AWS re:Invent 2022 - How to manage resources and applications at scale on AWS (COP314)

AWS re:Invent 2022 - How to manage resources and applications at scale on AWS (COP314)

AWS re:Invent 2022 - How to manage resources and applications at scale on AWS (COP314)

Whether you are a cloud architect enforcing a tagging strategy across your organization or a developer searching for resources such as Amazon EC2 instances, Amazon Kinesis data streams, or Amazon DynamoDB tables to associate with your application, performing management activities over an ever-growing number of resources can become increasingly difficult. Come learn how new tools such as AWS Resource Explorer make it easier to search and discover resources and organize them into AWS Service Catalog AppRegistry applications. Learn how to perform application management activities at scale, such as running automation runbooks on your application resources in AWS Systems Manager Application Manager.

Learn more about AWS re:Invent at https://go.aws/3ikK4dD.

Subscribe:
More AWS videos http://bit.ly/2O3zS75
More AWS events videos http://bit.ly/316g9t4

ABOUT AWS
Amazon Web Services (AWS) hosts events, both online and in-person, bringing the cloud computing community together to connect, collaborate, and learn from AWS experts.

AWS is the world’s most comprehensive and broadly adopted cloud platform, offering over 200 fully featured services from data centers globally. Millions of customers—including the fastest-growing startups, largest enterprises, and leading government agencies—are using AWS to lower costs, become more agile, and innovate faster.

#reInvent2022 #AWSreInvent2022 #AWSEvents


Content

0.9 -> - Everybody we're getting started.
3.03 -> Welcome to this session.
4.44 -> I know it's late.
5.273 -> So great to see all of you actually join us
8.34 -> for this topic that we're gonna
10.38 -> be walking through here today.
12.297 -> I'm Anders,
13.26 -> I'm joined by Svetlana and Ed,
14.88 -> and we're gonna be your presenters today walking through how
18.03 -> to manage resources and applications that scale with AWS.
22.86 -> Before we dive into the actual topic,
25.68 -> how does this fit into the overall Cloud Op story?
28.363 -> Cloud Ops was Cloud Operation,
30.36 -> something we announced I think about a year ago,
33.384 -> year and a half ago,
34.716 -> which is a way of helping you customers to take advantage
37.5 -> of all the infrastructure
38.7 -> and all the things that we've done on top of AWS
41.25 -> so that you can leverage that when you're running
43.849 -> your business on top of AWS,
47.07 -> making sure that you get your return of investment,
51.6 -> better operational resilience, et cetera, et cetera.
54.72 -> And all this gets back to like,
56.31 -> how do you do this When you're running on top on scale,
58.53 -> like you're gonna build things,
59.61 -> you're gonna build applications, resources,
62.22 -> you're gonna be deploying a lot of resources,
64.71 -> sometimes billions of resources depending on how big
67.282 -> of an application you have.
71.16 -> When you get on top the Cloud,
72.78 -> when you go to the Cloud,
73.71 -> there's a journey you walk through,
75.36 -> you start off with setting something up,
77.64 -> defining what it is you want to get into play
79.59 -> and then you roll it out by building,
81.63 -> you migrating your application from on premise
84.09 -> to trying to get it into play.
85.86 -> And once it in place, you need to operate it.
88.2 -> You need to understand how healthy it is.
90.51 -> Are there any security situations?
92.307 -> Are there things I need to be aware of to do better?
94.98 -> Maybe I need to scale it up because I got a lot
96.84 -> of customers interacting with what I've deployed.
99.93 -> And that actually is a very nice transition
102.21 -> into what we will be covering.
103.83 -> As I said,
104.663 -> how do you manage resources and applications at scale?
108.36 -> And we'll walk through various details of this.
112.35 -> What have you told us? What have we heard?
114.33 -> Why did we build this presentation and why do we have all
118.5 -> the technology we're gonna be talking on in this session?
120.72 -> Well, there's three big things.
122.85 -> One is it's really hard to find things in AWS.
126.06 -> I can't find my resources,
127.5 -> I don't know where the resources are.
129.48 -> I might get an alarm and I get an identifier,
131.73 -> but I don't know which region it is.
133.08 -> I might not even know which account it's in.
135.427 -> I might not have a good chance
138.27 -> of finding out who actually I should be contacting because
140.64 -> there is a problem, right?
142.146 -> The second one is we actually think more in terms
146.31 -> of applications than individual resources, right?
149.22 -> Individual resource. That's nice.
150.776 -> But what we look at is the group
152.57 -> of resources that together provide some business value
155.49 -> that we are,
156.323 -> we need to run our business together on,
158.37 -> our business is dependent on.
160.26 -> And how do we do that on top of AWS instead of having
162.639 -> to focus and go and look at and do things
164.94 -> with individual resources.
166.8 -> And the third one,
167.73 -> it's really around how do we make it easier
171.057 -> and reduce work that our development team
174.78 -> and our financial team and other teams need to do
177.427 -> in order for them to be able to do their thing on top
179.94 -> of AWS?
181.17 -> Are there ways where we can make it simpler
183.48 -> so that we define something once and then I can reuse
187.92 -> it in various different places without having to go
190.11 -> and redefine or reset up or whatever
192.06 -> the steps I have to go through.
195.923 -> Do you guys agree with us?
198.18 -> Is this similar to situations you guys are sitting in?
201.09 -> - [Audience Member] Yeah.
201.923 -> - Most of this,
203.117 -> most of these things are pretty common
204.12 -> as we hear them very often with customers.
205.86 -> So what are we gonna be covering today?
209.46 -> So we're going to walk through three major areas.
212.13 -> One is,
213.09 -> and if you think about 'em,
213.99 -> they sort of tackle all those three pane points in a sense.
219.06 -> And I'll get back to those as we go through
220.68 -> the presentation, right?
221.94 -> I'm gonna cover explore, how do I find my stuff?
224.25 -> Like I find a resource, how do I deal it, how do I find it?
227.76 -> How do I now organize it? I found my resources.
230.46 -> I now wanna organize them
231.54 -> in something logical that I can deal with,
233.133 -> that I can later on act on,
235.32 -> which is the last topic.
236.34 -> How do I now perform things on it?
237.99 -> How do I operate on those aspects?
240.115 -> We're also gonna do a lot of demos throughout
243.194 -> the session to make sure, just show you like how you do it.
246.24 -> Demos are always nice.
247.44 -> That actually helps you better keep it in your head
250.92 -> and remember it when you go from here.
252.87 -> So the other key thing I wanna bring up,
255.147 -> and this is super important, is that you're gonna find,
258.36 -> there's a theme that goes through the whole presentation
260.82 -> and that is we love fruit.
262.74 -> So everything referred to as an example is gonna be fruit.
265.02 -> There's gonna be bananas and apples and oranges all over
267.21 -> the place.
268.164 -> More as a way of keeping you guys awake,
270.24 -> guessing what next fruit
271.35 -> is gonna be that we're gonna be discussing.
272.67 -> So we'll keep there.
274.433 -> So with that Svetlana,
275.7 -> why don't you talk about how to explore?
278.61 -> - Thank you. Thank you Anders.
281.46 -> So yes, let's start with explore.
283.5 -> So how do I find my stuff?
285.45 -> How do I find my application resources?
288.54 -> It's very hard to organize into applications
291.36 -> if I don't know what I have.
296.46 -> So to help with that,
297.45 -> to launch the new service called AWS Resource Explorer,
300.988 -> we just launched it a few weeks ago on November 8th.
305.04 -> AWS Resource Explorer helps customers to search for
308.97 -> and discover relevant application resources
311.55 -> across AWS commercial regions.
314.04 -> So now you can find your AC two instances,
316.44 -> you can find your S3 buckets,
318.06 -> you can find your DynamoDB tables across regions within
321.69 -> the one account.
324.021 -> You can search using freeform text,
327.96 -> so there's not a new language you need to learn.
330.54 -> You can also use attributes such as tags for your searches.
335.49 -> So you can start your search leveraging
337.442 -> AWS Resource Explorer console.
340.2 -> Also you can search using the unified search available
342.552 -> across AWS management console.
345.506 -> You can also leverage AWS SDK
349.283 -> and AWS CLI command line interface to find your resources
354.75 -> within your automation tools.
360.225 -> AWS Resource Explorer addresses a number
364.11 -> of key use cases that we heard from many of our customers.
368.331 -> For example,
369.6 -> you may want to identify which regions every resource
373.65 -> in my application is in.
374.97 -> So now AWS Resource Explorer can help with that because
378.39 -> it offers cross region search.
380.441 -> The next one is a really big one keeps coming up.
383.85 -> We heard it from many customers.
385.95 -> How do I find any untagged or mis-tagged resources
390.24 -> and then tag them appropriately
391.673 -> to meet your compliance needs.
394.35 -> Overall recommendation is to use a tagging strategy,
397.29 -> tag policies for compliance needs.
399.75 -> But as you define your strategy,
401.82 -> as you implement your strategy,
403.35 -> you may have some of the resources that do not comply
405.641 -> with your standard.
407.1 -> So you want to find them and then resolve them.
410.88 -> Also, AWS Resource Explorer can help
412.83 -> with potentially faster troubleshooting.
415.683 -> You may get an email alert about a situation and then that
420.793 -> it would have,
421.95 -> let's say a resource ID,
423.69 -> your on call engineer can take that resource ID
426.48 -> and then find that resource very quickly and then
429.42 -> it'll take you to that regional console
431.31 -> so you can start troubleshooting.
436.32 -> So let's go through that administrative experience
438.42 -> of Resource Explorer.
440.58 -> So first,
441.66 -> the administrator with the right privileges will go in
444.36 -> and turn on AWS Resource Explorer.
447.33 -> In this case we turn it on for three regions,
450.9 -> but you can turn it on across all the regions
453 -> within your account.
457.525 -> When you enable your Resource Explorer,
460.62 -> a local index is created within every region
464.4 -> and the local index is a collection
466.32 -> of information that Resource Explorer keeps around
470.31 -> about your resources and it helps with faster searches.
477.06 -> Then you would select an aggregator index.
480.03 -> So the aggregator index stores and maintains a local copy
483.72 -> of other indexes and that's what enables
486.48 -> the cross region search.
490.89 -> And then an administrator would create
493.5 -> and set a default view,
495.51 -> and that's what your end users will be searching against.
499.063 -> For example,
500.381 -> in this case we set up a view where any principle
504 -> within the account can search for resources
506.55 -> within that account across regions,
509.16 -> but you can also select other views as well.
511.44 -> For example,
512.55 -> you can set a view where only resource names aren't
516.637 -> are returned or used within the search,
518.88 -> but tags are not used because you may want to keep
521.46 -> the information confidential,
524.34 -> or maybe you wanna limit the view based on resource types,
528.136 -> maybe you have developers in one region
530.656 -> and you would create a view to search
533.55 -> for EC two instances only within that region,
537.75 -> can also give it, filter it even further to say,
541.29 -> is it two instances only within my development environment,
545.07 -> based on some type of environment flag?
551.4 -> So how do I search?
553.05 -> So you can search choosing plain text.
555.24 -> In this example we are gonna use banana and orange,
558.33 -> because we all love fruit.
560.49 -> So that query returns,
562.875 -> anything that's tagged with banana or orange.
566.79 -> And also if you have anything that's banana and orange
569.94 -> in your resource name ARN.
575.22 -> You can also search using tags.
578.64 -> So if you want to find
580.05 -> the application resources across region and services,
583.44 -> here's one of the examples where you tag.
585.87 -> Tag application is equal to banana.
590.94 -> My second example,
591.93 -> it shows you how to find untagged resources.
596.61 -> So tag colon none.
599.25 -> So it will return you all the untagged resources
601.8 -> and you can start tagging them appropriately
604.26 -> to meet your compliance needs.
607.83 -> And in my last example it's finding application resources
610.683 -> that are incorrectly tagged or mis-tagged.
613.41 -> So in this example,
614.76 -> find anything that's not tagged with application equals
618.15 -> to banana.
620.13 -> So with that,
620.963 -> I'll turn it over to Ed to actually show this in action.
623.85 -> Show a demo.
626.49 -> - Great, thank you very much Svetlana.
629.22 -> Let's walk through this.
630.15 -> I'm gonna demo two different things.
632.55 -> I'm gonna demo setting up Resource Explorer
635.91 -> as we walk through just so you can see how it gets set up
637.857 -> and how you can use it.
639.33 -> And then I'm gonna demonstrate a couple of the queries
642.03 -> as well.
642.863 -> So you can see actually how the query language works.
645.51 -> So I'm on console home to find Resource Explorer,
649.35 -> I can simply type Resource Explorer and there it is.
654.035 -> And this is in an account that
656.97 -> has not yet had resource Explorer configured.
661.29 -> So when you are an account that hasn't had it configured,
664.08 -> you're going to land on this splash screen that's going
666.93 -> to explain how it works.
668.73 -> It's gonna give you some use cases,
670.77 -> benefits and features.
672.63 -> You'll note that up in the upper right there's a button
675.51 -> or a link to basically turn on Resource Explorer.
678.72 -> So if we go there,
680.4 -> we have two options for how we set up Resource Explorer.
683.88 -> We have a quick setup option which is right here.
687.6 -> If we do the quick setup option,
689.34 -> the only thing we need to set is the region that we want
693.51 -> to aggregate our results in.
694.98 -> So that's the region where you can look
697.56 -> at your search results across all other regions.
700.965 -> I'm going to for this demo, just do this in US East one,
706.44 -> but I wanna show you the advanced setup just
708.713 -> so that you can see what options you have.
711.81 -> So one option you have is by default we'll create indexes
715.89 -> in all your regions,
717.78 -> but you can go in and select the regions that you want to
720.93 -> if you don't want to create an index in every region.
723.03 -> So that's an option for you.
724.992 -> Another thing you can do is we cannot create
728.76 -> an aggregator index.
729.75 -> Perhaps you only wanna search within a region,
732 -> you don't want cross region results.
734.22 -> That's an option as well.
736.14 -> And then when you go through the setup process,
738.75 -> you create what's called a default view,
741.87 -> which will include all your resource types
744.24 -> and it'll also include the tag information.
746.535 -> And as Svetlana said, you may not want that.
749.862 -> So if you want to create your own custom view,
751.612 -> that's another option available to you.
753.48 -> We'll go back to quick setup,
755.49 -> we'll turn on Resource Explorer,
757.44 -> and you're gonna see what happens is it starts
759.51 -> to create the list of my regions,
761.463 -> so they're available for me.
763.614 -> It takes a bit of time for that index to be built.
766.5 -> So what I'm gonna quickly do is jump over
769.14 -> to another AWS account where I've had that index already up
774.69 -> and running.
776.01 -> And that way then we can just run a few queries right?
778.56 -> Right away.
779.67 -> I'm gonna quickly just switch my region
781.973 -> and we'll go to Resource Explorer.
788.4 -> So this account has had
790.98 -> the Resource Explorer already set up.
792.66 -> So you can see when I went to Resource Explorer,
795 -> I landed right on the search page.
798.191 -> By default you're gonna get your default view,
800.61 -> that's the one that you set up and marked as default.
802.8 -> In this case,
803.633 -> it's going to search all resource types and include tags.
809.01 -> You can,
809.843 -> you'll get by default the list of all your resources,
812.31 -> you can filter those resources,
814.26 -> you can filter them by region,
815.923 -> and you can filter them by types.
818.58 -> So real quickly here,
819.84 -> I can get a list of just my EC two instances.
823.71 -> That's an option for me.
825.075 -> But if I wanna search across all my resources I can
828.33 -> and let's run a couple of
829.23 -> the queries that Svetlana walked us through.
832.02 -> So here's banana, apple.
833.97 -> So as she said,
835.23 -> what this is searching for is I have 11 resources that have
838.953 -> the text banana or the text apple in either
842.49 -> the ARN or a tag.
845.231 -> Now I might want to be more specific than that.
848.16 -> I might wanna say, you know what,
849.18 -> I have a tag that I use that's called application and I
852.87 -> just wanna find the resources that are tagged
855.27 -> and I probably typed, I probably made a typo here,
859.29 -> let me try it again.
860.34 -> Tag.
861.173 -> This is the,
862.38 -> so the tag is equal to application and the value is banana
865.291 -> and I'm not, oh it's equal.
872.37 -> Thank you.
874.29 -> Haha.
876.15 -> So here we get all my tags that are just equal to banana.
882.78 -> I've narrowed down that research result.
884.82 -> If I'm interested in the resources that are,
888.056 -> that have any value,
889.8 -> so they have the tag key of application
891.822 -> but could have any value,
893.31 -> I can actually use a wild card,
895.62 -> and I can see that I'm actually using that tag key
898.14 -> for other values as well.
899.67 -> So that's useful.
900.955 -> Svetlana talked about the use case of tag none.
905.73 -> So let's look at resources
907.2 -> in this account that have no tags.
909.87 -> So these are all the resources in this account if I want to,
912.36 -> now I can filter this list by type and every link
915.42 -> is a link into the resource.
916.8 -> So if I want to go in and remediate that I can,
918.96 -> or as we talked about, you can write automation.
922.05 -> I'm gonna do one more query which
924.09 -> is a little bit more advanced.
926.04 -> I'm gonna show that I can search for banana
928.71 -> but then I can say find me all the resources that have
931.71 -> the term banana either in the ARN or a tag,
934.47 -> but take out the resources that have a tag
937.47 -> with application equal to banana.
939.84 -> So we'll do that equal to banana.
946.472 -> And I found one resource.
947.43 -> Why would I be interested in this?
948.63 -> Well this could tell me this is that mis-tagged scenario.
951.54 -> Like I intended to tag my application with Banana
954.72 -> but perhaps I made a mistake if I click here I can go
958.546 -> to that resource page.
960.24 -> In this case it's an S3 bucket.
961.68 -> So I land straight into S3 for this particular resource.
965.392 -> I can scroll down and I can see, oh look at that,
968.01 -> you're right,
968.843 -> I actually made 'em a typo and I misspelled applications.
973.26 -> So if I want to fix that I can and I can save that
976.68 -> and my index will get updated.
979.44 -> That's an easy way to fix it.
981.27 -> One last thing I'll show you is what I've been doing
984.75 -> is also available for you actually from unified search.
988.65 -> So everything I've done within Resource Explorer,
991.313 -> because I have it set up,
992.82 -> I can also research here for banana and application
997.085 -> and I will get back that same 11 set right there
1000.86 -> from console.
1002.78 -> Great Anders, maybe back to you.
1008 -> - How many have used Resource Explorer?
1011 -> We launched it about a week or two weeks ago.
1013.13 -> See one hand you should go try it out.
1015.743 -> It's like actually pretty cool especially
1018.74 -> the non-tag finding all the resources that are not tagged
1021.65 -> or being able to find things that are mis-tagged.
1023.33 -> One of the big challenges we hear from customers,
1026.085 -> the other one that keeps coming up a lot is also being able
1030.98 -> to just get an ID,
1032.893 -> I don't, I have no idea which region it is.
1034.91 -> Like give me more information around it.
1036.29 -> You can type in the idea of the resource
1037.67 -> and we'll show you that.
1039.492 -> And we had some customers we interacted
1041.03 -> with that had cases where they weren't aware that they
1044.66 -> had resources in a certain region and it shows up on
1047.06 -> the bell.
1048.14 -> Now you can actually proactively go
1049.667 -> and find this little bit earlier than when you get your bell
1052.25 -> so you can actually clear up and like have resources
1054.17 -> in Singapore. Why?
1055.76 -> I don't know why they're there.
1056.75 -> So let's see.
1062.707 -> There we go.
1063.54 -> So we've organized,
1065.27 -> we've gone in and we've searched for resources,
1067.55 -> waited easy to find resources based
1069.95 -> on various different criteria.
1071.9 -> Next step is now how do we not organize 'em?
1073.73 -> How do we get to this?
1075.05 -> Remember the second one that talk we issue
1077.48 -> or pane point that came up.
1079.01 -> We talk about applications,
1080.27 -> we think about applications when we deal with things,
1082.7 -> logical groups of resources gathered together
1085.79 -> that we wanna do things with.
1088.138 -> There's various different ways of doing this
1090.47 -> and I'll walk you through different technology that exists
1093.44 -> and so like build the story around it.
1095.36 -> The simplest way of doing it is by using tags
1098.27 -> and using tags policies.
1099.605 -> We showed some examples when we do the searches
1102.86 -> to show you how you can search for tags.
1104.72 -> Tags simple key value pairs.
1106.453 -> Tag policies is a mechanism for you
1109.88 -> to govern how tags are being applied.
1112.85 -> To ensure example that
1114.86 -> if you have only certain values can apply
1117.59 -> to a specific tag key as an example
1121.7 -> and tag policy you can do other things.
1123.14 -> You can enforce that you also have capitalization
1126.71 -> in a certain way.
1127.543 -> So it is easier to find things in a consistent way getting
1129.92 -> it in play. So.
1132.8 -> With tags you get a,
1134.03 -> I'll call it a simple group, right?
1135.5 -> You can't do very much advanced with it.
1137.48 -> Like you put a metadata on the resource
1139.46 -> and now when you start querying you can ask
1141.77 -> or give me everything that's tagged
1143.06 -> with application equals bananas an example.
1145.19 -> You get back those resources.
1146.87 -> But anything more complex than that
1148.49 -> is really not what tags directly provide you.
1152.57 -> What tag policy does is the governance part.
1155.93 -> And I wanted to show an example here, excuse me,
1158.294 -> where this tag policy, if you apply it,
1160.777 -> it basically says if anybody uses the key,
1164.06 -> tag key application,
1165.798 -> I'm gonna allow them to use banana, orange and apple.
1169.28 -> Those are the only three values.
1170.72 -> If somebody now tries to tag a resource,
1173.36 -> they put an application and they put in pineapple,
1175.82 -> it's gonna fail, it's not gonna work, right?
1178.748 -> One aspect that I didn't put up here as an example,
1181.49 -> a way of further enforcing policy for enforcing using tags
1185.06 -> is using service control policies.
1186.935 -> This is a policy for you to basically govern
1189.59 -> at the top saying is I need this to happen.
1192.398 -> So you can require that tags are being applied upon creation
1196.19 -> of a resource.
1197.39 -> So if you now use an SCP that says
1199.244 -> only anytime a resource gets created,
1201.98 -> I want the tag key application to be there and use
1205.25 -> the tag policy to say these are the three values,
1207.77 -> now you've pretty much locked down hard what gets in place
1210.977 -> and you get some order on how you actually organize
1214.4 -> your resources.
1215.233 -> So that's tags and tag policies.
1218.54 -> Next one is layer up is, so tags individual metadata.
1222.534 -> Next step out is using Resource Groups.
1225.59 -> Oh actually before I go there,
1226.73 -> how many actually use tags today
1228.465 -> in anything that they're doing?
1230.87 -> I wanna see all hands.
1233.09 -> I think I see all hands. That's good.
1234.98 -> What do you use them for is it for permissions?
1237.8 -> Billing?
1238.97 -> Curious to hear.
1240.874 -> (audience member mumbling)
1242.3 -> Okay.
1243.147 -> Yeah.
1246.02 -> So next step is using Resource Groups.
1248.12 -> So Resource Group is a service that allows you
1250.07 -> to also group resources and it leverages tags as well
1253.13 -> as one of the mechanisms.
1254.81 -> And now you can create a query,
1256.37 -> basically say anything that's tagged with application equals
1259.22 -> to banana and cost center 123 as an example.
1262.37 -> All those resources that have those two tags end up
1265.43 -> in a Resource Group and the Resource Group is referenceable,
1269.247 -> it has an ARN,
1270.194 -> you can tag the Resource Group if you want to,
1272.36 -> but you can also use this Resource Group across a bunch
1275.36 -> of services that understands how to deal
1277.4 -> with a logical group of resources based on a Resource Group.
1280.274 -> The other way of getting resources in a Resource Group
1283.49 -> is using a stack CloudFormation stack.
1286.157 -> And this is where you have a stack that's been deployed,
1289.37 -> you can now go to Resource Groups and you point at
1291.59 -> the stack saying is I want all the resources in that stack
1294.2 -> to appear in my Resource Group.
1296.15 -> So now you have one construct that feeds out
1298.88 -> of two different mechanisms,
1300.38 -> and you can build either your own tooling around it
1302.814 -> or you can allow leverage AWS services that understands
1306.015 -> the notion of a Resource Group.
1310.34 -> So compared to what tags is,
1312.05 -> it gives you a little bit more complexity,
1313.73 -> a little more freedom
1315.08 -> of how you define how resources should be grouped.
1317.6 -> You could do one as I said,
1319.069 -> banana and cost center as a combination.
1322.325 -> And the benefit also is you can define
1325.051 -> the Resource Group ones and you can reuse
1326.78 -> it across multiple services.
1328.7 -> Getting back to remember the third bullet,
1330.65 -> we talked about pane points.
1331.88 -> How do I make it easier for my teams
1334.22 -> in my environment when I'm working on it?
1336.23 -> Well I define a Resource Group once and now you can reuse
1339.5 -> it as in in the DevOps use case or in other use cases
1342.92 -> as well as a way of taking advantage of what you set up.
1348.921 -> And this is a simple example of what you define
1351.553 -> in a Resource Group, what it looks like.
1352.64 -> This basically says any resource that has
1354.8 -> the tag application equal or project equals
1356.93 -> to banana belong to this research group.
1363.572 -> Now tags and Resource Groups have existed for quite a while.
1368.699 -> Does anybody here use Resource Groups today?
1371.6 -> Hand up.
1375.32 -> Why not?
1377.15 -> Didn't know about it.
1379.67 -> Okay, we can get to that later.
1382.67 -> Next step that is interesting.
1383.99 -> The next way of organizing and say one of
1386.63 -> the things we were talking this whole presentation
1388.22 -> about how do I manage things at scale
1390.17 -> and how do I make it easier with applications?
1393.17 -> That is to take advantage of Service Catalogs AppRegistry.
1396.59 -> It's a service that was launched about two years ago
1398.854 -> and this allows you to logically group resources based
1402.405 -> on similar criteria.
1404.51 -> You create an application and you would decide
1407.12 -> and you basically tell what resources are part of it
1409.964 -> and what AppRegistry does it takes those two steps we talked
1414.23 -> about before,
1415.063 -> the tagging aspect and the grouping aspect
1417.08 -> and does it for you.
1418.1 -> It will wrap the resources of any Resource Group
1420.694 -> and it will ensure that there are tags
1422.66 -> that are being published and pushed to
1424.34 -> the resources that are part of your application.
1426.74 -> And there's three tags,
1428.09 -> it's an application ID then application name,
1431.33 -> you pick the name and there's the ARN of the application
1435.2 -> and this is the ARN in AppRegistry.
1436.79 -> So it is also now an object that you can put policies around
1439.84 -> and you can put tags on the app, the ARN of the application.
1445.19 -> So that's what it does.
1446.023 -> And so this allows you to bring it all together.
1448.43 -> Now you get consistency in tagging 'cause everything's gonna
1450.95 -> be tagged in a similar way.
1452.51 -> Application ID with an ID and then the ID
1455.15 -> is gonna be different for the different applications.
1459.264 -> Now you can create, so the way you can associate resources,
1463.25 -> I should mention as well with that registry,
1464.93 -> there's two ways,
1465.95 -> you can either associate resources by pointing at one
1468.8 -> or more stacks.
1469.97 -> So there's no one to one mapping here that necessarily,
1472.94 -> you could have a hundred stacks and you add those
1475.37 -> to an application,
1476.48 -> you have to go through the process of adding them in there.
1478.43 -> But once they're in there, AppRegistry does the work
1481.28 -> for you of Resource Group and putting the the tags on
1483.9 -> the resources.
1486.59 -> But you could also add resources based on tags on resources,
1490.735 -> right?
1492.26 -> And this could be,
1493.28 -> said a lot of you already using tags today.
1495.11 -> So this is a way of very quickly getting them control
1497.96 -> and getting it in under the umbrella of what we call
1499.73 -> an application is that way you do this is you define,
1503.24 -> you decide a key tag key that you want to use
1507.29 -> to identify resources, how they belong to an application.
1510.767 -> And then when you create or configure your application
1513.38 -> in AppRegistry you say well this is the value I wanna look
1516.35 -> at on my tags and take those resources and add those
1519.188 -> to my application.
1520.583 -> So I can both use stack and the tag key
1523.7 -> and the key mechanism as a different ways
1525.8 -> of getting things in.
1526.877 -> And the reason for this is to help you as well, right?
1529.58 -> A lot of customers use CloudFormation.
1530.97 -> There are also a lot of customers
1532.55 -> that use other technologies of deploying resources.
1534.887 -> As long as you ensure that those are tagged
1538.13 -> in a way that you can consume, you can bring those,
1540.5 -> all those resources into AppRegistry industry and fold them
1543.05 -> into this application construct.
1545.99 -> The same thing here as you have with Resource Groups.
1548.48 -> You create an application once,
1550.58 -> and it can now be reused across a number
1552.92 -> of services that you have within that that exist within AWS.
1559.501 -> Well that's easy for you.
1560.993 -> Like go and create an application,
1562.76 -> I have to add the resources in it.
1563.81 -> It sounds like it's manual work.
1565.19 -> Is there any way I can do this and offload my teams
1568.46 -> and automate this as much as possible?
1570.47 -> Of course there is.
1572.45 -> One thing you can do is you can update
1574.49 -> your CloudFormation templates,
1576.47 -> and you put a little bit of code snip in it
1578.343 -> and as part of that code snip what it will do,
1580.76 -> it will create an application in AppRegistry and
1583.28 -> it will register the stack that gets created out
1585.89 -> of the template as part of that application.
1588.47 -> So this is something.
1589.4 -> So now when you deploy and get your stack created,
1592.31 -> there's no need to go to upgrade industry,
1594.74 -> creating the application and all of this kind of stuff.
1596.9 -> It is done for you as part of the deployment.
1599.39 -> That's one mechanism.
1600.95 -> The second one is we talked about tags.
1602.72 -> I'll get get back to that in a little bit.
1604.644 -> Or you could use these services or these mechanisms
1608.54 -> or you use the AWS CDK or you can use one
1612.293 -> of the AWS solutions as a fair amount
1614.84 -> of them that are available for you to take advantage of.
1618.137 -> And what they will do is they will register your application
1621.08 -> without registry, right?
1622.73 -> So it helps you not having to worry about to have
1626.06 -> to go to AppRegistry to do things.
1627.553 -> It will do a lot of these things for you. So.
1629.321 -> So this is an example of what you would put
1632.093 -> in a CloudFormation template,
1633.62 -> the code that you add in there,
1635.374 -> and you could do this something that you would do
1637.58 -> to any template that you have if you want
1639.2 -> to go down that route if you're using CloudFormation.
1641.92 -> So it goes in and creates an application,
1643.881 -> puts a name to it and then as I said,
1647.54 -> when the stack is created,
1648.92 -> the stack is automatically added as an application
1651.59 -> as a resource under that application.
1657.62 -> You wanna use tags.
1658.46 -> I sort of like walked through this real quick previously,
1660.523 -> but let me reiterate again what you do is,
1663.724 -> you define a tag key example would be application
1668.101 -> that you are going to look at and that's gonna be
1670.97 -> the same tag key regardless of what application
1673.7 -> it is that you'd want to create.
1675.2 -> The difference is with
1676.04 -> the value you're gonna be looking for.
1677.89 -> So if I gonna select application as a tag key and I create
1681.44 -> an application that I called Banana, I would just gonna say,
1684.77 -> well for the tag key application,
1686.06 -> anything that's tagged with banana belongs
1687.83 -> to the banana application.
1689.75 -> So the benefit out of this is once it's configured,
1692.81 -> now as long as resources gets tagged appropriately,
1695.976 -> through whatever the mechanism is that you want to use,
1698.48 -> if it's tagged on when you create the resources or it's part
1702.17 -> of deployment,
1703.01 -> the resources automatically get added in under
1705.35 -> the application without anything additional needing
1707.99 -> to happen from the developer.
1709.61 -> Whoever's deploying the resources.
1712.43 -> Once again helps you with the problem of how do I make
1715.73 -> it easier for my development team and my finance team
1717.74 -> to to work through things.
1721.64 -> And here.
1722.69 -> - [Ed] Cool, thank you.
1723.74 -> - Ed will take over
1725.393 -> and now demo everything that I talked about.
1727.25 -> - Not quite everything,
1728.84 -> we're gonna keep this to schedule but what I want to do is,
1731.93 -> Andrew's talked about tagging tag policies,
1734.69 -> he talked about Resource Groups
1736.58 -> and then we talked about applications.
1738.2 -> And what I wanna show is how that last construct,
1741.29 -> applications, works in a real life scenario.
1744.362 -> So I'm gonna create two different applications
1746.78 -> in two different ways so you can just see real life how
1749.51 -> it actually happens.
1750.86 -> I'm in the console in this case AppRegistry
1753.74 -> is actually a feature of service catalog the
1756.74 -> just mentioned a moment ago.
1758.63 -> So if I go to the service catalog console in there is access
1762.55 -> to this AppRegistry feature,
1764.613 -> and you can see it's a nice splash page,
1767.18 -> it explains how the service works.
1769.28 -> There's a quick link to create an application.
1771.71 -> I'm gonna create an application
1772.88 -> as I mentioned two different ways.
1774.44 -> First I'm gonna do it via tags,
1776.303 -> because we've already determined
1777.92 -> in my last demo that I'm using the tag application
1780.74 -> and I have some values banana.
1782.39 -> So I wanna grab those resources and put them
1784.31 -> in an application.
1785.69 -> Then after that I'll do the same thing,
1787.22 -> but I'll do it via CloudFormation in an automated way.
1790.303 -> So the first thing I'm gonna do is I'm gonna go
1792.32 -> into the settings within AppRegistry
1794.3 -> and I'm gonna set a tag key.
1796.37 -> The reason I set a tag key as Anders mentioned is that,
1801.2 -> oops, sorry, is that this not banana,
1804.92 -> I've got fruit on the mind.
1806.84 -> This sets the key for this account and region.
1811.91 -> So it says hey,
1812.743 -> I'm standardizing on this tag key application
1815.18 -> and resources that have that tag key can now be part
1818.45 -> of an application.
1819.44 -> It also means they can't be part
1820.67 -> of another application 'cause we've heard clearly
1822.95 -> from customers they want governance around this.
1824.78 -> They want to know that an app,
1825.8 -> a resource belongs to one and only one application.
1829.34 -> Once I create this,
1830.96 -> I can go in to create an application and to do so
1833.78 -> is quite simple.
1835.4 -> I give it a name.
1836.3 -> So we'll we'll stick with the fruit name.
1840.29 -> I'll say that this peels bananas.
1842.574 -> When I create an application, it can actually be,
1846.354 -> it can actually go across multiple accounts.
1848.65 -> Oftentimes customers will have applications
1850.91 -> that have resources in multiple accounts.
1852.41 -> I'm gonna not do that in this demo and just keep it in
1854.63 -> the single account, but that is an option.
1857.39 -> Then I associate resources to the application
1860.09 -> and we talked about doing it via CloudFormation,
1862.25 -> but here you can see I can also do it via tag.
1866.24 -> So by simply entering the value of my tag,
1869.352 -> it now goes out and says, Hey, I found a couple resources,
1873.44 -> those are now gonna be included in the application.
1875.862 -> When I use AppRegistry,
1878 -> I not only associate resources to the application,
1880.64 -> but I can also associate metadata to the application.
1884.03 -> And this is this,
1885.152 -> we call these attribute groups,
1886.45 -> and you can have these predefined.
1888.71 -> So I've predefined an app set of metadata that defines
1891.83 -> the characteristics of this application.
1893.72 -> I've said it's customer facing
1895.1 -> and it's a critical application for our business.
1897.702 -> Based on that I just press create.
1900.65 -> And you can see here that it's gonna go through
1902.6 -> and it's gonna create the application.
1904.94 -> Not only does it create the application,
1906.47 -> but it actually also creates a Resource Group.
1908.66 -> The reason we do that,
1909.89 -> the Resource Group is what collects together all
1912.434 -> the resources for this application.
1914.78 -> And we did this automatically.
1917 -> You can see now that this application,
1919.612 -> here's my resources that are there.
1923.18 -> You can see also that I have this metadata available
1926.21 -> for my application and if I click through to it,
1929 -> you can actually see what it contains,
1930.41 -> which is just some information about this application,
1932.69 -> the type of application,
1934.31 -> the criticality and perhaps the team that owns it.
1936.35 -> But you can define that and set that up in terms
1938.96 -> of how you want to manage your applications.
1942.082 -> That's one way to build an application.
1944.78 -> I wanna walk through one other way and Anders talked about
1948.2 -> the idea that you can do it via CloudFormation
1950.66 -> and through CloudFormation resources
1952.31 -> and he also mentioned that AWS solutions has,
1955.85 -> and when you deploy an AWS solution,
1957.794 -> many of those solutions now automatically create
1960.44 -> an application for you and they do that via
1963.553 -> the CloudFormation technology.
1965.182 -> So just to show exactly what this can look like,
1967.04 -> and I'm gonna do it through a solution,
1968.75 -> but this could be your own stack as well.
1970.604 -> This is a distributed low testing solution on AWS
1974.664 -> and here's the solution page.
1977.39 -> It explains how it works and what the architecture is.
1979.79 -> If I click just to launch this solution in my console,
1983.241 -> it's gonna take me into the CloudFormation console.
1986.252 -> I haven't done anything yet in regards to an application,
1989.87 -> but it tells me, hey, you already have a template,
1992.66 -> it's gonna ask me for some details to provision it.
1995.21 -> So I'll call it, you know, my load testing,
1998.78 -> I'll break from the fruit name here for a second.
2002.8 -> It asks me for a little bit of information
2005.01 -> in terms of my email address.
2008.754 -> But aside from that,
2010.63 -> that's all I need to enter and click next and next,
2017.68 -> and acknowledge and provision.
2023.56 -> And when we create this application,
2025.81 -> you can see how it's being created for me.
2031.874 -> And as it starts to create the resources here,
2034.78 -> there they go,
2036.28 -> I can actually look and they're
2038.2 -> the resources that are actually being created.
2040.39 -> You can see that the application
2042.31 -> is actually already being created for me and oops, sorry.
2048.07 -> And that happened automatically in as just as a result of
2052.117 -> the CloudFormation template.
2054.06 -> Once the application is complete being created
2058.237 -> and it takes a second for this to be done,
2062.25 -> but then I can go back into AppRegistry,
2065.419 -> I'll see if it's already there and there it is.
2069.49 -> So this is the application that I created.
2071.83 -> It happened automatically through that CloudFormation stack.
2076.75 -> If I click into the application,
2080.83 -> you can see there is the CloudFormation stack,
2084.04 -> there's the Resource Group that got automatically created,
2086.44 -> which is gonna help me manage it
2087.88 -> and I'm gonna walk through that in my next demo.
2090.692 -> And also here's some interesting metadata.
2093.58 -> So with the AWS solutions team,
2095.44 -> every solution that gets created is typed,
2098.182 -> named and versioned.
2100.45 -> So all of that's available for you now and it's associated
2102.802 -> to that whole collection of resources that got created
2106.06 -> for the solution.
2106.893 -> So it's a really nice way of managing at scale
2109.45 -> the resources that you're creating on AWS.
2112.54 -> And I think with that, I'm gonna pass back to you Anders.
2122.38 -> - Let's see, did it switch back?
2125.47 -> Yep, we're good.
2127.143 -> So how many knew about AppRegistry before this?
2133.66 -> See one hand now everybody knows everybody's an expert,
2137.824 -> everybody's gonna go home and use it.
2139.93 -> You should be flipping up your laptops and deploying it now
2142.36 -> and testing it out, so.
2144.61 -> No, but I said if you think about it
2146.26 -> is a really useful tool,
2147.22 -> it makes life much easier for you because now if it goes in
2150.31 -> and it structures and ensures
2151.51 -> the tags are consistently applied,
2153.911 -> these are also system tags which is has
2156.43 -> an entity property of that.
2157.96 -> You can't, your users can't change them.
2160.074 -> They're only controlled through AWS Services,
2162.912 -> which gives a lot of benefit with regards
2165.28 -> to nobody can go mock around
2166.66 -> or add their own tags that magically adds it in there.
2169.3 -> But the system tags with the application ID
2171.73 -> and application name is something that
2173.08 -> is you can be taken advantage of.
2175.96 -> Okay? So we started with Explore finding our stuff,
2178.75 -> we could find things that were now tagged.
2180.46 -> Once we find all these pieces,
2181.75 -> we went in and organized them,
2183.61 -> you could use different ways of doing it either with tags,
2186.01 -> you can use Resource Groups, upgrade issues,
2188.35 -> probably the preferable one because it does a lot
2190.21 -> of the heavy lifting for you.
2191.71 -> So you should definitely go back and look at
2193.39 -> it once we're done with the presentation.
2196.03 -> Now what can we do with this stuff?
2197.59 -> How do we act on, we've gone in and grouped them,
2199.63 -> we've gotta do things with it.
2201.342 -> So let's walk through the same way we started with tags
2204.337 -> and we're gonna get further up the chain
2206.32 -> of how you can do things.
2207.91 -> So if you've used tags and you've used,
2209.86 -> everybody raised their hand when I asked
2211.21 -> the question previously,
2212.62 -> there's three cases that normally comes up with regards
2216.004 -> to tags.
2216.837 -> What you can do like one is around cost management,
2219.52 -> one is around permissions and one is around operations
2222.076 -> and support.
2223.21 -> And if we walk through them one by one,
2224.65 -> like the cost management aspect,
2226 -> this is cost allocation tags, most people know about them,
2229.423 -> you have to enable them.
2230.65 -> But once they're enabled you can now get your cost
2233.05 -> and usage broken up by tags.
2234.783 -> You can also set budgets based on tags.
2236.98 -> It's not just getting the usage you can control
2238.99 -> and get alarms based on where you're at with your budgets,
2241.3 -> et cetera.
2242.44 -> And the other one that I put up here as an example
2244.48 -> is also anomaly detection from a billing perspective,
2247.93 -> like maybe suddenly my cost is going up higher than
2250.39 -> it normally does.
2251.223 -> I'll get a notification about it if I've set it up.
2255.053 -> And this is where like you have to go in, if you see here,
2257.8 -> these are the tags,
2259.18 -> the tag keys I should say that you go
2261.01 -> and enable for cost allocation that are related
2263.65 -> to registry that put on the resources, right?
2267.212 -> Permissions if you want to control permissions,
2271.06 -> this is attributes based access control industry terms.
2274.75 -> It allows you to go in and define permissions based on
2277.674 -> the tags on the resource.
2279.13 -> And you can also take advantage of tags on the principle
2282.032 -> and use that as a way of matching and saying
2284.59 -> as how control gets applied depending on which group they're
2288.537 -> in and what they're trying to do with the resource.
2290.86 -> And it allows you to simplify your policy a lot,
2293.282 -> because you don't have to gonna specify a service,
2295.93 -> you don't have to specify the resource type,
2297.73 -> unless you specifically want to do so.
2299.861 -> But it gives you a little bit of more simplicity
2302.86 -> of how you actually control and put the policy in place.
2305.53 -> And I'll show an example of that in in a little bit
2307.66 -> in a slide to come.
2309.04 -> The last one is a way of getting more context on
2312.82 -> the resources so that if there is something that's happened,
2315.736 -> you can do things with it.
2318.19 -> Like let's say there's an alarm that fires in,
2319.93 -> what you get is the resource ID, right?
2322 -> Well if you get the resource ID,
2323.29 -> you can get ask for the tags on it,
2325.21 -> maybe there's a contact information on it
2327.164 -> or maybe it's other ways of doing it.
2328.93 -> Another way of getting contact information
2330.76 -> would be using attribute groups associated
2332.47 -> with the application.
2333.726 -> The other benefit of having the tag information
2337.81 -> with the application ID and application name,
2340 -> let's say there's an alarm fires and you know the resource,
2342.43 -> you can now know which application that resource is part of.
2346.06 -> So you know which application in your world that
2348.55 -> is being impact, not not just the individual resource.
2352.42 -> Those are key things.
2353.53 -> If we look at the policy that I wanted to walk through,
2356.354 -> there are other sessions that walk through much deeper
2359.35 -> in how you deal with permissions in the IAM space.
2361.74 -> But I really wanna bring this up because that actually shows
2364.48 -> the power of using tags.
2366.34 -> So what this policy states basically saying
2368.47 -> is allow any action on any resource from any service
2372.381 -> as long as it has a resource tag, which is service catalog.
2377.26 -> The application name equals to banana
2379.187 -> and the tag on the principle is team equals to fruit salad,
2384.13 -> right?
2385.03 -> So now whenever a new resource gets added,
2387.97 -> I don't have to change the policy, right?
2390.61 -> It just automatically gets access in here.
2392.526 -> Another way of being controlled,
2394.84 -> if you want to control it in a slightly different way
2396.76 -> but you get a similar result is really saying is I want
2399.736 -> to have any resource and any action service,
2405.035 -> I want to make sure that they can get access as long
2408.07 -> as the application name is equal to the team name.
2411.81 -> Now I don't even have to specify Banana in the policy,
2414.91 -> I just basically say that application name colon
2417.76 -> and then I put the principle tag team on
2419.89 -> the right hand side.
2421.69 -> So now anybody in the banana team gets access to
2424.33 -> the banana resources and anybody in
2426.52 -> the orange team gets access to the orange resources
2428.96 -> and you can use the same policy across all
2431.79 -> of these different teams and resources.
2433.57 -> Very, very powerful.
2434.59 -> So anybody using this today?
2440.14 -> I see the people nodding a little bit
2441.97 -> so we should definitely take an advantage and look at it.
2444.88 -> It's really powerful. So.
2448.68 -> So this was being taking action on resources.
2451.63 -> Now if we go up a layer,
2452.62 -> we talked about grouping them based on Resource Groups
2455.25 -> and there's several services today that allows you
2458.41 -> to point at a Resource Group
2460.72 -> and basically say perform actions on that thing
2463.06 -> and all the resources in it.
2464.434 -> An example here is like systems manager and there's flavors
2467.38 -> of system manager like incident manager
2469.06 -> and this patch manager, et cetera, et cetera.
2471.13 -> And you can go into those individual services and selecting
2474.1 -> is I want to do my stuff on that Resource Group.
2476.283 -> And they will iterate through the resources and do whatever
2479.32 -> it is that you've defined as part of it.
2481.09 -> Example is patch manager, where you will patch,
2483.1 -> you're gonna patch the instances that are part
2484.75 -> of a resource group.
2486.01 -> So instead of doing it individually,
2487.27 -> you can put in a Resource Group.
2488.62 -> Now you've got the benefit out of it,
2490.48 -> which means even that we say Resource Group,
2493.12 -> even that AppRegistry envelopes all the resources in
2495.937 -> the Resource Group you can point at that Resource Group.
2498.943 -> Big advantage. Same thing with CloudWatch.
2502.323 -> You can go in and build a dashboard by pointing
2506.74 -> at a Resource Group as a way of monitoring what
2508.48 -> the health is.
2509.372 -> And same thing here,
2510.52 -> you can point at a research group and take advantage
2512.44 -> of what you've done there.
2514.9 -> And its sort of like just a simple clip of what
2516.82 -> it would look like.
2518.213 -> Usually the resources or the services will give you options
2521.98 -> of what you can select different ways of grouping it.
2524.74 -> A benefit of using Resource Groups
2526.21 -> is it's like a exchange where you can have
2529.15 -> different technologies that allows you to have the resources
2531.85 -> in that group and the service just understands it
2534.88 -> and take advantage of it.
2535.81 -> And here I'm basically saying pick
2537.97 -> the Resource Group that's called Application Banana
2541.18 -> and that is the Resource Group name
2542.71 -> that AppRegistry will create is
2544.72 -> to show taking advantage once again on what AppRegistry has,
2548.38 -> produces for you.
2550.57 -> Okay, we did tags, we did Resource Groups.
2552.85 -> Is there a better way?
2553.69 -> Is there better experience you can have around this?
2556.3 -> And now we get to the applications that are registered
2559.03 -> that you created in AppRegistry and there's services,
2561.37 -> multiple services you can see up here.
2563.41 -> And this is something that will continue
2564.85 -> to grow over time where we're gonna add more
2566.984 -> and more service in in here that will fully understand
2569.221 -> this concept of an application that we've created.
2571.92 -> So CloudWatch Application Insights, Resilience Hub,
2574.99 -> Well Architected, Service Management Connector.
2577.54 -> This is to connected into ServiceNow,
2579.64 -> the application that you defined and Application Manager.
2583.03 -> All services where they will list
2585.8 -> the applications that you have created in AppRegistry
2588.94 -> so you can select from there, right?
2590.86 -> And this one thing again gets back
2592.63 -> to this whole like how do you make it simpler?
2594.13 -> Should I only have to define something once and I can reuse
2597.01 -> it depending on what my job is?
2598.96 -> Well this is where you take that advantage of making
2601.75 -> it life easier for your teams.
2604.453 -> This is a simple,
2605.65 -> just a simple clip of what it looks like when you select it.
2609.04 -> This is only has banana,
2610.24 -> I should probably have more examples here.
2611.8 -> But you basically get an experience of what it looks like.
2614.77 -> You can also, in all of these services,
2616.962 -> I think it's all of these services,
2618.82 -> but most of them you can also create an application.
2621.302 -> It will create it in AppRegistry.
2623.74 -> So if you've used another,
2625.12 -> if the service allows you to pick other Resource Group
2629.17 -> as an example, you can click create application.
2631.563 -> It will create the application and include those resources
2634.24 -> into an application in AppRegistry.
2636.7 -> So I didn't talk about Application Manager,
2639.542 -> I want to have a separate slide
2640.99 -> to go through that because this is the hub for you
2645.04 -> to manage and operate your applications on AWS.
2647.95 -> This is should be your starting point.
2649.724 -> What Application Manager does is pulls together a lot
2652.78 -> of pieces,
2653.613 -> it pulls together ways of pulling in resources depending
2658 -> on how they're being grouped,
2659.77 -> like applications in AppRegisty, Resource Groups.
2663.22 -> You can point out a stack,
2664.319 -> you can point at things that have been deployed through
2668.2 -> Launch Wizard.
2669.358 -> Even ETS Clusters is another technology that's part
2672.37 -> of this that can be imported in and monitored and looked at.
2675.78 -> And once you've gotten these constructs in
2679.51 -> or you basically selected what you wanna look at them,
2682.33 -> it allows you to do a lot of different things.
2683.8 -> It brings together a lot of information from CloudWatch such
2687.13 -> as alarms and logs.
2689.47 -> It allows you to look at how you're doing from
2692.02 -> with AWS config and config rules.
2693.97 -> Are you compliant with the rules that have been set up
2696.433 -> in your environment?
2698.847 -> The cloud trail logs information that comes out the log
2702.07 -> so you can see what events have been trickling,
2704.77 -> have been registered for your application and is that right?
2708.94 -> And last one I bought gonna,
2709.9 -> theirs also says Cloud cost explorers.
2712.33 -> So it will start surfacing your cost based
2714.91 -> on your application, right?
2717.13 -> So it is truly a hub where you should be working and looking
2720.13 -> and monitoring and working and doing a lot
2721.9 -> of your work around from an application perspective.
2724.96 -> The last part is you import resources,
2726.552 -> you can go and investigate to understand like what's
2729.16 -> the health, how is it doing, is it rolling along,
2731.29 -> is that healthy?
2732.85 -> And once you find things you want to do,
2734.86 -> the next step would be you need to remediate it,
2737.23 -> you need to poke at it.
2738.64 -> And this where is where things such
2739.9 -> as like patch manager that I talked about previously
2742.48 -> also will help out and get those resources in place,
2746.082 -> the fixes in place.
2749.29 -> With that, I think it's time for the next demo.
2751.54 -> - Yes, thank you Anders.
2759.202 -> Okay, for the next demo,
2760.6 -> what I'm gonna focus on
2761.89 -> is demonstrating primarily Application Manager,
2765.94 -> because I think as,
2766.773 -> as Anders talked about,
2767.65 -> that's where we're really able to pull it all together.
2770.23 -> And I can show you,
2771.22 -> walk you through some of the management functions
2773.11 -> that you can do an Application Manager.
2775.51 -> Application Manager,
2776.8 -> one of its inputs is the AppRegistry,
2779.23 -> which we've already fed into.
2780.52 -> So we're gonna be able to look at our applications
2782.47 -> and pull them up in that tool.
2784.09 -> I'm on the console homepage and the reason I'm starting,
2787.238 -> I've started every demo there,
2788.74 -> but one of the things we've just recently launched
2790.7 -> is actually an applications widget right on the homepage
2794.2 -> of AWS.
2795.033 -> So this is,
2795.866 -> we're kind of getting into this notion that,
2797.41 -> you should be able to get to your application
2799.09 -> from wherever you are on AWS and have a one click away.
2802.51 -> So we've actually got that now.
2804.373 -> You can see here's the banana application,
2806.59 -> here's that load testing application.
2808.312 -> For this demo,
2809.53 -> I'm gonna use a different application that has,
2811.42 -> it's been running for a bit,
2812.56 -> it has a bit more interesting aspects to it,
2814.78 -> which are gonna make it easier for me to demo.
2816.37 -> So we're gonna click into that.
2819.34 -> With one click,
2820.45 -> I now go into Application Manager,
2823.52 -> which is a capability of systems managers.
2828.31 -> You can see here in the chain.
2829.87 -> And you can,
2830.703 -> when you come into Application Manager,
2832.3 -> you get a single dashboard of your application.
2834.87 -> Let's just walk through it.
2837.37 -> In the left hand pane we get what are
2840.37 -> the components that sit in this application?
2842.62 -> This particular application
2843.64 -> was provisioned via CloudFormation stack.
2845.57 -> So these are all,
2847.03 -> there's actually eight CloudFormation stacks
2849.31 -> that came together to build this application.
2851.8 -> One stack deploys the compute,
2854.62 -> another stack deploys the storage,
2856.892 -> another stack deploys our database.
2860.06 -> So all of those are deployed.
2862.48 -> And then we have additional stacks
2863.62 -> that are actually deploying config rules.
2865.9 -> Right here you can see that we have,
2867.69 -> we can see what alarms,
2870.16 -> CloudWatch alarms are in place for these applications.
2872.59 -> These are alarms that are actually included
2874.33 -> in the application and associated to the resource.
2876.67 -> So as Anders talked about,
2877.99 -> how can I connect my alarms to my applications,
2880.12 -> this is something that Application Managers helping us do.
2883.63 -> So we can see that I have seven alarms that are in alarm,
2887.59 -> two for my database, two for my compute,
2889.78 -> and two for my file storage.
2891.16 -> And I can see a summary of those here in terms of,
2894.13 -> I also have 11 that are actually in a fine state.
2896.544 -> If I click into a stack,
2899.05 -> this will render for just that one stack
2901.63 -> and I can actually click into those alarms.
2903.862 -> One of the tools,
2906.76 -> this is what we're doing with applications,
2908.41 -> is pulling together multiple AWS services
2910.388 -> and with App Manager.
2912.52 -> So you can see as I pull, look into the the compute stack,
2916.3 -> I can see that there is a set of alarms
2918.61 -> that have actually been created
2920.02 -> and determined by application insights.
2922.57 -> So prior to launching this app, I told application insights,
2926.98 -> look at this application and determine how to monitor
2929.56 -> it using AIML.
2931.15 -> So it's built a couple of alarms and it says,
2932.837 -> you know, you should take a look at those.
2934.69 -> Those are low severity, but they're potential issues.
2937.63 -> And then down here are the alarms that I've actually created
2940.45 -> as part of the app.I define these.
2944.35 -> If I want to actually look at them,
2945.73 -> I can actually click on them and that'll take me straight
2948.16 -> into CloudWatch, right into that alarm.
2950.95 -> So now I can do my investigation, my troubleshooting.
2953.32 -> It's all right there, you know,
2954.79 -> two clicks away from my application.
2957.309 -> So that's super powerful.
2961.63 -> If I come back into this application,
2964.5 -> I wanna show a couple other aspects that we can look at.
2967.72 -> So one another key thing we have
2970.72 -> is I wanna understand how much my application costs.
2973.51 -> And so we have a summary of costs right on the homepage
2976.39 -> of App Manager, you can see I provisioned this in November,
2979.96 -> so we don't have any costs in September and October,
2982.93 -> but so far it's cost me $7 and 96 cents in November.
2987.759 -> This is just for the resources in this application.
2990.489 -> So only those resources are contributing
2993.79 -> to this calculation of cost.
2996.122 -> Further down I can actually look at compliance
2998.94 -> of the application.
3001.08 -> So this will tell me for the config rules
3005.07 -> that I have defined in this AWS account where
3008.04 -> this application is running,
3009.78 -> looking just at the resources that are in this application,
3013.47 -> which ones are compliant and which ones aren't compliant.
3016.492 -> So you can see I have five resources that are non-compliant,
3021.33 -> 11 that are compliant and a few
3023.04 -> that I don't yet have enough data.
3025.59 -> If I wanna look at all my compliance rules, I can do that.
3029.43 -> I can look at all 11 rules that I have in place
3031.77 -> and for each rule it'll tell me how many resources are fine
3034.881 -> and how many resources have an issue.
3038.4 -> And actually if there's a remediation action set up,
3041.19 -> it'll actually list the remediation action as well.
3043.287 -> And if I want to take more action on this,
3045.698 -> it's one click away for me to go to AWS config and work
3049.92 -> on my remediation.
3051.99 -> The last thing I wanna show with App Manager is the ability
3057.03 -> to drill into individual resources.
3058.86 -> So Anders talked about this idea
3060.81 -> of how do I collect together my resources into one place?
3063.6 -> So these are just the resources.
3065.13 -> I've got 32 resources in this application
3069.09 -> and it's super easy now for me to find,
3071.52 -> let's say I want to find an EC two instance.
3074.58 -> I can find that instance right there.
3076.2 -> This is the EC two instance that's running,
3078.21 -> that's powering this application.
3080.276 -> When I look at that instance,
3082.38 -> I can actually also take action on it.
3084.789 -> So App Manager integrates with Runbooks, SSM Runbooks,
3089.609 -> and I can write here with one click,
3091.653 -> look at a set of Rrunbooks that are applicable to this.
3094.626 -> And if I wanted to, for instance, to restart this instance,
3097.832 -> it's one click away and I could actually execute
3101.04 -> that Runbook here and restart the instance.
3103.497 -> So that's available to me right there
3105.54 -> from within App Manager.
3108.033 -> Anders mentioned a couple other services
3110.7 -> that are integrated as well with applications.
3112.95 -> This is App Manager we mentioned Well Architected,
3116.49 -> so you can now perform.
3117.66 -> If I go to Well Architected,
3119.16 -> let me just show you that I won't be able to,
3121.83 -> I don't have the time to do a full demonstration of it.
3124.53 -> But just to show you, when you go into Well Architected,
3127.59 -> for those of you who use the Well Architected service,
3130.41 -> you can now connect your Well-Architected analysis
3133.14 -> to an application.
3135.03 -> So down here we have the ability right here
3137.11 -> to actually select the application that I've created
3139.84 -> and now you've connected that analysis back
3143.07 -> to that application.
3144.53 -> One other tool,
3145.77 -> I'll just show you really quick just so you get a sense,
3147.942 -> is Resilience Hub.
3149.34 -> So you might want to analyze the resilience
3151.98 -> of your application and understand, you know,
3154.02 -> how you can improve that resilience,
3155.94 -> which is what Resilience Hub enables you to do.
3158.34 -> Resilience Hub also has the ability to grab
3160.62 -> an AppRegistry application and go ahead
3163.02 -> and just drop that in and then do a resilience analysis
3165.69 -> on it.
3166.523 -> So those,
3167.4 -> all those services are plugged into this one library
3170.49 -> of your applications.
3172.5 -> And I think with that, I'll pass it back to you.
3183.81 -> - Bingo.
3185.079 -> That's double click every time.
3186.442 -> Thank you Ed.
3187.772 -> How many use Application Manager, anybody uses it today?
3195.24 -> This is a very quiet crowd.
3196.47 -> Oh, one person.
3197.4 -> One person. (laughs)
3200.19 -> So let's start a recap,
3202.8 -> and go through like what actually did we walk through
3205.14 -> to give you a little bit of a flavor of things going on?
3207.75 -> We walked through,
3209.159 -> we started with exploring how do you find your stuff?
3211.29 -> Then we talked about how do you organize it
3213 -> and then later on we talked about acting on it.
3216.18 -> So what we are trying to paint a picture around
3218.43 -> is that you can pick little bit the choice of your
3221.354 -> is on your side of like, how do I get my resources created?
3224.67 -> How do I deploy them, right?
3226.29 -> You could use CloudFormation,
3227.73 -> you could use Proton that uses CloudFormation under
3230.07 -> the covers as an example, you could use the CDK et cetera,
3234.18 -> Launch Wizard.
3235.013 -> Maybe you have other technologies that deploy resources
3237.15 -> and get them out, get them deployed into your account.
3241.56 -> Once they're in place,
3242.58 -> now you have basically resources grouped
3245.37 -> in various different ways.
3246.27 -> You have them with stacks.
3247.68 -> Ensure that they're tagged as well.
3248.91 -> We talked about tags and tag policies as a way of governing
3252.54 -> and making sure that tags get appropriately put into place.
3255.2 -> If you take advantage of AppRegistry,
3257.108 -> it will do a lot of simplifying a lot of stuff for you.
3260.75 -> It will put a Resource Group around all the resources
3263.199 -> so that you have something you can reference
3265.38 -> and it will ensure that there are tags placed on
3267.75 -> the resources that are part of the application as well,
3270.45 -> so that you later on can take advantage of the ecosystem
3275.16 -> of services that we have that actually can act on a group
3278.37 -> of resources.
3279.35 -> We showed some services,
3281.399 -> demoed some services that already understands the concept of
3285.24 -> an application.
3286.5 -> You'll probably see more coming in the future as well.
3288.78 -> We're gonna keep adding more and more into this so that you,
3291.54 -> once your application is created and register
3293.22 -> in AppRegistry,
3294.24 -> other servers will pick it up
3295.44 -> and you just pick that application,
3296.76 -> application, banana, orange, whatever.
3298.829 -> It's that you call them.
3301.35 -> So what should you take away from this?
3304.17 -> One.
3305.1 -> This is like super important,
3307.2 -> like define and publish a tagging schema.
3309.51 -> Hopefully you already done this,
3310.921 -> 'cause everybody raised a hand and said they're using tags.
3313.77 -> You probably have some sort
3315 -> of idea what your tagging schema should be.
3317.04 -> You should definitely look at tag policies.
3318.66 -> You should look at what you can take advantage of the SEPs.
3321.63 -> I have a blog that I'm gonna show a link
3325.47 -> to later on that you should read about that talks about how
3327.81 -> to use SCPs, et cetera to basically govern and control tags,
3331.56 -> creation and tags on resources.
3333.394 -> But get defining your tagging schema, put it in place.
3336.66 -> Use Resource Explorer as a way
3338.16 -> of identifying where there's mismatch.
3339.96 -> You probably already have a lot of resources deployed
3342.63 -> that you might have tags.
3343.53 -> Find resources that are not meeting your standard.
3346.084 -> Take advantage of Research Explorer.
3348.692 -> Use AppRegistry as a way of doing this organization
3352.47 -> is that it takes away a lot of the pain from you of having,
3356.01 -> trying to figure out how to group it.
3357.648 -> If you use AppRegistry, as you see,
3358.481 -> there's a lot of things and benefits that comes out of it at
3360.81 -> the other end that you can take advantage of
3362.7 -> and it does a lot of the groundwork
3363.93 -> for you when you're working.
3366.332 -> Last thing I put up here is automate, automate, automate.
3369.776 -> And that is more around
3371.31 -> if you think about what we were walking through,
3372.81 -> well how can I automate application creation?
3374.82 -> We'll update your templates, put it in,
3376.68 -> there's some script in there so it'll automatically register
3378.75 -> your application.
3380.189 -> Use tags.
3381.42 -> If you're using tags for your resources,
3383.16 -> build it into your applications as well.
3384.9 -> Take advantage of that.
3386.07 -> So now when resources get created and they're tagged
3388.38 -> appropriately, resources will automatically end up in there.
3391.08 -> Now you're taking away the human person
3393.72 -> in between that might do something wrong.
3396 -> You're taking away those pieces.
3397.5 -> Automate just helps getting things moving
3399.75 -> much more efficient, so.
3402.666 -> Here's some good links to some good documentation
3405.12 -> to look at.
3405.953 -> The top one talks about tagging best practices and I think
3409.86 -> it was just recently updated as well.
3411.69 -> So you definitely should look at that
3412.92 -> and take advantage of that.
3414.39 -> The second one is the blog I talked about.
3416.294 -> It talks about how you set up a tagging strategy,
3419.635 -> using tag policies and SCPs that we discussed
3423.163 -> as a way of controlling tags getting put on resources.
3425.496 -> And the last one really goes into more details
3429.33 -> about how AppRegistry and Application Manager together
3431.94 -> actually gets this environment ready for you
3434.91 -> and how you can really take advantage of monitoring
3436.86 -> and managing your world through Application Manager.
3442.08 -> Last piece is we're running towards the end.
3444.39 -> I think there's, I'm seeing there's two minutes left.
3446.268 -> Please fill out the survey.
3447.686 -> Any feedback,
3448.83 -> how we can improve more data you would like to see,
3450.78 -> get it in there.
3451.867 -> Tomorrow,
3452.91 -> I don't think the expo's open this late,
3455.46 -> but tomorrow you can always go to the expo,
3457.05 -> go to the Cloud Operations kiosk,
3459 -> ask them any question you want.
3460.23 -> They'll be able to answer them and help you out
3461.66 -> in more detail.
3463.38 -> There are more events,
3465.093 -> more sessions that are related to Cloud Operations.
3468.528 -> That blog that's up there.
3470.79 -> Should list all of those sessions that you should go
3472.77 -> and take advantage of and learn more things.
3476.91 -> With that, we say thank you so much for your time.
3480.6 -> Appreciate it this late hour of the day.
3482.651 -> Go and enjoy the rest of the evening.
3485.25 -> If you have questions, please come up.
3486.69 -> I'm not gonna take questions this way.
3487.98 -> You can come up to the podium and we'll take questions here
3489.724 -> and talk about it.
3491.19 -> So thank you so much for showing up.
3492.48 -> Appreciate your time.
3493.784 -> Okay, thank you.

Source: https://www.youtube.com/watch?v=bbgUnKq6PAU