBS EBS Volume
Amazon VPC VPCs
Network ACLs
Route Table
Subnet
VPN Connection
Internet Gateway
Customer Gateway
VPN Gateway
AWS CloudTrail Trail
Resource Relationship Related Resource
CustomerGateway is attached to VPN Connection
Elastic IP (EIP) is attached to Network Interface
is attached to Instance
Instance contains Network Interface
is attached to ElasticIP (EIP)
is contained in Route Table
is associated with Security Group
is contained in Subnet
is attached to Volume
is contained in Virtual Private Cloud (VPC)
InternetGateway is attached to Virtual Private Cloud (VPC)
… …. …..
Component Description Contains
Metadata Information about this configuration item
Version ID, Configuration item ID,Time when the configuration item was captured, State ID indicating the ordering of the configuration items of a resource, MD5Hash, etc.
Common Attributes Resource attributes Resource ID, tags, Resource type. Amazon Resource Name (ARN)Availability Zone, etc.
Relationships How the resource is related to other resources associated with the account
EBS volume vol-1234567 is attached to an EC2 instance i-a1b2c3d4
Current Configuration Information returned through a call to the Describe or List API of the resource
e.g. for EBS VolumeState of DeleteOnTermination flagType of volume. For example, gp2, io1, or standard
Related Events The AWS CloudTrail events that are related to the current configuration of the resource
AWS CloudTrail event ID
Snapshot @ 2014-11-05,
11:30pm
Snapshot @ 2014-11-12,
2:30pm
Resource Type Resource
Amazon EC2 EC2 Instance
EC2 Elastic IP (VPC only)
EC2 Security Group
EC2 Network Interface
Amazon EBS EBS Volume
Amazon VPC VPCs
Network ACLs
Route Table
Subnet
VPN Connection
Internet Gateway
Customer Gateway
VPN Gateway
AWS CloudTrail Trail
http://bit.ly/awsevals