Автоматизация настройки CloudWatch алярмов для виртуалок с помощью SSM:
https://aws.amazon.com/blogs/mt/automating-amazon-cloudwatch-alarms-with-aws-systems-manager/
#SSM #CloudWatch
https://aws.amazon.com/blogs/mt/automating-amazon-cloudwatch-alarms-with-aws-systems-manager/
#SSM #CloudWatch
Amazon
Automating Amazon CloudWatch Alarms with AWS Systems Manager | Amazon Web Services
Amazon CloudWatch is a monitoring and observability service built for DevOps engineers, developers, Site Reliability Engineers (SRE), and IT managers. CloudWatch provides you with data and actionable insights to monitor your applications, respond to system…
Использование AWS Config + SSM для автоматизации закрытия открытых портов (например, для соблюдения compliance требований):
https://aws.amazon.com/blogs/security/how-to-auto-remediate-internet-accessible-ports-with-aws-config-and-aws-system-manager/
#Config #SSM #security #compliance
https://aws.amazon.com/blogs/security/how-to-auto-remediate-internet-accessible-ports-with-aws-config-and-aws-system-manager/
#Config #SSM #security #compliance
Amazon
How to auto-remediate internet accessible ports with AWS Config and AWS Systems Manager | Amazon Web Services
With the AWS Config service, you can assess, audit, and evaluate the configuration of your Amazon Web Services (AWS) resources. AWS Config continuously monitors and records your AWS resource configurations changes, and enables you to automate the evaluation…
Чтобы указать последнюю версию SSM Parameter в CloudFormation шаблоне — просто не указываем поле
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html#dynamic-references-ssm-pattern
#SSM #CloudFormation
version:versionIf you do not specify the exact version, CloudFormation uses the latest version of the parameter whenever you create or update the stack.https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html#dynamic-references-ssm-pattern
#SSM #CloudFormation
Amazon
Get values stored in other services using dynamic references - AWS CloudFormation
Dynamic references give you a convenient way to specify external values stored in other services and decouple sensitive information from your infrastructure-as-code templates.
SSM Incident Manager:
https://aws.amazon.com/blogs/mt/creating-contacts-escalation-plans-response-plans-aws-systems-manager-incident-manager/
#SSM
https://aws.amazon.com/blogs/mt/creating-contacts-escalation-plans-response-plans-aws-systems-manager-incident-manager/
Incident Manager incorporates the best practices we follow for internal incident management at Amazon. When you use Incident Manager, you engage the right responders at the right time, track incident updates, automate remediation actions, and enable chat-based collaboration.#SSM
Amazon
Creating contacts, escalation plans, and response plans in AWS Systems Manager Incident Manager | Amazon Web Services
Many of our customers need an effective incident management and response solution to achieve operational excellence and performance efficiency. Transparency between those who are affected by the incident and those who respond to the incident is key to any…
Как мониторить (и рестартовать) сервисы на EC2 инстансе с помощью CloudWatch и SSM:
https://aws.amazon.com/blogs/mt/detecting-remediating-process-issues-on-ec2-instances-using-amazon-cloudwatch-aws-systems-manager/
#CloudWatch #SSM
https://aws.amazon.com/blogs/mt/detecting-remediating-process-issues-on-ec2-instances-using-amazon-cloudwatch-aws-systems-manager/
You can use the Amazon CloudWatch agent procstat plugin, which continuously watches specified processes and reports their metrics to Amazon CloudWatch. After the data is in Amazon CloudWatch, you can associate alarms to trigger actions like notifying teams or remediations like restarting the processes, resizing the instances, and so on.#CloudWatch #SSM
Amazon
Detecting and remediating process issues on EC2 instances using Amazon CloudWatch and AWS Systems Manager | Amazon Web Services
Customers want to have visibility into processes running inside their Amazon Elastic Compute Cloud (Amazon EC2) instances. Critical processes and services in these instances can crash unexpectedly and when they do, it’s crucial for customers to be notified…
Старт-стоп RDS по расписанию с помощью SSM:
https://aws.amazon.com/blogs/database/schedule-amazon-rds-stop-and-start-using-aws-systems-manager/
Старт-стоп RDS по расписанию с помощью Лямбды:
https://aws.amazon.com/blogs/database/schedule-amazon-rds-stop-and-start-using-aws-lambda/
#RDS #SSM #Lambda
https://aws.amazon.com/blogs/database/schedule-amazon-rds-stop-and-start-using-aws-systems-manager/
Старт-стоп RDS по расписанию с помощью Лямбды:
https://aws.amazon.com/blogs/database/schedule-amazon-rds-stop-and-start-using-aws-lambda/
#RDS #SSM #Lambda
Amazon
Schedule Amazon RDS stop and start using AWS Systems Manager | Amazon Web Services
Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. Traditional relational databases require time spent on capacity planning, maintenance, backup, and recovery; a substantial amount…
Управление инцидентами с помощью SSM Incident Manager:
https://aws.amazon.com/blogs/security/how-to-automate-incident-response-to-security-events-with-aws-systems-manager-incident-manager/
#SSM #security
https://aws.amazon.com/blogs/security/how-to-automate-incident-response-to-security-events-with-aws-systems-manager-incident-manager/
In this post, I showed you how to use Incident Manager to monitor for security events and invoke a response plan via Amazon CloudWatch or Amazon EventBridge. AWS CloudTrail API activity (for a root account login), Amazon GuardDuty (for high severity findings), and AWS Config (to enforce policies like preventing public write access to an S3 bucket). I demonstrated how you can create an incident management and response plan to ensure you have used the power of cloud to create automations that respond to and mitigate security incidents in a timely manner.#SSM #security
Parameter Store теперь можно получить из другого аккаунта.
https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-shared-parameters.html
Ждал этого столько лет. Хотя вру, давно переключился на Secrets Manager.
В общем, теперь параметры можно шарить стандартным способом — с помощью RAM (Recourse Access Manager). То есть точно также, как VPC, а значит хоть на всю организацию сразу.
⚠️ Это не прокатит для бесплатных параметров (Standard tier), такое умеют только Advanced tier параметры. Стоит 5 центов в месяц за штуку плюс за запросы, короче, совсем не бесплатно, но для кого-то будет просто спасением.
#SSM #ParameterStore
https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-shared-parameters.html
Ждал этого столько лет. Хотя вру, давно переключился на Secrets Manager.
В общем, теперь параметры можно шарить стандартным способом — с помощью RAM (Recourse Access Manager). То есть точно также, как VPC, а значит хоть на всю организацию сразу.
⚠️ Это не прокатит для бесплатных параметров (Standard tier), такое умеют только Advanced tier параметры. Стоит 5 центов в месяц за штуку плюс за запросы, короче, совсем не бесплатно, но для кого-то будет просто спасением.
#SSM #ParameterStore
👍6
This media is not supported in your browser
VIEW IN TELEGRAM
Just-in-time node access для SSM Manager
Теперь можно выдавать временный доступ к какой-то виртуалке, например, на прод (не делайте так, только через IaC!):
https://aws.amazon.com/blogs/mt/introducing-just-in-time-node-access-using-aws-systems-manager/
В любом случае, реально круто, безопасная безопасность, попользовался и через одобренное время доступ у просившего пропал.
Но. Нет, НО.
Десять баксов в месяц за каждую виртуалку — алё, гараж! Хотя нет, вру, если больше сотни виртуалок, то будет всего
В общем, жду через полгодика-год "Снижение цен на 90% для Just-in-time node access".
#SSM
Теперь можно выдавать временный доступ к какой-то виртуалке, например, на прод (не делайте так, только через IaC!):
https://aws.amazon.com/blogs/mt/introducing-just-in-time-node-access-using-aws-systems-manager/
В любом случае, реально круто, безопасная безопасность, попользовался и через одобренное время доступ у просившего пропал.
Но. Нет, НО.
Price per node per month $10.00Десять баксов в месяц за каждую виртуалку — алё, гараж! Хотя нет, вру, если больше сотни виртуалок, то будет всего
$7.5.В общем, жду через полгодика-год "Снижение цен на 90% для Just-in-time node access".
#SSM
🤯5👍4🥴2