Streamline Development with Management and Governance Services
Learning Objectives
After completing this unit, you’ll be able to:
- Describe and explain the benefits of Management and Governance services.
- Describe the benefits of AWS CloudFormation.
- Describe the benefits of AWS Trusted Advisor.
Imagine you have a team of developers working on your AWS infrastructure. Even while following the principle of least privilege and fully documenting best practices for your teams, you are finding it difficult to ensure that development is performed in a consistent way and that best practices are being followed. Additionally, your costs keep rising, and you’re having a hard time figuring out where the money is going.
AWS Management and Governance services help you to streamline resource provisioning, make sure your infrastructure is running according to best practices, and identify opportunities for cost optimization.
AWS Management and Governance
AWS Management and Governance services give you control over your accounts and billing, automate resource provisioning, and help you operate efficiently.
In this unit, you learn about two of the services in the Management and Governance domain: AWS CloudFormation and AWS Trusted Advisor.
Code Your Infrastructure with AWS CloudFormation
With AWS CloudFormation, you can build an environment by writing lines of code instead of using the management console to individually provision resources.
AWS CloudFormation supports either JavaScript Object Notation (JSON) or YAML Ain’t Markup Language (YAML) to describe the AWS resources that you want to create and configure in a single text file. This file becomes the template that describes how your infrastructure is deployed by CloudFormation. You can use this template to standardize infrastructure components that are used across your organization, enabling configuration compliance and faster troubleshooting.
AWS CloudFormation provisions your resources in a safe, repeatable manner, allowing you to build and rebuild your infrastructure and applications without having to perform manual actions or write custom scripts. It takes care of determining the right operations to perform when managing your stack, and rolls back changes automatically if errors are detected.
Get Started with AWS CloudFormation
To get started, follow these general steps.
- Code your infrastructure from scratch with the AWS CloudFormation template language, in either YAML or JSON format, or start from one of the sample templates.
- To create a stack based on your template code, use AWS CloudFormation through the console, AWS Command Line Interface (CLI), or AWS Application Programming Interfaces (APIs).
- AWS CloudFormation provisions and configures the stacks and resources that you have specified in your template.
Use the AWS Application Composer in AWS CloudFormation
If you prefer to design visually, you can use AWS Application Composer. Application Composer is integrated directly in the AWS CloudFormation console. Application Composer provides a visual canvas where you can drag, drop, configure, and connect resources without having to work with templates directly.
With Application Composer, you can:
- Import existing CloudFormation templates to visualize them
- Drag and drop services onto a canvas
- Configure connections between services
- Export the template that you create
- Edit application code directly within the tool
For more information about Application Composer, see What is AWS Application Composer?
Get Actionable Insights from AWS Trusted Advisor
AWS Trusted Advisor runs checks against your environment to see if it meets predefined criteria. It provides feedback and best practices in five categories: cost optimization, security, fault tolerance, performance, and service limits.
For each check, you can review a detailed description of the recommended best practice, a set of alert criteria, guidelines for action, and a list of useful resources on the topic.
The status of the check is shown on the dashboard page using color coding and icons.
- Red circle exclamation point: action recommended
- Yellow triangle exclamation point: investigation recommended
- Green square check mark: no problem detected
The number of checks is based on your Support Plan.
Cost Optimization
See how you can save money on AWS by eliminating unused and idle resources or adjusting capacity.
Performance
Check your service limits and ensure you take advantage of provisioned throughput. Monitor for overutilized instances.
Security
Improve the security of your application by closing gaps in unrestricted ports, enabling various AWS security features, and examining your permissions.
Fault Tolerance
Increase the availability and redundancy of your AWS applications with recommendations for auto-scaling, health checks, multiple Availability Zones, and backup capabilities.
Service Limits
Check for service usage that is above 80% of the service limit. Values are based on a snapshot, so your current usage might differ. Limit and usage data can take up to 24 hours to reflect any changes.
Operational Excellence
Optimize your AWS services and resources by identifying opportunities to streamline operations, improving resource utilization, and enhancing overall system performance.
In the next unit, you learn how to monitor your AWS resources.
Resources
- External Site: Management and Governance on AWS
- External Site: AWS CloudFormation
- External Site: AWS Trusted Advisor