├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── LICENSE ├── README.md ├── cfntemplates ├── Operational-Best-Practices-for-Amazon-S3-with-Remediation.yaml ├── ssm-workshop-resources-episode-01.yml ├── ssm-workshop-resources-episode-03.yml ├── ssm-workshop-resources-episode-04.yml ├── ssm-workshop-resources-episode-05.yml └── workshop-config-prerequisites.yaml ├── episode-01-step-00-overview.md ├── episode-01-step-01-enable-inventory.md ├── episode-01-step-02-codify-runbooks.md ├── episode-01-step-03-define-freeze.md ├── episode-01-step-04-enable-state.md ├── episode-01-step-05-tear-down.md ├── episode-02-step-00-overview.md ├── episode-02-step-01-enable-config-cloudtrail.md ├── episode-02-step-02-config-rule.md ├── episode-02-step-03-config-conformancepack.md ├── episode-02-step-04-cloudtrail-loginsights.md ├── episode-02-step-05-tear-down.md ├── episode-03-step-00-overview.md ├── episode-03-step-01-initial-setup.md ├── episode-03-step-02-troubleshoot.md ├── episode-03-step-03-application-visibility.md ├── episode-03-step-04-tear-down.md ├── episode-04-step-00-overview.md ├── episode-04-step-01-enable-patch.md ├── episode-04-step-02-enable-automation.md ├── episode-04-step-03-enable-change-management.md ├── episode-04-step-04-tear-down.md ├── episode-05-step-00-overview.md ├── episode-05-step-01-enable-incident.md ├── episode-05-step-02-mitigate-respond.md ├── episode-05-step-03-post-incident.md ├── episode-05-step-04-tear-down.md ├── media ├── alarm-in-alarm-state.png ├── aws-config-1-click.png ├── aws-config-confirm.png ├── begin-stress-test.png ├── calendar-arn.png ├── calendar-automation-details.png ├── calendar-create-automation.png ├── calendar-create-calendar.png ├── calendar-create-event.png ├── calendar-description.png ├── calendar-run-automation.png ├── change-create-template.png ├── change-manager-approve-request.png ├── change-manager-automation.png ├── change-manager-change-details.png ├── change-manager-change-parameters.png ├── change-manager-set-up.png ├── change-manager-settings.png ├── change-manager-sns.png ├── change-manager-task.png ├── change-manager-timeline.png ├── cloudformation-create-stack-ep01.png ├── cloudformation-create-stack-ep02.png ├── cloudformation-create-stack-ep03.png ├── cloudformation-create-stack-ep04.png ├── cloudformation-create-stack-ep05.png ├── cloudformation-stack-ep02.png ├── cloudtrail-aws-logo.png ├── cloudtrail-create-trail-ep02.jpg ├── cloudtrail-loginsights.png ├── cloudwatch-disk-used.png ├── cloudwatch-iam-role.png ├── cloudwatch-mem-used.png ├── codify-runbooks.png ├── config-aws-logo.png ├── config-conformancepack.png ├── config-conformancepack1-ep02.png ├── config-conformancepack2-ep02.png ├── config-conformancepack3-ep02.png ├── config-disable-recording.png ├── config-gettingstarted-ep02.png ├── config-recorder-off.png ├── config-reevaluatessmrule-ep02.png ├── config-remediatebutton-ep02.png ├── config-rule.png ├── config-settings-ep02.png ├── config-ssmremediation1-ep02.png ├── config-ssmremediation2-ep02.png ├── configure-replication-set.png ├── create-command-document.png ├── create-resource-data-sync.png ├── createInstances.template ├── define-freeze.png ├── ec2-tags-patch-group-app.png ├── ec2-tags-patch-group-web.png ├── enable-change-management.png ├── enable-config-cloudtrail.png ├── enable-inventory.png ├── enable-state.png ├── enabling-patch-management.png ├── ep01-st01.drawio ├── ep01-st01.png ├── ep03-p01.png ├── ep03-p02.png ├── ep03-p03.png ├── ep03-p04.png ├── ep03-p05.png ├── ep03-p06.png ├── ep03-p07.png ├── ep03-p08.png ├── ep03-p09.png ├── ep03-p10.png ├── ep03-p11.png ├── ep03-p12.png ├── ep03-p13.png ├── ep03-p14.png ├── ep03-p15.png ├── ep03-p16.png ├── ep03-p17.png ├── ep03-p18.png ├── ep03-p19.png ├── ep03-p20.png ├── ep03-p21.png ├── ep03-p24.png ├── ep03-p27.png ├── ep03-p28.png ├── ep03-p29.png ├── ep03-p30.png ├── ep03-st01.drawio ├── ep03-st01.png ├── ep04-st01.drawio ├── ep04-st01.png ├── ep05-st01.drawio ├── ep05-st01.png ├── episode-02-step-00-overview.png ├── episode-03-account-id.png ├── episode-03-app-overview.png ├── episode-03-cloudshell-describe.png ├── episode-03-cloudshell-upload.png ├── episode-03-command-parameters.png ├── episode-03-compliance-tab.png ├── episode-03-custom-application.png ├── episode-03-debug.png ├── episode-03-example-explorer.png ├── episode-03-explorer-configure.png ├── episode-03-get-process.png ├── episode-03-initial-setup.png ├── episode-03-kms-policy.png ├── episode-03-logs-tab.png ├── episode-03-message.png ├── episode-03-monitoring-tab.png ├── episode-03-opsitem-details.png ├── episode-03-opsitems-tab.png ├── episode-03-performance-counters.png ├── episode-03-pid.png ├── episode-03-powershell-session.png ├── episode-03-resource-group.png ├── episode-03-resources-tab.png ├── episode-03-runbook-results.png ├── episode-03-runbook-tab.png ├── episode-03-security-group.png ├── episode-03-session-preferences.png ├── episode-03-set-registry.png ├── episode-03-start-session.png ├── episode-03-step-00-overview.png ├── episode-03-step-03-application-visibility.png ├── episode-03-tags.png ├── episode-03-target-instance.png ├── episode-03-troubleshoot.png ├── episode-03-userdata.png ├── episode-03-view-counters.png ├── episode-03-windows-ami.png ├── episode-04-link.png ├── episode-05-step-01-prepare.png ├── episode-05-step-02-mitigate-respond.png ├── episode-05-step-03-post-incident.png ├── episode-05.png ├── fleet-manager-kms.png ├── github-raw.png ├── iam-add-user.png ├── iam-console-link.png ├── iam-console-sign-in.png ├── image23.png ├── image24.png ├── incident-annotations.png ├── incident-create-analysis-window.png ├── incident-create-analysis.png ├── incident-custom-event.png ├── incident-detection-question.png ├── incident-generated-opsitem.png ├── incident-recommendations.png ├── incident-relative-timeframe.png ├── incident-timeframe-edit.png ├── instance-iam-role.png ├── inventory-bucket-policy.png ├── parameter-create.png ├── patch-add-exceptions.png ├── patch-add-group.png ├── patch-create-baseline.png ├── patch-dashboard.png ├── patch-export-report.png ├── patch-install-now.png ├── patch-modify-group.png ├── patch-never-reported.png ├── patch-now-results-install.png ├── patch-now-results.png ├── patch-patch-group.png ├── patch-s3-report.png ├── patch-scan-now.png ├── patch-view-baseline.png ├── prepare-create-contact.png ├── prepare-create-escalated-contact.png ├── prepare-escalation-plan.png ├── prepare-response-plan.png ├── quick-setup-config-drilldown.png ├── quick-setup-config-options.png ├── quick-setup-config-recording.png ├── quick-setup-create.png ├── quick-setup-drilldown.png ├── quick-setup-get-started.png ├── quick-setup-host-mgmt.png ├── resource-data-sync-contents.png ├── resource-data-sync-individual.png ├── review-template-disabled.png ├── run-command-details.png ├── run-command-invocation.png ├── schedule-patching-operations.png ├── ssm-aws-logo.png ├── state-association-configure-details.png ├── state-association-configure-parameters.png ├── state-association-details.png ├── state-execution-detail.png ├── state-explorer.png ├── state-multi-account.png └── tear-down.png ├── misc ├── .DS_Store ├── association_configuration.json ├── loop-and-stress.ps1 ├── put_metric_alarm.json └── userdata.ps1 └── operational_excellence ├── cfntemplates ├── Operational-Best-Practices-for-Amazon-S3-with-Remediation.yml ├── oe-workshop-episode-01.yml └── workshop-config-prerequisites.yml ├── episode-01-step-00-overview.md ├── episode-01-step-01-manage-ec2.md ├── episode-01-step-02-enable-alarm-actions.md ├── episode-01-step-03-tear-down.md ├── episode-02-step-00-overview.md ├── episode-02-step-01-enable-config.md ├── episode-02-step-02-config-rule.md ├── episode-02-step-03-config-conformancepack.md ├── episode-02-step-04-config-advancedquery.md ├── episode-02-step-05-tear-down.md └── media ├── alarm-conditions.png ├── alarm-in-alarm-state.png ├── alarm-memory-used.png ├── alarm-name.png ├── alarm-opsitem.png ├── alarm-review.png ├── cloudformation-create-stack-ep01.png ├── cloudformation-create-stack-ep02.png ├── cloudformation-stack-ep02.png ├── cloudwatch-disk-used.png ├── cloudwatch-mem-used.png ├── config-aq1-ep02.png ├── config-aq2-ep02.png ├── config-aws-logo.png ├── config-conformancepack.png ├── config-conformancepack1-ep02.png ├── config-conformancepack2-ep02.png ├── config-conformancepack3-ep02.png ├── config-gettingstarted-ep02.png ├── config-reevaluatessmrule-ep02.png ├── config-rule.png ├── config-settings-ep02.png ├── config-ssmremediation1-ep02.png ├── config-ssmremediation2-ep02.png ├── cwa-parameter.png ├── enable-config.png ├── ep01-st01.drawio ├── ep01-st01.png ├── episode-01-step-01-manage-ec2.png ├── episode-01-step-02-enable-alarm-actions.png ├── github-raw.png ├── initiate-runbook.png ├── oe-create-session.png ├── parameter-store-details.png ├── run-automation.png ├── session-cwa-wizard.png ├── ssm-aws-logo.png ├── state-association-configure-details.png ├── state-association-configure-parameters.png ├── state-association-details.png ├── tear-down.png └── view-runbook.png /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | ## Code of Conduct 2 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 3 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 4 | opensource-codeofconduct@amazon.com with any additional questions or comments. 5 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing Guidelines 2 | 3 | Thank you for your interest in contributing to our project. Whether it's a bug report, new feature, correction, or additional 4 | documentation, we greatly value feedback and contributions from our community. 5 | 6 | Please read through this document before submitting any issues or pull requests to ensure we have all the necessary 7 | information to effectively respond to your bug report or contribution. 8 | 9 | 10 | ## Reporting Bugs/Feature Requests 11 | 12 | We welcome you to use the GitHub issue tracker to report bugs or suggest features. 13 | 14 | When filing an issue, please check existing open, or recently closed, issues to make sure somebody else hasn't already 15 | reported the issue. Please try to include as much information as you can. Details like these are incredibly useful: 16 | 17 | * A reproducible test case or series of steps 18 | * The version of our code being used 19 | * Any modifications you've made relevant to the bug 20 | * Anything unusual about your environment or deployment 21 | 22 | 23 | ## Contributing via Pull Requests 24 | Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that: 25 | 26 | 1. You are working against the latest source on the *main* branch. 27 | 2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already. 28 | 3. You open an issue to discuss any significant work - we would hate for your time to be wasted. 29 | 30 | To send us a pull request, please: 31 | 32 | 1. Fork the repository. 33 | 2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change. 34 | 3. Ensure local tests pass. 35 | 4. Commit to your fork using clear commit messages. 36 | 5. Send us a pull request, answering any default questions in the pull request interface. 37 | 6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation. 38 | 39 | GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and 40 | [creating a pull request](https://help.github.com/articles/creating-a-pull-request/). 41 | 42 | 43 | ## Finding contributions to work on 44 | Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any 'help wanted' issues is a great place to start. 45 | 46 | 47 | ## Code of Conduct 48 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 49 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 50 | opensource-codeofconduct@amazon.com with any additional questions or comments. 51 | 52 | 53 | ## Security issue notifications 54 | If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue. 55 | 56 | 57 | ## Licensing 58 | 59 | See the [LICENSE](LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution. 60 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy of 4 | this software and associated documentation files (the "Software"), to deal in 5 | the Software without restriction, including without limitation the rights to 6 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of 7 | the Software, and to permit persons to whom the Software is furnished to do so. 8 | 9 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 10 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS 11 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR 12 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER 13 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 14 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## Cloud and Hybrid Operations Best Practices in a Modern Enterprise 2 | 3 | This is a set of workshops designed for architects and engineers through which you learn how to use AWS Management and Governance services to maintain operational excellence in a modern enterprise. We'll discuss the many options available, such as automation through services such as AWS Systems Manager, configuration compliance via AWS Config, maintaining observability and auditability with Amazon CloudWatch and AWS CloudTrail, and more. 4 | 5 | ### Labs 6 | 7 | #### [Episode 1: Introduction and Building a Foundation for Enterprise Cloud Operations](/episode-01-step-00-overview.md) 8 | 9 | In episode one, you will learn how to use AWS services and best practices to set up an operational foundation to automate inventory and operational best practices for your cloud or hybrid-cloud applications and resources. 10 | 11 | #### [Episode 2: Enabling Compliance and Monitoring in an Enterprise Cloud Environment](/episode-02-step-00-overview.md) 12 | 13 | In episode two, you will learn how to enable compliance automation and reporting. 14 | 15 | #### [Episode 3: Create Actionable Visibility for Enterprise Cloud Applications and Resources](/episode-03-step-00-overview.md) 16 | 17 | In episode three, you will learn how to use AWS services and processes to enable visibility of applications and resources in cloud and hybrid cloud environments -- and take action. 18 | 19 | #### [Episode 4: Automating Changes and Preventative Maintenance in an Enterprise Cloud Environment](/episode-04-step-00-overview.md) 20 | 21 | In episode four, you will learn how to use the services and processes to manage application and resource changes and patching across your cloud or hybrid cloud environment. 22 | 23 | #### [Episode 5: Problem and Incident Management with Scale and Automation in an Enterprise Cloud Environment](/episode-05-step-00-overview.md) 24 | 25 | In episode five, you will learn about the services and processes enterprises can use to automate issue and incident detection, notifications, resolution, and reporting to prevent future occurrences. 26 | 27 | Click the links above to begin the labs for an episode. 28 | 29 | ### Participation 30 | 31 | We encourage participation; if you find anything, please submit an issue. However, if you want to help raise the bar, **submit a PR**! 32 | 33 | ## Security 34 | 35 | See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information. 36 | 37 | ## License 38 | 39 | This library is licensed under the MIT-0 License. See the LICENSE file. -------------------------------------------------------------------------------- /cfntemplates/Operational-Best-Practices-for-Amazon-S3-with-Remediation.yaml: -------------------------------------------------------------------------------- 1 | ################################################################################ 2 | # 3 | # Conformance Pack: 4 | # Operational Best Practices for Amazon S3, with Remediation 5 | # 6 | # See Parameters section for names and descriptions of required parameters. 7 | # 8 | ################################################################################ 9 | 10 | Parameters: 11 | S3TargetBucketNameForEnableLogging: 12 | Description: The target s3 bucket where the logging should be enabled. 13 | Type: String 14 | Resources: 15 | S3BucketPublicReadProhibited: 16 | Type: AWS::Config::ConfigRule 17 | Properties: 18 | ConfigRuleName: S3BucketPublicReadProhibited 19 | Description: >- 20 | Checks that your Amazon S3 buckets do not allow public read access. 21 | The rule checks the Block Public Access settings, the bucket policy, and the 22 | bucket access control list (ACL). 23 | Scope: 24 | ComplianceResourceTypes: 25 | - "AWS::S3::Bucket" 26 | Source: 27 | Owner: AWS 28 | SourceIdentifier: S3_BUCKET_PUBLIC_READ_PROHIBITED 29 | MaximumExecutionFrequency: Six_Hours 30 | S3BucketPublicReadProhibitedRemediation: 31 | DependsOn: S3BucketPublicReadProhibited 32 | Type: 'AWS::Config::RemediationConfiguration' 33 | Properties: 34 | ConfigRuleName: S3BucketPublicReadProhibited 35 | ResourceType: "AWS::S3::Bucket" 36 | TargetId: "AWS-DisableS3BucketPublicReadWrite" 37 | TargetType: "SSM_DOCUMENT" 38 | TargetVersion: "1" 39 | Parameters: 40 | AutomationAssumeRole: 41 | StaticValue: 42 | Values: 43 | - arn:aws:iam:::role/S3OperationsAutomationsExecutionRole 44 | S3BucketName: 45 | ResourceValue: 46 | Value: "RESOURCE_ID" 47 | ExecutionControls: 48 | SsmControls: 49 | ConcurrentExecutionRatePercentage: 10 50 | ErrorPercentage: 10 51 | Automatic: True 52 | MaximumAutomaticAttempts: 10 53 | RetryAttemptSeconds: 600 54 | 55 | S3BucketPublicWriteProhibited: 56 | Type: "AWS::Config::ConfigRule" 57 | Properties: 58 | ConfigRuleName: S3BucketPublicWriteProhibited 59 | Description: "Checks that your Amazon S3 buckets do not allow public write access. The rule checks the Block Public Access settings, the bucket policy, and the bucket access control list (ACL)." 60 | Scope: 61 | ComplianceResourceTypes: 62 | - "AWS::S3::Bucket" 63 | Source: 64 | Owner: AWS 65 | SourceIdentifier: S3_BUCKET_PUBLIC_WRITE_PROHIBITED 66 | MaximumExecutionFrequency: Six_Hours 67 | S3BucketPublicWriteProhibitedRemediation: 68 | DependsOn: S3BucketPublicWriteProhibited 69 | Type: 'AWS::Config::RemediationConfiguration' 70 | Properties: 71 | ConfigRuleName: S3BucketPublicWriteProhibited 72 | ResourceType: "AWS::S3::Bucket" 73 | TargetId: "AWS-DisableS3BucketPublicReadWrite" 74 | TargetType: "SSM_DOCUMENT" 75 | TargetVersion: "1" 76 | Parameters: 77 | AutomationAssumeRole: 78 | StaticValue: 79 | Values: 80 | - arn:aws:iam:::role/S3OperationsAutomationsExecutionRole 81 | S3BucketName: 82 | ResourceValue: 83 | Value: "RESOURCE_ID" 84 | ExecutionControls: 85 | SsmControls: 86 | ConcurrentExecutionRatePercentage: 10 87 | ErrorPercentage: 10 88 | Automatic: True 89 | MaximumAutomaticAttempts: 10 90 | RetryAttemptSeconds: 600 91 | 92 | S3BucketReplicationEnabled: 93 | Type: "AWS::Config::ConfigRule" 94 | Properties: 95 | ConfigRuleName: S3BucketReplicationEnabled 96 | Description: "Checks whether the Amazon S3 buckets have cross-region replication enabled." 97 | Scope: 98 | ComplianceResourceTypes: 99 | - "AWS::S3::Bucket" 100 | Source: 101 | Owner: AWS 102 | SourceIdentifier: S3_BUCKET_REPLICATION_ENABLED 103 | S3BucketSSLRequestsOnly: 104 | Type: "AWS::Config::ConfigRule" 105 | Properties: 106 | ConfigRuleName: S3BucketSSLRequestsOnly 107 | Description: "Checks whether S3 buckets have policies that require requests to use Secure Socket Layer (SSL)." 108 | Scope: 109 | ComplianceResourceTypes: 110 | - "AWS::S3::Bucket" 111 | Source: 112 | Owner: AWS 113 | SourceIdentifier: S3_BUCKET_SSL_REQUESTS_ONLY 114 | 115 | S3BucketServerSideEncryptionEnabled: 116 | Type: "AWS::Config::ConfigRule" 117 | Properties: 118 | ConfigRuleName: S3BucketServerSideEncryptionEnabled 119 | Description: "Checks that your Amazon S3 bucket either has S3 default encryption enabled or that the S3 bucket policy explicitly denies put-object requests without server side encryption." 120 | Scope: 121 | ComplianceResourceTypes: 122 | - "AWS::S3::Bucket" 123 | Source: 124 | Owner: AWS 125 | SourceIdentifier: S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED 126 | S3BucketServerSideEncryptionEnabledRemediation: 127 | DependsOn: S3BucketServerSideEncryptionEnabled 128 | Type: 'AWS::Config::RemediationConfiguration' 129 | Properties: 130 | ConfigRuleName: S3BucketServerSideEncryptionEnabled 131 | ResourceType: "AWS::S3::Bucket" 132 | TargetId: "AWS-EnableS3BucketEncryption" 133 | TargetType: "SSM_DOCUMENT" 134 | TargetVersion: "1" 135 | Parameters: 136 | AutomationAssumeRole: 137 | StaticValue: 138 | Values: 139 | - arn:aws:iam:::role/S3OperationsAutomationsExecutionRole 140 | BucketName: 141 | ResourceValue: 142 | Value: "RESOURCE_ID" 143 | SSEAlgorithm: 144 | StaticValue: 145 | Values: 146 | - "AES256" 147 | ExecutionControls: 148 | SsmControls: 149 | ConcurrentExecutionRatePercentage: 10 150 | ErrorPercentage: 10 151 | Automatic: True 152 | MaximumAutomaticAttempts: 10 153 | RetryAttemptSeconds: 600 154 | 155 | S3BucketLoggingEnabled: 156 | Type: "AWS::Config::ConfigRule" 157 | Properties: 158 | ConfigRuleName: S3BucketLoggingEnabled 159 | Description: "Checks whether logging is enabled for your S3 buckets." 160 | Scope: 161 | ComplianceResourceTypes: 162 | - "AWS::S3::Bucket" 163 | Source: 164 | Owner: AWS 165 | SourceIdentifier: S3_BUCKET_LOGGING_ENABLED 166 | S3BucketLoggingEnabledRemediation: 167 | DependsOn: S3BucketLoggingEnabled 168 | Type: 'AWS::Config::RemediationConfiguration' 169 | Properties: 170 | ConfigRuleName: S3BucketLoggingEnabled 171 | ResourceType: "AWS::S3::Bucket" 172 | TargetId: "AWS-ConfigureS3BucketLogging" 173 | TargetType: "SSM_DOCUMENT" 174 | TargetVersion: "1" 175 | Parameters: 176 | AutomationAssumeRole: 177 | StaticValue: 178 | Values: 179 | - arn:aws:iam:::role/S3OperationsAutomationsExecutionRole 180 | BucketName: 181 | ResourceValue: 182 | Value: "RESOURCE_ID" 183 | TargetBucket: 184 | StaticValue: 185 | Values: 186 | - Ref: S3TargetBucketNameForEnableLogging 187 | GrantedPermission: 188 | StaticValue: 189 | Values: 190 | - "FULL_CONTROL" 191 | GranteeType: 192 | StaticValue: 193 | Values: 194 | - "Group" 195 | GranteeUri: 196 | StaticValue: 197 | Values: 198 | - "http://acs.amazonaws.com/groups/s3/LogDelivery" 199 | ExecutionControls: 200 | SsmControls: 201 | ConcurrentExecutionRatePercentage: 10 202 | ErrorPercentage: 10 203 | Automatic: True 204 | MaximumAutomaticAttempts: 10 205 | RetryAttemptSeconds: 600 206 | -------------------------------------------------------------------------------- /cfntemplates/ssm-workshop-resources-episode-01.yml: -------------------------------------------------------------------------------- 1 | #* 2 | #* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | #* SPDX-License-Identifier: MIT-0 4 | #* 5 | #* Permission is hereby granted, free of charge, to any person obtaining a copy of this 6 | #* software and associated documentation files (the "Software"), to deal in the Software 7 | #* without restriction, including without limitation the rights to use, copy, modify, 8 | #* merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 9 | #* permit persons to whom the Software is furnished to do so. 10 | #* 11 | #* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 12 | #* INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 13 | #* PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 14 | #* HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 15 | #* OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 16 | #* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 17 | #* 18 | 19 | #------------------------------------------------------------------------------ 20 | # 21 | # Template: ssm-workshop-resources-episode-01.yml 22 | # Purpose: CloudFormation template to deploy test instances for episode 01 of the workshop. 23 | # 24 | #------------------------------------------------------------------------------ 25 | 26 | AWSTemplateFormatVersion: '2010-09-09' 27 | Description: AWS CloudFormation template to launch test instances. 28 | 29 | #----------------------------------------------------------- 30 | # Parameters 31 | #----------------------------------------------------------- 32 | Parameters : 33 | LatestAmazonLinuxAmiId : 34 | # Use public Systems Manager Parameter 35 | Type : 'AWS::SSM::Parameter::Value' 36 | Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2' 37 | 38 | Resources: 39 | 40 | #------------------------------------------------- 41 | # VPC and required resources to enable network connectivity to AWS Systems Manager 42 | #------------------------------------------------- 43 | VPC: 44 | Type: 'AWS::EC2::VPC' 45 | Properties: 46 | CidrBlock: 10.0.0.0/16 47 | EnableDnsSupport: true 48 | EnableDnsHostnames: true 49 | InstanceTenancy: default 50 | Tags: 51 | - Key: Name 52 | Value: SSM-Workshop-CF 53 | InternetGateway: 54 | Type: 'AWS::EC2::InternetGateway' 55 | Properties: 56 | Tags: 57 | - Key: Name 58 | Value: SSM-Workshop-CF 59 | VPCGatewayAttachment: 60 | Type: 'AWS::EC2::VPCGatewayAttachment' 61 | Properties: 62 | VpcId: !Ref VPC 63 | InternetGatewayId: !Ref InternetGateway 64 | SubnetPublic: 65 | Type: 'AWS::EC2::Subnet' 66 | Properties: 67 | AvailabilityZone: !Select [0, !GetAZs ''] 68 | CidrBlock: 10.0.0.0/20 69 | MapPublicIpOnLaunch: true 70 | VpcId: !Ref VPC 71 | Tags: 72 | - Key: Name 73 | Value: SSM-Workshop-CF 74 | RouteTablePublic: 75 | Type: 'AWS::EC2::RouteTable' 76 | Properties: 77 | VpcId: !Ref VPC 78 | Tags: 79 | - Key: Name 80 | Value: SSM-Workshop-CF 81 | RouteTableAssociationPublic: 82 | Type: 'AWS::EC2::SubnetRouteTableAssociation' 83 | Properties: 84 | SubnetId: !Ref SubnetPublic 85 | RouteTableId: !Ref RouteTablePublic 86 | RouteTablePublicInternetRoute: 87 | Type: 'AWS::EC2::Route' 88 | DependsOn: VPCGatewayAttachment 89 | Properties: 90 | RouteTableId: !Ref RouteTablePublic 91 | DestinationCidrBlock: '0.0.0.0/0' 92 | GatewayId: !Ref InternetGateway 93 | NetworkAclPublic: 94 | Type: 'AWS::EC2::NetworkAcl' 95 | Properties: 96 | VpcId: !Ref VPC 97 | Tags: 98 | - Key: Name 99 | Value: SSM-Workshop-CF 100 | SubnetNetworkAclAssociationPublic: 101 | Type: 'AWS::EC2::SubnetNetworkAclAssociation' 102 | Properties: 103 | SubnetId: !Ref SubnetPublic 104 | NetworkAclId: !Ref NetworkAclPublic 105 | NetworkAclEntryInPublicAllowAll: 106 | Type: 'AWS::EC2::NetworkAclEntry' 107 | Properties: 108 | NetworkAclId: !Ref NetworkAclPublic 109 | RuleNumber: 100 110 | Protocol: -1 111 | RuleAction: allow 112 | Egress: false 113 | CidrBlock: '0.0.0.0/0' 114 | NetworkAclEntryOutPublicAllowAll: 115 | Type: 'AWS::EC2::NetworkAclEntry' 116 | Properties: 117 | NetworkAclId: !Ref NetworkAclPublic 118 | RuleNumber: 100 119 | Protocol: -1 120 | RuleAction: allow 121 | Egress: true 122 | CidrBlock: '0.0.0.0/0' 123 | InstanceSecurityGroup: 124 | Type: AWS::EC2::SecurityGroup 125 | Properties: 126 | GroupDescription: "Security Group for SSM Workshop test instances" 127 | GroupName: SSM-Workshop-CF 128 | SecurityGroupEgress: 129 | - IpProtocol: -1 130 | FromPort: 0 131 | ToPort: 65535 132 | CidrIp: 0.0.0.0/0 133 | Tags: 134 | - Key: Name 135 | Value: SSM-Workshop-CF 136 | VpcId: !Ref VPC 137 | 138 | #------------------------------------------------- 139 | # Two Amazon Linux 2 EC2 instances using the latest AMI for Amazon Linux 2 140 | #------------------------------------------------- 141 | LinuxEc2InstanceOne: 142 | Type: AWS::EC2::Instance 143 | Properties: 144 | InstanceType: t2.small 145 | ImageId: !Ref LatestAmazonLinuxAmiId 146 | NetworkInterfaces: 147 | - AssociatePublicIpAddress: "true" 148 | DeviceIndex: "0" 149 | GroupSet: 150 | - Ref: "InstanceSecurityGroup" 151 | SubnetId: 152 | Ref: "SubnetPublic" 153 | Tags: 154 | - Key: Name 155 | Value: App1 156 | LinuxEc2InstanceTwo: 157 | Type: AWS::EC2::Instance 158 | Properties: 159 | InstanceType: t2.small 160 | ImageId: !Ref LatestAmazonLinuxAmiId 161 | NetworkInterfaces: 162 | - AssociatePublicIpAddress: "true" 163 | DeviceIndex: "0" 164 | GroupSet: 165 | - Ref: "InstanceSecurityGroup" 166 | SubnetId: 167 | Ref: "SubnetPublic" 168 | Tags: 169 | - Key: Name 170 | Value: App2 -------------------------------------------------------------------------------- /cfntemplates/workshop-config-prerequisites.yaml: -------------------------------------------------------------------------------- 1 | Resources: 2 | ConformancePackServiceLinkedRole: 3 | Type: AWS::IAM::ServiceLinkedRole 4 | Properties: 5 | AWSServiceName: config-conforms.amazonaws.com 6 | Description: Service Linked Role for AWS Config Conforms 7 | 8 | S3OperationsAutomationsExecutionRole: 9 | Type: "AWS::IAM::Role" 10 | Properties: 11 | RoleName: S3OperationsAutomationsExecutionRole 12 | AssumeRolePolicyDocument: 13 | Version: "2012-10-17" 14 | Statement: 15 | - 16 | Effect: "Allow" 17 | Principal: 18 | Service: 19 | - "ssm.amazonaws.com" 20 | Action: 21 | - "sts:AssumeRole" 22 | Path: "/" 23 | 24 | S3OperationsAutomationExecutionRolePolicies: 25 | Type: "AWS::IAM::Policy" 26 | Properties: 27 | PolicyName: "S3OperationsAutomationsExecutionRolePolicy" 28 | PolicyDocument: 29 | Version: "2012-10-17" 30 | Statement: 31 | - 32 | Effect: "Allow" 33 | Action: "s3:*" 34 | Resource: "*" 35 | Roles: 36 | - 37 | Ref: "S3OperationsAutomationsExecutionRole" 38 | SSMConfigEC2LabRole: 39 | Type: AWS::IAM::Role 40 | Properties: 41 | RoleName: WorkshopEC2SSMRole 42 | AssumeRolePolicyDocument: 43 | Version: '2012-10-17' 44 | Statement: 45 | - Effect: Allow 46 | Principal: 47 | Service: ec2.amazonaws.com 48 | Action: sts:AssumeRole 49 | ManagedPolicyArns: 50 | - arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM 51 | SSMConfigEC2LabProfile: 52 | Type: AWS::IAM::InstanceProfile 53 | Properties: 54 | Roles: 55 | - !Ref 'SSMConfigEC2LabRole' 56 | Path: / 57 | S3LoggingBucket: 58 | Type: "AWS::S3::Bucket" 59 | Properties: 60 | BucketName: !Sub 's3serversideloggingbucket-${AWS::AccountId}' 61 | AccessControl : "LogDeliveryWrite" 62 | 63 | ConformancePackDeliveryBucket: 64 | Type: "AWS::S3::Bucket" 65 | Properties: 66 | BucketName: !Sub 'awsconfigconforms-delivery-bucket-${AWS::AccountId}' 67 | 68 | ConformancePackDeliveryBucketPolicy: 69 | DependsOn: ConformancePackServiceLinkedRole 70 | Type: AWS::S3::BucketPolicy 71 | Properties: 72 | Bucket: 73 | Ref: "ConformancePackDeliveryBucket" 74 | PolicyDocument: 75 | Version: '2012-10-17' 76 | Statement: 77 | - 78 | Sid: AWSConfigConformsBucketPermissionsCheck 79 | Effect: Allow 80 | Principal: 81 | AWS: 82 | - !Sub 'arn:aws:iam::${AWS::AccountId}:role/aws-service-role/config-conforms.amazonaws.com/AWSServiceRoleForConfigConforms' 83 | Action: 's3:GetBucketAcl' 84 | Resource: !Sub 'arn:aws:s3:::awsconfigconforms-delivery-bucket-${AWS::AccountId}' 85 | - 86 | Sid: AWSConfigConformsBucketDelivery 87 | Effect: Allow 88 | Principal: 89 | AWS: 90 | - !Sub 'arn:aws:iam::${AWS::AccountId}:role/aws-service-role/config-conforms.amazonaws.com/AWSServiceRoleForConfigConforms' 91 | Action: 's3:PutObject' 92 | Resource: !Sub 'arn:aws:s3:::awsconfigconforms-delivery-bucket-${AWS::AccountId}/*' 93 | Condition: 94 | StringEquals: 95 | 's3:x-amz-acl': bucket-owner-full-control 96 | - 97 | Sid: ' AWSConfigConformsBucketReadAccess' 98 | Effect: Allow 99 | Principal: 100 | AWS: 101 | - !Sub 'arn:aws:iam::${AWS::AccountId}:role/aws-service-role/config-conforms.amazonaws.com/AWSServiceRoleForConfigConforms' 102 | Action: 's3:GetObject' 103 | Resource: !Sub 'arn:aws:s3:::awsconfigconforms-delivery-bucket-${AWS::AccountId}/*' 104 | -------------------------------------------------------------------------------- /episode-01-step-00-overview.md: -------------------------------------------------------------------------------- 1 | # Episode 1: Introduction and Building a Foundation for Enterprise Cloud Operations 2 | 3 | ![](media/ssm-aws-logo.png) 4 | 5 | NOTE: You will incur charges as you go through either of these workshops, as they will exceed the [limits of AWS free tier](http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/free-tier-limits.html). 6 | 7 | ## Table of Contents 8 | 9 | - [Summary](#summary) 10 | - [Learning Objectives](#learning-objectives) 11 | - [Gettting Started](#getting-started) 12 | 13 | ## Summary 14 | 15 | Businesses are taking advantage of the cloud to innovate more quickly, scale, and get to market faster leveraging cloud scale and elasticity. Dev-Ops and operations teams need the ability to automate and scale to maintain reliability, flexibility, security, and compliance of their environments regardless of what methdology they use. In this episode, we will introduce the series structure, and you will learn how to use AWS services and best practices to set up an operational foundation to automate inventory and operational best practices for your cloud or hybrid-cloud applications and resources. 16 | 17 | In episode one, you will enable the service [AWS Config](https://aws.amazon.com/config/) which enables you to assess, audit, and evaluate the configurations of your AWS resources. Additionally, you will enable and use various capabilities of [AWS Systems Manager](https://aws.amazon.com/systems-manager/) to gain visibility and control of your infrastructure including: 18 | 19 | - [Quick Setup](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-quick-setup.html) 20 | - [Inventory](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-inventory.html) 21 | - [Run Command](https://docs.aws.amazon.com/systems-manager/latest/userguide/execute-remote-commands.html) 22 | - [Change Calendar](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-change-calendar.html) 23 | - [Automation](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-automation.html) 24 | - [State Manager](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-state.html) 25 | - [Parameter Store](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html) 26 | 27 | ## Learning Objectives 28 | 29 | During this workshop episode, we will work towards the following learning objectives: 30 | 31 | - Learn how to enable AWS Config to continuously monitor and record your AWS resource configurations. 32 | - Learn how to enable gathering inventory data for EC2 instances and on-premise servers and VMs. 33 | - Learn how to create playbooks and define freeze periods for automated workflows. 34 | - Learn how to establish configuration management for Systems Manager managed instances. 35 | 36 | ## Getting Started 37 | 38 | Click the link below to go to the next section. 39 | 40 | [![](media/enable-inventory.png)](/episode-01-step-01-enable-inventory.md) -------------------------------------------------------------------------------- /episode-01-step-02-codify-runbooks.md: -------------------------------------------------------------------------------- 1 | # Codifying Runbooks for common tasks 2 | 3 | ![](media/ssm-aws-logo.png) 4 | 5 | NOTE: You will incur charges as you go through either of these workshops, as they will exceed the [limits of AWS free tier](http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/free-tier-limits.html). 6 | 7 | ## Table of Contents 8 | 9 | - [Summary](#summary) 10 | - [Instructions](#instructions) 11 | - [Create a Command document](#create-a-command-document) 12 | - [Run the document against a managed instance](#run-the-document-against-a-managed-instance) 13 | - [Next Section](#next-section) 14 | 15 | ## Summary 16 | 17 | An **AWS Systems Manager document (SSM document)** defines the actions that Systems Manager performs on your managed instances. Systems Manager includes more than 290 pre-configured documents that you can use by specifying parameters at runtime. Documents use JavaScript Object Notation (JSON) or YAML format, and they include steps and parameters that you specify. 18 | 19 | There are multiple document types for different Systems Manager capabilities. The different document types can be reviewed here: 20 | 21 | [Systems Manager Documents](https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-ssm-docs.html) 22 | 23 | You can use pre-defined AWS managed documents or create your own depending on your use case. 24 | 25 | In this section we will create a custom ```Command``` document and run the document on a managed instance using **Systems Manager Run Command**. 26 | 27 | **Run Command** lets you remotely and securely manage the configuration of your managed instances. A managed instance is any EC2 instance or on-premises machine in your hybrid environment that has been configured for Systems Manager. Run Command enables you to automate common administrative tasks and perform ad hoc configuration changes at scale. You can use Run Command from the AWS Management Console, the AWS Command Line Interface, AWS Tools for Windows PowerShell, or the AWS SDKs. Run Command is offered at no additional cost. 28 | 29 | ## Instructions 30 | 31 | ### Create a Command document 32 | 33 | 1. Open the AWS Systems Manager console at https://us-east-1.console.aws.amazon.com/systems-manager. 34 | 1. In the navigation pane, choose [**Documents**](https://console.aws.amazon.com/systems-manager/documents). 35 | 1. Inside here you will be able to see all documents available to your account for the given AWS Region. There are four different tabs: 36 | - **Owned by Amazon:** Managed Documents published and maintained by AWS. 37 | - **Owned by me:** Custom Documents your organization has created. 38 | - **Shared with me:** Documents that you have been granted access to for the given AWS Region. 39 | - **All documents:** Display all documents available to your account for the given AWS Region. 40 | 1. Choose **Create document** and then choose **Command or Session** 41 | - For **Name**, enter ```org-install-app```. 42 | - For **Target type - *optional***, leave the value blank for now. 43 | - Target Type allows you to restrict the types of resources the document can run against. 44 | - For **Document type - *optional***, leave **Command document** as we will use Run command to install the package. 45 | - For **Content**, copy and paste the below snippet: 46 | 47 | ``` 48 | { 49 | "schemaVersion": "2.2", 50 | "description": "Command Document Example JSON Template", 51 | "parameters": { 52 | "Message": { 53 | "type": "String", 54 | "description": "The message to display", 55 | "default": "Prepping Web Instance" 56 | } 57 | }, 58 | "mainSteps": [ 59 | { 60 | "action": "aws:runShellScript", 61 | "name": "prepare_web_instance", 62 | "inputs": { 63 | "runCommand": [ 64 | "echo {{Message}}", 65 | "sudo yum install httpd -y", 66 | "mkdir /app", 67 | "touch /app/hello.txt", 68 | "sudo systemctl start httpd" 69 | ] 70 | } 71 | } 72 | ] 73 | } 74 | ``` 75 | 76 | ![](/media/create-command-document.png) 77 | 78 | 1. Choose **Create Document** to save the document. 79 | 1. Choose the **Owned by me** tab and select the new document you created, ```org-install-app```. 80 | - Choose the **Content** tab and review the contents of the document. We will run this document on our managed instances using **Run Command**. 81 | 82 | ### Run the document against a managed instance 83 | 84 | 1. Open the AWS Systems Manager console at https://console.aws.amazon.com/systems-manager/. 85 | 1. In the navigation pane, choose [**Run Command**](https://console.aws.amazon.com/systems-manager/run-command). 86 | 1. Choose **Run command**. 87 | 1. Select inside the search box under **Command Document** to apply a filter. 88 | - Select ```Owner : Owned by me```. 89 | - Select the document ```org-install-app```. 90 | 1. For **Document version**, select **Latest version at runtime**. 91 | 1. In the **Commands parameters** section, leave the default value for our parameter **Message** as ```Prepping Web Instance```. 92 | 1. In the **Targets** section, choose **Choose instances manually** and select the two EC2 instances created by the CloudFormation stack in the previous section ```App1``` and ```App2```. 93 | 1. Leave **Other parameters** and **Rate Control** options as default. 94 | 1. Uncheck **Enable writing to an S3 bucket**. 95 | 1. Choose **Run**. 96 | 1. Select the refresh icon until **Status** changes to **Success**. 97 | 1. You will be brought over to the Command Status of the Run Command invocation you initiated. 98 | 99 | ![](/media/run-command-details.png) 100 | 101 | 1. Select the radio button next to one the instance IDs and choose **View Output**. 102 | - This will drill down into the details about the invocation of the **Run Command** operation and to review the output returned by ```stdout```. 103 | - Expand **Output**. 104 | - **Important**: The command output displays a maximum of 48,000 characters. If the command results are truncated, you can view the complete command output in either Amazon S3 or CloudWatch logs, if you specify an S3 bucket or a CloudWatch logs group when you run the command. 105 | 106 | ![](/media/run-command-invocation.png) 107 | 108 | ## Next Section 109 | 110 | Click the link below to go to the next section. 111 | 112 | [![](media/define-freeze.png)](/episode-01-step-03-define-freeze.md) -------------------------------------------------------------------------------- /episode-02-step-00-overview.md: -------------------------------------------------------------------------------- 1 | # Episode 2: Enabling Compliance and Monitoring in an Enterprise Cloud Environment 2 | 3 | ![](media/config-aws-logo.png) 4 | 5 | NOTE: You will incur charges as you go through either of these workshops, as they will exceed the [limits of AWS free tier](http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/free-tier-limits.html). 6 | 7 | ## Table of Contents 8 | 9 | - [Summary](#summary) 10 | - [Learning Objectives](#learning-objectives) 11 | - [Gettting Started](#getting-started) 12 | 13 | ## Summary 14 | 15 | Compliance, whether for security, regulatory, or internal policies, is a fundamental requirement of all applications and environments. Cloud scale and speed can make compliance very complex and labor-intensive without the right tools and practices. In this episode you will learn how AWS enables compliance automation and reporting. 16 | 17 | In episode two, you will enable the service [AWS Config](https://aws.amazon.com/config/) which enables you to assess, audit, and evaluate the configurations of your AWS resources. Additionally, you will enable the service [AWS CloudTrail](https://aws.amazon.com/cloudtrail/) which enables governance, compliance, operational auditing, and risk auditing of your AWS account. 18 | 19 | ## Learning Objectives 20 | 21 | During this workshop episode, we will work towards the following learning objectives: 22 | 23 | - Learn how to enable compliance and monitoring using AWS Config rules. 24 | - Learn how to use AWS Config Conformance Packs. 25 | 26 | 27 | ## Getting Started 28 | 29 | Click the link below to go to the next section. 30 | 31 | [![](media/enable-config-cloudtrail.png)](/episode-02-step-01-enable-config-cloudtrail.md) -------------------------------------------------------------------------------- /episode-02-step-01-enable-config-cloudtrail.md: -------------------------------------------------------------------------------- 1 | # Enabling AWS Config and AWS Cloudtrail 2 | 3 | ![](media/config-aws-logo.png) 4 | 5 | NOTE: You will incur charges as you go through either of these workshops, as they will exceed the [limits of AWS free tier](http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/free-tier-limits.html). 6 | 7 | ## Table of Contents 8 | 9 | - [Summary](#summary) 10 | - [Instructions](#instructions) 11 | - [Deploy AWS Config Prerequisites](#deploy-aws-config-prerequisites) 12 | - [Create a Trail in CloudTrail](#create-a-trail-in-cloudTrail) 13 | - [Enable AWS Config](#enable-aws-config) 14 | - [Next Section](#next-section) 15 | 16 | ## Summary 17 | 18 | In this section you will (1) enable AWS Config to monitor and record your AWS resource configurations (2) enable AWS Cloudtrail to monitor and record your AWS resource configurations, 19 | 20 | Prior to enabling these features, you will create several IAM Roles, Policies and a S3 bucket needed for AWS Config Conformance Packs and Autoremdiation. [AWS CloudFormation](https://aws.amazon.com/cloudformation/). AWS CloudFormation gives you an easy way to model a collection of related AWS and third-party resources, provision them quickly and consistently, and manage them throughout their lifecycles, by treating infrastructure as code. 21 | 22 | ## Instructions 23 | 24 | ### Deploy AWS Config Prerequisites 25 | 26 | **To save the CloudFormation template locally** 27 | 28 | 1. Open the CloudFormation template [workshop-config-prerequisites.yaml](cfntemplates/workshop-config-prerequisites.yaml). 29 | 1. Choose **Raw**. 30 | 31 | ![](/media/github-raw.png) 32 | 33 | 1. Open Notepad and copy the entire text. 34 | 1. Save the file to your local machine as ```workshop-config-prerequisites.yaml```. 35 | 36 | The CloudFormation template will create the resources depicted in the diagram below. 37 | 38 | ![](/media/cloudformation-stack-ep02.png) 39 | 40 | **To deploy Cloudformation template for AWS Config Prerequisites** 41 | 42 | 1. Open the [AWS CloudFormation console](https://console.aws.amazon.com/cloudformation/home). 43 | 1. Choose **Create stack**. 44 | 1. For **Specify template**, choose **Upload a template file**, choose the file you saved locally ```workshop-config-prerequisites.yaml```, and choose **Next**. 45 | 46 | ![](/media/cloudformation-create-stack-ep02.png) 47 | 48 | 1. For **Stack name**, enter ```workshop-config-prerequisites```, and choose **Next**. 49 | 1. On the **Configure stack options** page, leave the defaults and choose **Next**. 50 | 1. On the **Review** page, check the box **I acknowledge that AWS CloudFormation might create IAM resources with custom names.** and choose **Create stack**. 51 | 52 | 53 | CloudFormation will begin provisioning the resources specified within the CloudFormation template and once complete, you will have a two S3 Bucket with a S3 Bucket Policy, and some IAM Roles that we will be using together with AWS Config for Autoremediation. You can also use the refresh button to see the latest events related to the CloudFormation stack. Once the status of the CloudFormation stack changes to ```CREATE_COMPLETE```, you can proceed with the next steps. This process should complete within 5 minutes. 54 | 55 | ### Create a Trail in CloudTrail 56 | 57 | AWS CloudTrail is an AWS service that helps you enable governance, compliance, risk auditing and operational auditing of your AWS Account. Actions taken by a Principal (User, Role or AWS Service) are recorded as events in CloudTrail. To learn more about AWS CloudTrail you can click on this [link](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html). Documentation on creating a Trail via the Console is located [here](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-a-trail-using-the-console-first-time.html#creating-a-trail-in-the-console). We will highlight the steps below. 58 | 59 | 1. Search for the CloudTrail Service under the Management Tools Section in the console and click on **CloudTrail**. 60 | 61 | 1. Once in the CloudTrail Console, click on **Trails** on the Left Side of the screen. 62 | 1. Then Click on **Create Trail**, to create our trail for this lab. 63 | 64 | ![](/media/cloudtrail-create-trail-ep02.jpg) 65 | 66 | 1. Apply the following settings and create the trail 67 | - Trail name: ```workshop-week``` 68 | - Storage Location: Create new S3 Bucket 69 | - Trail log bucket and folder: Leave as it is *aws-cloudtrail-logs-accountid-hash* 70 | - Log file SSE-KMS encryption: Enabled 71 | - For the AWS KMS alias: ```cloudtrail-workshop-kms``` 72 | - Log file validation: Enabled 73 | - SNS notification delivery: Leave as it is (Disabled) 74 | - CloudWatch Logs: Enabled 75 | - Log group: New 76 | - Log group name: Enter ```CloudTrail/DefaultLogGroup``` 77 | - IAM Role: New 78 | - Role name: Enter ```CloudTrailRoleForCloudWatchLogs``` 79 | - Click Next 80 | - Event type: Configure only Management events 81 | - Management Events: Read, Write, Exclude AWS KMS Events (all checked) 82 | - Click Next and Create trail 83 | 84 | ### Enable AWS Config 85 | 86 | AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. With Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines. This enables you to simplify compliance auditing, security analysis, change management, and operational troubleshooting. 87 | 88 | **To enable AWS Config using General Setup** 89 | 90 | 1. Search for the Config Service under the Management Tools Section in the console, and then click on Config. 91 | 1. Click on Get started, and we will follow the setup wizard. 92 | 93 | ![](/media/config-gettingstarted-ep02.png) 94 | 95 | 1. On the Settings page make the following selections 96 | 97 | ![](/media/config-settings-ep02.png) 98 | 99 | - Record all resources in this region 100 | - Include global resources 101 | - Create AWS Config service-linked role 102 | - Create a bucket (and accept the default bucket name) 103 | 1. Click Next on the next screen, bypassing rule selection. We will setup Config rules in the next steps. 104 | 1. On the last screen click on Confirm. 105 | 106 | ## Next Section 107 | 108 | Click the link below to go to the next section. 109 | 110 | [![](media/config-rule.png)](/episode-02-step-02-config-rule.md) 111 | -------------------------------------------------------------------------------- /episode-02-step-02-config-rule.md: -------------------------------------------------------------------------------- 1 | # AWS Config Rule with Remdiation 2 | 3 | ![](media/config-aws-logo.png) 4 | 5 | NOTE: You will incur charges as you go through either of these workshops, as they will exceed the [limits of AWS free tier](http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/free-tier-limits.html). 6 | 7 | ## Table of Contents 8 | 9 | - [Summary](#summary) 10 | - [Instructions](#instructions) 11 | - [Creating a Config rule to alert on Systems Manager agent non-compliance ](#creating-a-config-rule-to-alert-on-systems-manager-agent-non-compliance ) 12 | - [Deploy an EC2 instance](#deploy-an-ec2-instance) 13 | - [Add Remediation to your AWS Config Rule](#add-remediation-to-your-aws-config-rule) 14 | - [Next Section](#next-section) 15 | 16 | ## Summary 17 | 18 | AWS Config provides AWS managed rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resources comply with common best practices. For example, you could use a managed rule to quickly start assessing whether your Amazon Elastic Block Store (Amazon EBS) volumes are encrypted or whether specific tags are applied to your resources. You can set up and activate these rules without writing the code to create an AWS Lambda function, which is required if you want to create custom rules. 19 | 20 | In this section you will (1) create an AWS Config Rule to evaluate if instances are managed by SSM, and (2) use AWS Systems Manager Automation Documents to remediate non-compliant instances. 21 | 22 | ## Instructions 23 | 24 | ### Creating a Config rule to alert on Systems Manager agent non-compliance 25 | 26 | You can create config Rules to monitor a number of items within your infrastructure. Beside utilizing AWS managed Config rules you can also create custom rules using AWS Lambda functions. Located here in [Github](https://github.com/awslabs/aws-config-rules) are same sample config rules you can create and implement in Lambda. 27 | 28 | In this step we will create a Config rule that will evaluate if EC2 instances have a working Systems Manager agent. 29 | 30 | 1. Go to the AWS Config console, and then click on Rules on the left side of the console. 31 | 1. Click on Add Rule 32 | 1. In the Add Rule screen in the Filter section type ```ec2-instance-managed-by-systems-manager```, click on the ec2-instance-managed-by-systems-manager rule. 33 | 1. Under the Trigger Section take notice of the trigger type. Leave the remaining settings as-is. 34 | 1. Click Next and then Add rule 35 | 36 | ### Deploy an EC2 instance 37 | 38 | Next, let’s deploy a EC2 instance to test our Config rule. Note that we are not assigning an IAM role to the instance - that comes later! 39 | 40 | 1. Open the Amazon EC2 console by choosing EC2 under Compute. 41 | 1. From the Amazon EC2 dashboard, choose Launch Instance. 42 | 1. The Choose an Amazon Machine Image (AMI) page displays a list of basic configurations called Amazon Machine Images (AMIs) that serve as templates for your instance. Select the HVM edition of the Amazon Linux 2 AMI. 43 | 1. On the Choose an Instance Type page, choose t3.small as the hardware configuration of your instance and Review and Launch. 44 | 1. On the Configure Instance Details page, leave the defaults and then choose Next: Add Storage: 45 | 1. On the Add Storage page, leave the defaults and then choose Next: Add Tags. 46 | 1. On the Add Tags page, leave the defaults and then choose Next: Configure Security Group 47 | 1. On the Configure Security Group page, Create a new security group called ```workshop-securitygroup``` 48 | 1. Remove the rule that enable all IP addresses (0.0.0.0/0) to access your instance over SSH and then choose Review and Launch. 49 | 1. On the Review Instance Launch page, choose the Proceed without key pair option. 50 | 1. To launch your instance, select the acknowledgment check box, then choose Launch Instances. 51 | 1. The instance should be up and running in around a minute. 52 | 53 | ### Add Remediation to your AWS Config Rule 54 | 55 | AWS Config provides a set of managed automation documents with remediation actions. You can also create and associate custom automation documents with AWS Config rules. 56 | 57 | Now return to the Config rule you created, click into the rule, and click Re-evaluate after the instance is up and running. You will have wait a minute or two for the result, and then refresh the web page. After a few moments the instance we deployed should be flagged as non-compliant. 58 | 59 | ***Adding Remeditaion to the Config rule to alert on Systems Manager agent non-compliance*** 60 | 61 | 1. In the AWS Config console, click on the ec2-instance-managed-by-systems-manager rule you created. 62 | 63 | 1. Click Actions | Re-evaluate after the instance is up and running 64 | 65 | ![](/media/config-reevaluatessmrule-ep02.png) 66 | 67 | 1. You will have wait a minute or two for the result, and then refresh the web page. After a few moments the instance we deployed should be flagged as non-compliant. 68 | 69 | 1. Next you will fix this non-compliant resource by adding a remediation action to the Config rule. 70 | 71 | 1. Click Actions | Manage remediation 72 | 73 | 1. Under the Edit: remediation action do the following: 74 | - Remediation method: Manual remediation 75 | - Remediation action: AWS-AttachIAMToInstance 76 | - Resource ID parameter: InstanceId 77 | - This passes the non-compliant instance ID to the remediation action 78 | - Enter ```WorkshopEC2SSMRole``` into the RoleName field. 79 | 80 | ![](/media/config-ssmremediation1-ep02.png) 81 | ![](/media/config-ssmremediation2-ep02.png) 82 | 83 | 1. Click Save 84 | 85 | 1. Go back into the Config rule and look at non-compliant resources. Select the instance we deployed and then click on Remediate. 86 | 87 | ![](/media/config-remediatebutton-ep02.png) 88 | 89 | 1. Once completed, reboot the instance to hasten the remediation process. This will force the Systems Manager agent on the instance to acquire the new IAM role immediately upon reboot. 90 | 91 | 1. Return to the Systems Manager console, and then check under Fleet Manager. When the instance shows up as a managed instance, re-evaluate the rule once more. You will see that the instance is now compliant. 92 | 93 | 94 | ## Next Section 95 | 96 | Click the link below to go to the next section. 97 | 98 | [![](media/config-conformancepack.png)](/episode-02-step-03-config-conformancepack.md) -------------------------------------------------------------------------------- /episode-02-step-03-config-conformancepack.md: -------------------------------------------------------------------------------- 1 | # AWS Config Deploy Conformance Pack 2 | 3 | ![](media/config-aws-logo.png) 4 | 5 | NOTE: You will incur charges as you go through either of these workshops, as they will exceed the [limits of AWS free tier](http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/free-tier-limits.html). 6 | 7 | ## Table of Contents 8 | 9 | - [Summary](#summary) 10 | - [Instructions](#instructions) 11 | - [Deploy conformance pack](#deploy-conformance-pack) 12 | - [View compliance remediation](#view-compliance-remediation) 13 | - [Next Section](#next-section) 14 | 15 | ## Summary 16 | 17 | A conformance pack is a collection of AWS Config rules and remediation actions that can be easily deployed as a single entity in an account and a Region or across an organization in AWS Organizations. 18 | 19 | In this section you will (1) create an conformance pack with remediation to evaluate your S3 buckets accoriding to S3 Best Practices, and (2) use AWS Systems Manager Automation Documents to remediate non-compliant S3 Buckets. 20 | 21 | ## Instructions 22 | 23 | ### Deploy conformance pack 24 | 25 | Before we can deploy the conformance pack, we will need to edit it. Conformance packs that AWS provides represent collated best practices, however they are not “one size fits all” and need some tailoring before being leveraged. 26 | 27 | 1. First, download the conformance pack template from this [link](cfntemplates/Operational-Best-Practices-for-Amazon-S3-with-Remediation.yaml). - Operational-Best-Practices-for-Amazon-S3-with-Remediation 28 | 1. Next edit this file so we can make it usable with your lab environment. You will need to replace the `````` entries with the proper account number for your account (without dashes). You will find this entry on these line numbers: 29 | - 43 30 | - 80 31 | - 139 32 | - 179 33 | 1. Go to the [Config Console](https://console.aws.amazon.com/config), and then click on Conformance packs. 34 | 1. Click on Deploy conformance pack on the top right of the page. 35 | 36 | ![](/media/config-conformancepack1-ep02.png) 37 | 38 | 1. Under template details, select Upload template, and then select the Upload a template. Click Choose file, upload your modified template, and finally click Next. 39 | 1. Give the conformance pack a name that is meaningful to you. - Workshop-Operational-S3-BestPractices-WithRemediation 40 | 1. This conformance pack will require a parameter to function. Click Add parameter and then add a new key called ```S3TargetBucketNameForEnableLogging```. 41 | - The value for this will be the name of the ```s3serversideloggingbucket``` created by the CloudFormation stack you deployed in the prerequisites. Copy the name of the bucket into the value field. 42 | 1. Click Next, and finally click Deploy conformance pack. 43 | 44 | ![](/media/config-conformancepack2-ep02.png) 45 | 46 | ### View compliance remediation 47 | 48 | We will check compliance status for each rule in conformance pack and associated resources. Conformance Packs can also be deployed to an AWS Organization; however, this is out of scope for this lab. 49 | 50 | 1. Once the conformance pack is deployed, click on conformance pack name to drill down into details. You can view list of rules and their compliance status. 51 | 52 | ![](/media/config-conformancepack3-ep02.png) 53 | 54 | 1. Click on a rule name to see its details. 55 | 1. Expand Resources in Scope section to see resources in scope and their compliance status. If there are any existing non-compliant resources, you can manually remediate them or wait for auto-remediation to complete. 56 | 1. To see auto-remediation in action on a new resource, create a new S3 bucket using S3 Console. Config will discover the resource and mark it as non-compliant if it is not following S3 best practices. 57 | 1. Go back to conformance pack details and select a rule with remediation action. 58 | 1. Expand Resources in Scope section to see newly created resource with its compliance status. If the resource is non-compliant, the auto-remediation action will apply to resource within few minutes. 59 | 1. Refresh the page to see updated resource compliance status. 60 | 61 | ## Next Section 62 | 63 | Click the link below to go to the next section. 64 | 65 | [![](media/cloudtrail-loginsights.png)](/episode-02-step-04-cloudtrail-loginsights.md) 66 | -------------------------------------------------------------------------------- /episode-02-step-04-cloudtrail-loginsights.md: -------------------------------------------------------------------------------- 1 | # Querying AWS CloudTrail Logs in Amazon Cloudwatch Logs Insights 2 | 3 | ![](media/cloudtrail-aws-logo.png) 4 | 5 | NOTE: You will incur charges as you go through either of these workshops, as they will exceed the [limits of AWS free tier](http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/free-tier-limits.html). 6 | 7 | ## Table of Contents 8 | 9 | - [Summary](#summary) 10 | - [Instructions](#instructions) 11 | - [Next Section](#next-section) 12 | 13 | ## Summary 14 | 15 | CloudWatch Logs Insights enables you to interactively search and analyze your log data in Amazon CloudWatch Logs. You can perform queries to help you more efficiently and effectively respond to operational issues. If an issue occurs, you can use CloudWatch Logs Insights to identify potential causes and validate deployed fixes. 16 | 17 | CloudWatch Logs Insights automatically discovers fields in logs from AWS services such as Amazon Route 53, AWS Lambda, AWS CloudTrail, and Amazon VPC, and any application or custom log that emits log events as JSON. In this lab exercise, we will query CloudTrail events CloudWatch Logs data with Insights and add it to a CloudWatch Dashboard. 18 | 19 | In this section you will (1) create a dashboard in Amazon CloudWatch and (2) use Amazon CloudWatch Logs Insights to query AWS CloudTrail. 20 | 21 | ## Instructions 22 | 23 | 1. Go to the [CloudWatch Dashboards](https://console.aws.amazon.com/cloudwatch) 24 | 1. Click Create dashboard 25 | - Give a dashboard name ```WorkshopDashboard``` 26 | - Click Create dashboard 27 | 1. Select a widget type to configure: Logs table (Explore results from Logs Insights) and click Next 28 | 1. From the drop down, select the CloudWatch Log Group created during the setup. 29 | 1. In the query pane, enter the following query, which filters Number of log entries by region and EC2 event type. 30 | ``` 31 | filter eventSource="ec2.amazonaws.com" 32 | | stats count(*) as eventCount by eventName, awsRegion 33 | | sort eventCount desc 34 | ``` 35 | 1. Click on Run Query to view results. 36 | 1. Click on Create widget and you will see your first dashboard created. 37 | 38 | **Note:** The [CloudWatch Logs Insights Console](https://console.aws.amazon.com/cloudwatch/home#logsV2:logs-insights) has a few sample queries to start with under Sample queries. Refer this [document](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax-examples.html) for more information. 39 | 40 | ## Next Section 41 | 42 | Click the link below to go to the next section. 43 | 44 | [![](media/tear-down.png)](/episode-02-step-05-tear-down.md) 45 | -------------------------------------------------------------------------------- /episode-02-step-05-tear-down.md: -------------------------------------------------------------------------------- 1 | # Tear down workshop 2 | 3 | ![](media/config-aws-logo.png) 4 | 5 | **Congratulations!** You have completed the **Episode 2: Enabling Compliance and Monitoring in an Enterprise Cloud Environment** workshop. 6 | 7 | ## Tear down instructions 8 | 9 | ### Delete Amazon CloudWatch Dashboard 10 | 11 |
12 | To delete Amazon CloudWatch Dashboard

13 | 14 | 1. Open the Amazon CloudWatch console at https://console.aws.amazon.com/cloudwatch/. 15 | 1. In the navigation pane, choose **Dashboard**. 16 | 1. Click on the **WorkshopDashboard** Dashboard. 17 | 1. Select **Actions | Delete dashboard**. 18 | 1. Click **Delete** Button 19 | 20 |

21 | 22 | ### Delete EC2 Instance and Security Group 23 | 24 |
25 | To delete the EC2 Instance and Security Group

26 | 27 | 1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/. 28 | 1. In the navigation pane, choose **Instances**. 29 | 1. Select on the EC2 Instance that was created and Click **Instance state | Terminate Instance**. 30 | 1. Click the **Terminate** Button. 31 | 1. In the navigation pane, choose **Security Groups**. 32 | 1. Select the **workshop-securitygroup** Security Group and Click **Actions | Delete security groups**. 33 | 1. Click **Delete** Button 34 |

35 | 36 | ### Delete AWS Config Resources 37 | 38 |
39 | Delete AWS Config Conformance Pack

40 | 41 | 1. Open the AWS Config console at https://console.aws.amazon.com/config/. 42 | 1. In the navigation pane, choose **Conformance packs**. 43 | 1. Select the Conformance pack and click **Actions | delete**. 44 | 1. Enter the phrase ```Delete``` to confirm this action and click **Delete**. 45 |

46 |
47 | To delete the AWS Config rule

48 | 49 | 1. In the navigation pane, choose **Rules**. 50 | 1. Click on the **Rule**. 51 | 1. Under the **Remediation action section** click **Delete**. 52 | 1. Enter the phrase ```Delete``` to confirm this action and click **Delete**. 53 | 1. Click Actions | Delete rule. 54 | 1. Enter the phrase ```Delete``` to confirm this action and click **Delete**. 55 |

56 | 57 |
58 | To disable AWS Config

59 | 60 | 1. In the navigation pane, choose **Settings**. 61 | 1. Click **Edit**. 62 | 1. Uncheck the **Enable recording** check box. 63 | 1. Click **Save**. 64 |

65 | 66 |
67 | (Optional) To delete the Config recorder and Config delivery method

68 | 69 | To delete the Config recorder and Config delivery channel, perform the following steps using AWS CloudShell: 70 | 71 | From the AWS Management Console, you can launch AWS CloudShell by choosing the following options available on the navigation bar: 72 | 73 | 1. Choose the AWS CloudShell icon. 74 | 2. Start typing "cloudshell" in Search box and then choose the CloudShell option. 75 | 76 | ![](https://docs.aws.amazon.com/cloudshell/latest/userguide/images/launch_options.png) 77 | 78 | 1. To delete the Config recorder, enter the following command: 79 | 80 | ```aws configservice delete-configuration-recorder --configuration-recorder-name default``` 81 | 82 | 1. To delete the Config delivery channel, enter the following command: 83 | 84 | ```aws configservice delete-delivery-channel --delivery-channel-name default``` 85 | 86 | 1. Return to the AWS Config console to confirm Config is no longer enabled. If you see the **Set up AWS Config** page, then Config has successfully been disabled. 87 | 88 |

89 | 90 |
91 | To delete configuration items stored by AWS Config

92 | 93 | 1. Open the Amazon S3 console at https://s3.console.aws.amazon.com/s3. 94 | 1. Choose the S3 bucket created by AWS Config Setup. The name will be similar to ```config-bucket-123456789012```. 95 | 1. Choose **Empty**. 96 | 97 | 1. On the **Empty bucket** page, type **permanently delete** to confirm deletion of the objects in the S3 bucket. 98 | 1. Choose **Empty**. 99 | 100 | 1. Choose the S3 bucket created by AWS Config Setup. The name will be similar to ```config-bucket-123456789012```. 101 | 1. Choose **Delete**. 102 | 103 | 1. On the **Delete bucket** page, type the name of the S3 bucket to confirm deletion of the S3 bucket. 104 | 1. Choose **Delete bucket**. 105 | 106 |

107 | 108 | ### Delete Cloudformation Stack for AWS Config Prerequisites 109 | 110 |
111 | To delete the CloudFormation Stack

112 | 113 | 1. Open the AWS CloudFormation console at https://console.aws.amazon.com/cloudformation/. 114 | 1. Choose the stack created and click **Delete**. 115 | 1. Click **Delete Stack**. 116 |

117 | 118 | ### Delete AWS CloudTrail Trail 119 | 120 |
121 | To delete the Trail for AWS CloudTrail

122 | 123 | 1. Open the AWS CloudTrail console at https://console.aws.amazon.com/cloudtrail/. 124 | 1. In the navigation pane, choose **Trails**. 125 | 1. Select the trail the was created for the workshop and click **Delete**. 126 | 1. Click **Delete**. 127 | 128 |

129 | 130 | 131 | ## Next Section 132 | 133 | Click the link below to go to the next episode, **Episode 3: Create Actionable Visibility for Enterprise Cloud Applications and Resources**. 134 | 135 | [![](media/episode-03-step-00-overview.png)](/episode-03-step-00-overview.md) -------------------------------------------------------------------------------- /episode-03-step-00-overview.md: -------------------------------------------------------------------------------- 1 | # Episode 3: Create Actionable Visibility for Enterprise Cloud Applications and Resources 2 | 3 | ![](media/ssm-aws-logo.png) 4 | 5 | NOTE: You will incur charges as you go through either of these workshops, as they will exceed the [limits of AWS free tier](http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/free-tier-limits.html). 6 | 7 | ## Table of Contents 8 | 9 | - [Summary](#summary) 10 | - [Learning Objectives](#learning-objectives) 11 | - [Gettting Started](#getting-started) 12 | 13 | ## Summary 14 | 15 | The ability for the right people to see the right information, when they need it, and take appropirate actions is crucial to operations even with automation. In this episode, you will learn how to use AWS services and processes to enable visibility, in a context relevent to the individual, of applications and resources in cloud and hybrid cloud environments -- and take action. 16 | 17 | In episode three, you will create an [Amazon CloudWatch alarm](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html) to monitor the performance of an Amazon Elastic Cloud Compute (EC2) instance. You then use various capabilities of [AWS Systems Manager](https://aws.amazon.com/systems-manager/) to gain visibility into operational issues and resolve them, including: 18 | 19 | - [Application Manager](https://docs.aws.amazon.com/systems-manager/latest/userguide/application-manager.html) 20 | - [Explorer](https://docs.aws.amazon.com/systems-manager/latest/userguide/Explorer.html) 21 | - [Fleet Manager](https://docs.aws.amazon.com/systems-manager/latest/userguide/fleet.html) 22 | - [OpsCenter](https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter.html) 23 | - [Quick Setup](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-quick-setup.html) 24 | - [Run Command](https://docs.aws.amazon.com/systems-manager/latest/userguide/execute-remote-commands.html) 25 | - [Session Manager](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html) 26 | 27 | ## Learning Objectives 28 | 29 | - Learn how to use Explorer to aggregate data across multiple accounts and regions. 30 | - Learn how to view and take action on operational data across your environment and in the context of an application. 31 | - Learn how to remotely manage your server fleet using Fleet Manager. 32 | 33 | ## Getting Started 34 | 35 | Click the link below to go to the next section and start setting the environment. 36 | 37 | [![](media/episode-03-initial-setup.png)](/episode-03-step-01-initial-setup.md) -------------------------------------------------------------------------------- /episode-03-step-04-tear-down.md: -------------------------------------------------------------------------------- 1 | # Tear down workshop 2 | 3 | ![](media/ssm-aws-logo.png) 4 | 5 | To go back to the previous section, click here: [View and take action on operational data in the context of an application](/episode-03-step-03-application-visibility.md) 6 | 7 | **Congratulations!** You have completed the **Episode 3: Create Actionable Visibility for Enterprise Cloud Applications and Resources** workshop. 8 | 9 | ## Tear down instructions 10 | 11 | ### Delete the Quick Setup Host Management configuration 12 | 13 |
14 | To delete the Quick Setup Host Management

15 | 16 | 1. Open the AWS Systems Manager console at https://console.aws.amazon.com/systems-manager/. 17 | 1. In the navigation pane, choose [**Quick Setup**](https://console.aws.amazon.com/systems-manager/quick-setup). 18 | 1. Choose the **Host Management** configuration created previously, choose **Actions**, and choose **Delete Configuration**. 19 | 20 | 1. Choose **Remove all OUs and Regions**. 21 | 1. This process will take a few moments to complete, once complete proceed with the next step. 22 | 23 | 1. Choose the **Host Management** configuration, choose **Actions**, and choose **Delete configuration**. 24 | 25 | 1. In the **Delete Configuration** window, type **delete**, and choose **Delete**. 26 | 27 |

28 | 29 | ### Delete the CloudWatch alarm 30 | 31 |
32 | To delete the CloudWatch alarm

33 | 34 | 1. Open the Amazon CloudWatch console at https://console.aws.amazon.com/cloudwatch/home. 35 | 1. In the navigation pane, choose **Alarms**. 36 | 1. Choose the alarm previously created **i-123456789012-BurstableInstanceCPUCreditBalanceLow**, choose **Actions**, and choose **Delete**. 37 | 38 |

39 | 40 | ### Delete the CloudFormation stack 41 | 42 |
43 | To delete the CloudFormation stack

44 | 45 | 1. Open the AWS CloudFormation console at https://console.aws.amazon.com/cloudformation/home. 46 | 1. In the navigation pane, choose **Stacks**. 47 | 1. Choose the stack **ssm-workshop-ep03** and click **Delete**. 48 | 1. Choose **Delete stack**. 49 | 50 |

51 | 52 | ### Manually terminate the EC2 instances 53 | 54 |
55 | To delete the CloudFormation stack

56 | 57 | **To manually terminate the EC2 Instance** 58 | 59 | 1. Open the AWS CloudFormation console at https://console.aws.amazon.com/ec2/v2/home. 60 | 1. In the navigation pane, choose **Instances**. 61 | 1. Choose the **TestWindowsInstance**, choose **Instance state**, and choose **Terminate instance**. 62 | 63 |

64 | 65 | ### Delete the Resource Group 66 | 67 |
68 | To delete the Resource Group

69 | 70 | **To manually terminate the EC2 Instance** 71 | 72 | 1. Open the AWS Resource Group console at https://console.aws.amazon.com/resource-groups/home. 73 | 1. In the navigation pane, choose **Saved Resource Groups**. 74 | 1. Choose the **SSMWorkshop** and choose **View details**. 75 | 1. Choose **Delete**. 76 | 77 |

78 | 79 | 80 | ## Next Section 81 | 82 | Click the link below to go to the next episode, **Episode 4: Automating Changes and Preventative Maintenance in an Enterprise Cloud Environment**. 83 | 84 | [![](media/episode-04-link.png)](/episode-04-step-00-overview.md) 85 | 86 | ## Special Thanks 87 | 88 | This workshop is inspired in part by the following AWS Management & Governance blog post: 89 | 90 | [Troubleshoot and resolve Windows workload issues using AWS Systems Manager Fleet Manager](https://aws.amazon.com/blogs/mt/troubleshoot-and-resolve-windows-workload-issues-using-aws-systems-manager-fleet-manager/) -------------------------------------------------------------------------------- /episode-04-step-00-overview.md: -------------------------------------------------------------------------------- 1 | # Episode 4: Automating Changes and Preventative Maintenance in an Enterprise Cloud Environment 2 | 3 | ![](media/ssm-aws-logo.png) 4 | 5 | NOTE: You will incur charges as you go through either of these workshops, as they will exceed the [limits of AWS free tier](http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/free-tier-limits.html). 6 | 7 | ## Table of Contents 8 | 9 | - [Summary](#summary) 10 | - [Learning Objectives](#learning-objectives) 11 | - [Gettting Started](#getting-started) 12 | 13 | ## Summary 14 | 15 | Balancing flexibility and time-to-market with control and stability to maximize availabiltiy, while reducing cumbersome processes, is critical to cloud operations. In this episode, you will learn how to use the services and processes to manage application and resource changes and patching across your cloud or hybrid cloud environment. 16 | 17 | ## Learning Objectives 18 | 19 | During this workshop episode, we will work towards the following learning objectives: 20 | 21 | - Learn how to report patching compliance status across your server fleet. 22 | - Learn how to schedule and automate centralized patching operations across your AWS accounts and Regions and hybrid cloud environments. 23 | - Learn how to manage change approvals, execution, and reporting. 24 | 25 | ## Getting Started 26 | 27 | Click the link below to go to the next section. 28 | 29 | [![](media/enabling-patch-management.png)](/episode-04-step-01-enable-patch.md) -------------------------------------------------------------------------------- /episode-04-step-04-tear-down.md: -------------------------------------------------------------------------------- 1 | # Tear down workshop 2 | 3 | ![](media/ssm-aws-logo.png) 4 | 5 | To go back to the previous section, click here: [Enable Change Management](/episode-04-step-03-enable-change-management.md) 6 | 7 | **Congratulations!** You have completed the **Episode 4: Automating Changes and Preventative Maintenance in an Enterprise Cloud Environment** workshop. 8 | 9 | ## Tear down instructions 10 | 11 | ### Delete objects in the S3 buckets 12 | 13 |
14 | To delete command logs stored by AWS Systems Manager

15 | 16 | 1. Open the Amazon S3 console at https://s3.console.aws.amazon.com/s3. 17 | 1. Choose the S3 bucket for command logs. The name will be similar to ```ssm-command-logs-us-east-1-123456789012```. 18 | 1. Choose **Empty**. 19 | 20 | 1. On the **Empty bucket** page, type **permanently delete** to confirm deletion of the objects in the S3 bucket. 21 | 1. Choose **Empty**. 22 | 23 |

24 | 25 |
26 | To delete inventory data stored by AWS Systems Manager

27 | 28 | 1. Open the Amazon S3 console at https://s3.console.aws.amazon.com/s3. 29 | 1. Choose the S3 bucket for command logs. The name will be similar to ```ssm-resource-sync-us-east-1-123456789012```. 30 | 1. Choose **Empty**. 31 | 32 | 1. On the **Empty bucket** page, type **permanently delete** to confirm deletion of the objects in the S3 bucket. 33 | 1. Choose **Empty**. 34 | 35 |

36 | 37 | ### Delete the CloudFormation stack 38 | 39 |
40 | To delete the CloudFormation stack

41 | 42 | 1. Open the AWS CloudFormation console at https://console.aws.amazon.com/cloudformation/home. 43 | 1. In the navigation pane, choose **Stacks**. 44 | 1. Choose the stack **ssm-workshop-ep04** and click **Delete**. 45 | 1. Choose **Delete stack**. 46 | 47 |

48 | 49 | ### Delete the SNS Topic 50 | 51 |
52 | To delete the SNS topic

53 | 54 | 1. Open the Amazon SNS console at https://console.aws.amazon.com/sns/v3/home. 55 | 1. In the navigation pane, choose **Topics**. 56 | 1. Choose the SNS topic **ssm-workshop-sns** and choose **Delete**. 57 | 1. Enter ```delete me``` and choose **Delete**. 58 | 59 |

60 | 61 | ### Delete the IAM user 62 | 63 |
64 | To delete the IAM user

65 | 66 | 1. Open the AWS IAM console at https://console.aws.amazon.com/iam/home. 67 | 1. In the navigation pane, choose **Users**. 68 | 1. Choose the user **approval-user**, choose **Delete user**, and choose **Yes, delete**. 69 | 70 |

71 | 72 | ### Delete the State Manager Association 73 | 74 |
75 | To delete the State Manager associations

76 | 77 | 1. Open the Systems Manager console at https://console.aws.amazon.com/systems-manager/. 78 | 1. In the navigation pane, choose [**State Manager**](https://console.aws.amazon.com/systems-manager/state-manager). 79 | 1. Choose the radio button next to the association named **CloudWatchAgent-Install** and choose **Delete**. 80 | 1. In the **Delete association** window, choose **Delete**. 81 | 82 |

83 | 84 | 85 | ## Next Section 86 | 87 | Click the link below to go to the next episode, **Episode 5: Problem and Incident Management with Scale and Automation in an Enterprise Cloud Environment**. 88 | 89 | [![](media/episode-05.png)](/episode-05-step-00-overview.md) -------------------------------------------------------------------------------- /episode-05-step-00-overview.md: -------------------------------------------------------------------------------- 1 | # Episode 5: Problem and Incident Management with Scale and Automation in an Enterprise Cloud Environment 2 | 3 | ![](media/ssm-aws-logo.png) 4 | 5 | NOTE: You will incur charges as you go through either of these workshops, as they will exceed the [limits of AWS free tier](http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/free-tier-limits.html). 6 | 7 | ## Table of Contents 8 | 9 | - [Summary](#summary) 10 | - [Learning Objectives](#learning-objectives) 11 | - [Gettting Started](#getting-started) 12 | 13 | ## Summary 14 | 15 | If an issue or incident arises, operational services and processes must react quickly, with as minimal human intervention as possible, to resolve it before customers are impacted. In this episode, you will learn about the services and processes enterprises can use to automate issue and incident detection, notifications, resolution, and reporting to prevent future occurances. 16 | 17 | ## Learning Objectives 18 | 19 | During this workshop episode, we will work towards the following learning objectives: 20 | 21 | - Learn how to trigger incidents, create notifications, and resolve with automation. 22 | - Learn how to track operational issues and automatically remediate. 23 | - Learn how to automatically report on issues and incidents, including root cause analysis data. 24 | 25 | ## Getting Started 26 | 27 | Click the link below to go to the next section. 28 | 29 | [![](media/episode-05-step-01-prepare.png)](/episode-05-step-01-enable-incident.md) -------------------------------------------------------------------------------- /episode-05-step-03-post-incident.md: -------------------------------------------------------------------------------- 1 | # Perform a post-incident analysis 2 | 3 | ![](media/ssm-aws-logo.png) 4 | 5 | NOTE: You will incur charges as you go through either of these workshops, as they will exceed the [limits of AWS free tier](http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/free-tier-limits.html). 6 | 7 | To go back to the previous section, click here: [Mitigate and respond to incidents](/episode-05-step-02-mitigate-respond.md). 8 | 9 | ## Table of Contents 10 | 11 | - [Summary](#summary) 12 | - [Instructions](#instructions) 13 | - [Create the analysis](#create-the-analysis) 14 | - [Add metrics](#add-metrics) 15 | - [Answer incident questions](#answer-incident-questions) 16 | - [Review related items](#review-related-items) 17 | - [Review action items](#review-action-items) 18 | - [Next Section](#next-section) 19 | 20 | ## Summary 21 | 22 | **Post-incident analysis** guides you through identifying improvements to your incident response, including time to detection and mitigation. An analysis can also help you understand the root cause of the incidents. Incident Manager creates recommended action items to improve your incident response. 23 | 24 | **Benefits of a post-incident analysis** 25 | 26 | - Improve incident response 27 | - Understand the root cause of the problem 28 | - Address root causes with deliverable action items 29 | - Analyze the impact of incidents 30 | - Capture and share learnings within an organization 31 | 32 | ## Instructions 33 | 34 | In this section you will perform a post-incident analysis following the resolution of the incident. 35 | 36 | ### Create the analysis 37 | 38 | 1. Open the AWS Systems Manager console at https://console.aws.amazon.com/systems-manager/. 39 | 1. In the navigation pane, choose [**Incident Manager**](https://console.aws.amazon.com/systems-manager/incidents). 40 | 1. In the **Resolved incidents** section, choose the incident created during this workshop and choose **View details**. 41 | 1. Choose **Create analysis**. 42 | 43 | ![](media/incident-create-analysis.png) 44 | 45 | 1. In the **Create analysis** window, leave the default value for **Title**, choose **AWSIncidents-PostIncidentAnalysisTemplate**, and choose **Create**. 46 | 47 | ![](media/incident-create-analysis-window.png) 48 | 49 | ### Add metrics 50 | 51 | 1. Choose the **Metrics** tab and choose **Add metrics**. 52 | 1. First, modify the timeframe of the metric by choosing the edit button. 53 | 54 | ![](media/incident-timeframe-edit.png) 55 | 56 | 1. Choose the **Relative** tab, choose **2 hours**, choose **Apply**. 57 | 58 | ![](media/incident-relative-timeframe.png) 59 | 60 | 1. In the search bar, filter for ```Name: CPUUtiliziation```, choose the instance created by the CloudFormation stack, and choose **Next**. 61 | 1. On the **Describe, annotate, and review** page, enter a title and description for the event such as: 62 | 63 | - **Title**: ```Stress test command performed spiking CPU```. 64 | - **Description**: ```A stress test command to simulate 70% CPU usage was performed to simulate an incident.``` 65 | 66 | 1. Choose **Add Annotation** to add an annotation to the metric graph. You can add annotations to identify key timepoints during the incident. 67 | 68 | - For **Annotation**, enter ```Incident begins``` and modify the time to match the beginning of the graph. 69 | - Choose **Add Annotation**. 70 | - For **Annotation**, enter ```Stress command interrupted``` and modify the time to match the peak of the graph. 71 | - Choose **Add Annotation**. 72 | - For **Annotation**, enter ```Incident resolved``` and modify the time to match the ending of the graph. 73 | 74 | ![](media/incident-annotations.png) 75 | 76 | 1. Choose **Done**. 77 | 78 | ### Answer incident questions 79 | 80 | 1. Choose the **Incident questions** tab to review the questions provided by the **AWSIncidents-PostIncidentAnalysisTemplate** analysis template. 81 | 1. Review each section briefly to see the list of pre-populated incident questions by the analysis template. 82 | 1. In the **Detection** section, choose **Edit**. 83 | 1. For the second question **ID2 What adjustments could be made to the metrics used for detection?**, choose **Add metric**, optionally enter a comment, and choose **Save**. 84 | 85 | ![](media/incident-detection-question.png) 86 | 87 | ### Review related items 88 | 89 | 1. Choose the **Related items** tab to see resources related to the incident. 90 | 1. Optionally edit the existing CloudWatch alarm resource, or add/delete resources from this list. 91 | 92 | ### Review action items 93 | 94 | 1. Choose the **Action items** tab to see recommendations and action items. 95 | 96 | - :exclamation: **Important**: The **Recommendations** section will automatically be populated based on the answers you provided in the incident questions. You can choose to then **Accept** or **Dismiss** recommended items to add or remove them from the **Action items** list. 97 | 98 | ![](media/incident-recommendations.png) 99 | 100 | 1. In the **Recommendations** section, select **Add detection metric** and choose **Accept**. 101 | 102 | - :information_source: Action items added will automatically have a corresponding [OpsCenter OpsItem](https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter.html) created so the appropriate individuals can track the status of action items by working on the corresponding [OpsItem](https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter-working-with-OpsItems.html). 103 | 104 |
105 | :information_source: Example auto-generated OpsItem

106 | 107 | ![](media/incident-generated-opsitem.png) 108 | 109 |

110 | 111 | Once you have completed reviewing the various tabs of an analysis, choose **Complete**. In the resulting **Checklist** window, you can view answers provided, timeline events added, metrics added, and action items recommended. Choose **Complete** to complete the analysis process. 112 | 113 | ## Next Section 114 | 115 | You have now completed the workshop **Episode 5: Problem and Incident Management with Scale and Automation in an Enterprise Cloud Environment**! 116 | 117 | Click the link below to go to the next section to tear down the resources created during the workshop. 118 | 119 | [![](media/tear-down.png)](/episode-05-step-04-tear-down.md) -------------------------------------------------------------------------------- /episode-05-step-04-tear-down.md: -------------------------------------------------------------------------------- 1 | # Tear down workshop 2 | 3 | ![](media/ssm-aws-logo.png) 4 | 5 | To go back to the previous section, click here: [Perform a post-incident analysis](/episode-05-step-03-post-incident.md). 6 | 7 | **Congratulations!** You have completed the **Episode 5: Problem and Incident Management with Scale and Automation in an Enterprise Cloud Environment** workshop. 8 | 9 | ## Tear down instructions 10 | 11 | ### Delete the CloudFormation stack 12 | 13 |
14 | To delete the CloudFormation stack

15 | 16 | 1. Open the AWS CloudFormation console at https://console.aws.amazon.com/cloudformation/home. 17 | 1. In the navigation pane, choose **Stacks**. 18 | 1. Choose the stack **ssm-workshop-ep05** and click **Delete**. 19 | 1. Choose **Delete stack**. 20 | 21 |

22 | 23 | ### Delete Incident Manager resources 24 | 25 | #### Delete the Incident Manager replication set 26 | 27 |
28 | To delete the replication set

29 | 30 | 1. Navigate to the [**Incident Manager console**](https://console.aws.amazon.com/systems-manager/incidents/home) and choose **Settings** from the left navigation bar. 31 | 1. Select the region **US East (Ohio)** and choose **Delete**. 32 | 1. Enter ```delete``` into the text box and choose **Delete**. 33 | 34 |

35 | 36 | #### Delete Incident Manager contacts 37 | 38 |
39 | To delete contacts

40 | 41 | 1. Navigate to the [**Incident Manager console**](https://console.aws.amazon.com/systems-manager/incidents/home) and choose **Contacts** from the left navigation bar. 42 | 1. Select one of the two contacts created during the workshop (```yourname``` or ```yourname-escalated```), choose **Delete**. 43 | 1. Enter ```delete``` into the text box and choose **Delete**. 44 | 1. Repeat the process for the second contact. 45 | 46 |

47 | 48 | #### Delete the response plan 49 | 50 |
51 | To delete the reponse plan

52 | 53 | 1. Navigate to the [**Incident Manager console**](https://console.aws.amazon.com/systems-manager/incidents/home) and choose **Response plans** from the left navigation bar. 54 | 1. Select escalation plan created during the workshop (```sampleapp-performance-issues-response-plan```), choose **Delete**. 55 | 1. Enter ```sampleapp-performance-issues-response-plan``` into the text box and choose **Delete**. 56 | 57 |

58 | 59 | #### Delete the escalation plan 60 | 61 |
62 | To delete the escalation plan

63 | 64 | 1. Navigate to the [**Incident Manager console**](https://console.aws.amazon.com/systems-manager/incidents/home) and choose **Escalation plans** from the left navigation bar. 65 | 1. Select the escalation plan created during the workshop (```workshop-escalation```), choose **Delete**. 66 | 1. Enter ```delete``` into the text box and choose **Delete**. 67 | 68 |

69 | 70 | ### Delete the IAM role for Incident Manager 71 | 72 |
73 | To delete the IAM role

74 | 75 | 1. Open the AWS IAM console at https://console.aws.amazon.com/iam/home. 76 | 1. In the navigation pane, choose **Roles**. 77 | 1. Choose the role **IncidentManager-Role**, choose **Delete role**, and choose **Yes, delete**. 78 | 79 |

-------------------------------------------------------------------------------- /media/alarm-in-alarm-state.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/alarm-in-alarm-state.png -------------------------------------------------------------------------------- /media/aws-config-1-click.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/aws-config-1-click.png -------------------------------------------------------------------------------- /media/aws-config-confirm.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/aws-config-confirm.png -------------------------------------------------------------------------------- /media/begin-stress-test.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/begin-stress-test.png -------------------------------------------------------------------------------- /media/calendar-arn.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/calendar-arn.png -------------------------------------------------------------------------------- /media/calendar-automation-details.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/calendar-automation-details.png -------------------------------------------------------------------------------- /media/calendar-create-automation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/calendar-create-automation.png -------------------------------------------------------------------------------- /media/calendar-create-calendar.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/calendar-create-calendar.png -------------------------------------------------------------------------------- /media/calendar-create-event.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/calendar-create-event.png -------------------------------------------------------------------------------- /media/calendar-description.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/calendar-description.png -------------------------------------------------------------------------------- /media/calendar-run-automation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/calendar-run-automation.png -------------------------------------------------------------------------------- /media/change-create-template.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/change-create-template.png -------------------------------------------------------------------------------- /media/change-manager-approve-request.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/change-manager-approve-request.png -------------------------------------------------------------------------------- /media/change-manager-automation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/change-manager-automation.png -------------------------------------------------------------------------------- /media/change-manager-change-details.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/change-manager-change-details.png -------------------------------------------------------------------------------- /media/change-manager-change-parameters.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/change-manager-change-parameters.png -------------------------------------------------------------------------------- /media/change-manager-set-up.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/change-manager-set-up.png -------------------------------------------------------------------------------- /media/change-manager-settings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/change-manager-settings.png -------------------------------------------------------------------------------- /media/change-manager-sns.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/change-manager-sns.png -------------------------------------------------------------------------------- /media/change-manager-task.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/change-manager-task.png -------------------------------------------------------------------------------- /media/change-manager-timeline.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/change-manager-timeline.png -------------------------------------------------------------------------------- /media/cloudformation-create-stack-ep01.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/cloudformation-create-stack-ep01.png -------------------------------------------------------------------------------- /media/cloudformation-create-stack-ep02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/cloudformation-create-stack-ep02.png -------------------------------------------------------------------------------- /media/cloudformation-create-stack-ep03.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/cloudformation-create-stack-ep03.png -------------------------------------------------------------------------------- /media/cloudformation-create-stack-ep04.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/cloudformation-create-stack-ep04.png -------------------------------------------------------------------------------- /media/cloudformation-create-stack-ep05.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/cloudformation-create-stack-ep05.png -------------------------------------------------------------------------------- /media/cloudformation-stack-ep02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/cloudformation-stack-ep02.png -------------------------------------------------------------------------------- /media/cloudtrail-aws-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/cloudtrail-aws-logo.png -------------------------------------------------------------------------------- /media/cloudtrail-create-trail-ep02.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/cloudtrail-create-trail-ep02.jpg -------------------------------------------------------------------------------- /media/cloudtrail-loginsights.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/cloudtrail-loginsights.png -------------------------------------------------------------------------------- /media/cloudwatch-disk-used.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/cloudwatch-disk-used.png -------------------------------------------------------------------------------- /media/cloudwatch-iam-role.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/cloudwatch-iam-role.png -------------------------------------------------------------------------------- /media/cloudwatch-mem-used.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/cloudwatch-mem-used.png -------------------------------------------------------------------------------- /media/codify-runbooks.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/codify-runbooks.png -------------------------------------------------------------------------------- /media/config-aws-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/config-aws-logo.png -------------------------------------------------------------------------------- /media/config-conformancepack.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/config-conformancepack.png -------------------------------------------------------------------------------- /media/config-conformancepack1-ep02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/config-conformancepack1-ep02.png -------------------------------------------------------------------------------- /media/config-conformancepack2-ep02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/config-conformancepack2-ep02.png -------------------------------------------------------------------------------- /media/config-conformancepack3-ep02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/config-conformancepack3-ep02.png -------------------------------------------------------------------------------- /media/config-disable-recording.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/config-disable-recording.png -------------------------------------------------------------------------------- /media/config-gettingstarted-ep02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/config-gettingstarted-ep02.png -------------------------------------------------------------------------------- /media/config-recorder-off.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/config-recorder-off.png -------------------------------------------------------------------------------- /media/config-reevaluatessmrule-ep02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/config-reevaluatessmrule-ep02.png -------------------------------------------------------------------------------- /media/config-remediatebutton-ep02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/config-remediatebutton-ep02.png -------------------------------------------------------------------------------- /media/config-rule.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/config-rule.png -------------------------------------------------------------------------------- /media/config-settings-ep02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/config-settings-ep02.png -------------------------------------------------------------------------------- /media/config-ssmremediation1-ep02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/config-ssmremediation1-ep02.png -------------------------------------------------------------------------------- /media/config-ssmremediation2-ep02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/config-ssmremediation2-ep02.png -------------------------------------------------------------------------------- /media/configure-replication-set.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/configure-replication-set.png -------------------------------------------------------------------------------- /media/create-command-document.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/create-command-document.png -------------------------------------------------------------------------------- /media/create-resource-data-sync.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/create-resource-data-sync.png -------------------------------------------------------------------------------- /media/define-freeze.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/define-freeze.png -------------------------------------------------------------------------------- /media/ec2-tags-patch-group-app.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/ec2-tags-patch-group-app.png -------------------------------------------------------------------------------- /media/ec2-tags-patch-group-web.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/ec2-tags-patch-group-web.png -------------------------------------------------------------------------------- /media/enable-change-management.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/enable-change-management.png -------------------------------------------------------------------------------- /media/enable-config-cloudtrail.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/enable-config-cloudtrail.png -------------------------------------------------------------------------------- /media/enable-inventory.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/enable-inventory.png -------------------------------------------------------------------------------- /media/enable-state.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/enable-state.png -------------------------------------------------------------------------------- /media/enabling-patch-management.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/enabling-patch-management.png -------------------------------------------------------------------------------- /media/ep01-st01.drawio: -------------------------------------------------------------------------------- 1 | 7VrXluS4kf2afpQOvXmkd0mTNMlkvujQe5M0SfP1C1ZX9XRP12ilXY12dnfKZIEBBEzERdwAWF9Qrt2kMRwKvU/S5gsCJdsXlP+CIDRJgs9TsH8VwDBKfJXkY5m8y34ROOWRvguhd+lSJun0Q8O575u5HH4Uxn3XpfH8gywcx379sVnWNz+OOoR5+pPAicPmZ6lfJnPxVUrh0C9yOS3z4mNkGHqvacOPxu+CqQiTfv1OhApfUG7s+/lrqd24tDmN92GXr3rib9R+m9iYdvM/olCK9Gz6KE8biDch19me6fkv2NdeXmGzvC/4C0I0oD82KV+gmJ/FD1HWg5HAQub93TrEc+k/Kv4yvfmOAQ1gbNh+qfyul7AdQKGLpuEP8QwxvgM+uaZfko81Avt9XeaPSwfiTwzyiSga/1T9U/VP1T9V/8dUkR9iNDL2S5ekJwlAoHotyjl1hjA+a1fA2UBWzG0DnmBQDJsy70C5SbOPwC6Gbdmc9C2nzSudyzg8K8qm4fqmH4G867v028CvdJzT7TcpCv5GfCBjSPs2nccdNHlX+GDV92QBI9+f11+YFyXeZcV3rIt+cGz4zvb5t65/IURQeOfEf4IfiX+QH/9gzPZPM+HHqt4pPn537ZfvWByFBYo+s5tfE/vN4r6D4p/s+afqn6p/QNX/Di38Jg/8ii+meezrlPsWPT5ixu9FGOSPhIEjnxAG/AlhfGOafzlhwPBPjOEsUZfOPzmgX+am7ICxPg6up5nyMUxKsPhfmeo7V3zmqdM970dnGPl4fh/p7BUcPYez3G75eUr/a7hO2F9zgIDhbUgFHJ4/rf3b9HXqnziWImmYJj537OlSAI+GeQfH3A+fQAUsoezyy9sTj0Lv0/5siCScim9I/U0o/gvgRNM/won6GU4IDv8MJ5j8veCEf5J//ApHH84t27erjG/Wv4RR2lj9VM7lm3ujfp77FjRozgo2jOv8LQZ8Z/Hs7eu3PTgNX5GaldvpD/ZtSOZDCn1IQDkJZ+AT5usjIg5d/gXhyhtr2iukSXnPgC/D8QrBy0GJ08/nkmMC8Ie/FT5PgYJUeI1wvdlBkSJ+CPMevvkyEV0Pw28Uxr+z96x6NQncXMAIdEKP5HTJ8wsnCuWTsUXqpnD17WGo/Gg7iw5tZfAUaOua9rNq8NfkSRiedggwouatWuPwzInBeIhG3zexLTtYGW6WdXCFElTqF4TlxOGBFt0xJCg6vY6us1L0aIqwnjQw/D75dAfxlc7pq3IwmRav+SReIkVxy+RpuiYtRV7DBlDDRvUmRfWazpcHUDyqpH5Rl/qKGIbt16Zi+HitVXNl+ISnjjS6Ya0xSSz8yHicbS1P3IlSYBHGFZ/m+jxkYnqxhE7GYIpMWcStBT0QFS1EIczCagrDXLfaFVR22tfPK5EcApHANW57B4ELmlq4uu14kqeWEpMjnBfUbFCY8WjQzhVKZPVIFppRV4IO5mxMcOlM8i6VuU9jarruTpdUe91uy0sAUylqilrizMZWCmxINqMfnt88X5MZ4VVcGlYOEuqTmWwCwJze5wwK7wmayDy+8xcvuEryjtqNpHPhARq+WuNmbbsayBMzrsBcbLqBLSp6ELMtmRXM0j6sXAAkoy5W6qVvxY6QRNDODCTMpqECuojniFzPx2uhIa9Ln+SXYxjSPLkGGm47WzD1qvBAWWVRQkFzhKEJCqy2afF5be9SXl9ElGvcqwoAzN6MUXfzg9GqdFb9NVYk40KC0aX2rt8X4/AOQ7mBiYsXnmPvJFoVCtAi76Nj2Aj/OmYSszklUToAijhc3FTiETt/VYYZmttQXtwlkon4efZ+R0E3qBTnCJU96pPLmSvz7Ai8vF0cf+tAvwkWm+5ANtnj6RSUbY/ZuKiv7DUiNwtVn+bt9iSQO5J0kQ3Ck1jNoePDFdeEr5lh19OOuXTTiGld+BMVcD9qHb+ulfRQ9sXViXiheKM9sgc9JclovWgHDApIBmGhECg/4HDBrwB34i1iCfT64HqbHQQispPRT1BdcbQm8eOUqKqtzax1YZBMT21CQwRi3jCma6l4Owik6S0GZYo9sU5Hhrp9MDW/Uoc9NELqeQ1zoTFQIXTcmt+5rNAsddezXPPGW2datpD49wqECqUMyegF4qUoK67fTKGwji00qwSIHqeP6ksE3wOn8+TaLqgN7A2b8qOl3vpATeQNMdSMIdl8vw6SRhz8ChWesYTeZQ3zZ9cf+gBFdzrw+ILC2Ym/GO6i1M2iAJuI7jU1+4kxgWWoBL9uZelAc3Vd7mOvrzoZmqUiCsFd3UCDi3bz9sg8i0dyrES69a9IXsWc60QKq26mEsreY6Q1HfAMSy8E2N1cMwdIixfh8z5XOuZYMoh3YFxO7Uw3vOZTNybs+CRTtCBc92bH+cvWiokMl1dPms9ykVYbCvs6KPSY1KrEhqke2K1TD4g2wCjVTKb3B34EORwN1zIQSPX+Rld5L11g87LvTbQoG5Pkkp3XZaljVVonmHVhoisyhXbHt2Kh2dtTvzLOCHxz6LwLguDgduudAKEO+FpsJCLmQKqAZ4UTU5UyE3pgnTYT8QmCG7ekVYxdAvJmqlwf6e5gXY0G06ZycF2yTAySHW3uLX6+FHsAarGejqLGc7y7kI0VLjzYTTCYwo3caxeiXy5Y2UQgaB50borne7zhonpdVK8pVdgtpcUSl4tDbCdBI2A/JNcYS7N+GkN4zuRoi/GIIqpEgS9hoVuSeu+2h0fkJ9dw52sNsXteUSXRSsMD+GQLwydJfNRVEMW0x1Ef+GbmlN8MbHYTztDl2W3S3RBqXizL1p0o2qj2GePiS5cvp36SDdFCFiiFdKajqieSWYHa5Gfn2VpQ6p4TbMYkqpmmyEsiyeti8wGI8brV2K28Kmx7YqK4RY+StYV+uKmSuj5EnXgcBAaqWLSjV3HpL05DQYmrH/v0LG9RslVGxpSNbgGU1uFOBTlBU6dbGNTttqtjjXdiLzJD3OUhJ86onmIsLZB5buH9pvChBA++qh3OY1oru20qUn1G7h2OSPhiI3HXJ8yczJEf3NlGHxNKt+k38NZPh3rmFrsjHdYYMcvN0yBGvq5lyXKC8kks0YgRaVdMkBElgL3EN6o17/fWkjLrDhrx5XBuwJ4w13jWSBrpfCQyZtOZcN5m+rIOVIUOw/lQ8Xvu2bONmt311cGpnvSysvn+RahPFrbO3rkEw68Uad7DMn9EvvEaiWuvL+QyXYC94n2QKpUu1yEIy2KjxQiiOmdkwJ6ppZdEQ487fkTR0+WuwSvAbdXW63m37KXScP3Ftu7+WKH63PbqRLWxwRiWrtCCvXEDXPseqqhCZL8cMXyCqYjDk8yLtoYlhVlc6WFeIPmZRKKvQe4zeYj3EwOujI+AB8QzwYIS3gLEll1NfZXX6AT0G65FEo+t0qzOCHpmWgyr2h4ujLWa5/mZ9J0//66rO/yTmzvsd0qcyf9HiXP1NXFmUoD9B/grEN8SZ9RPb7z3sA+Zsk9qvJSLPJkruzMayTRPTj1aBb8Jg/sIjsq9u7SSGEbiYTVh3SotzBeSTprWu3kiq/uKwtpx0+6caV0EWGTrlRL6hHdqbscaxhf59tnekxORyraX+N3Y3nLAF0paJN7dLf1MaYDEJSxBUm8UcCKrUpecVfDcPizqLiDbTWDdVxlHk9vzDwZGTu9bYp4pm5Mp0OIaU3DIW6Rezs46T1NuQcdhQnHGZangzvMwKDwN7oFLlcFX2+OFlWX7tDzkTCjxTIPDJwHBIp/chbv09GDdyXHu4vUp5157u01tDDG9uoOILnmYJlV3h74ftqviOR4Nz9TAQjoZRSMA/BBHrzNKa8dL73mP5Nkc0Tw7j/fszLWrNELUNmyL1MTtiTmT/RyZt2A5U0lD6u1rs78CHjuc5MzPElnMjEmHNeWw6mDQZumxyqWlpLq0WWX4uOwEefWJr3S1teT8GDQGMTMPo4xJiGi4ZA/PV8GanoG1ETIeeBcpuq3+TYi6npvvYo8ccQ4i9IotpVVQ9eL6GST10tUqI8+vDtsfj6sfrUGwDWIa62LUOYiX3Lxj6YhgGCMJbuMXUiiAK192m21KualXEqGr/v44E0HhqNInHdcg12nB41WvBFw4p+uC5L4P0m6ZqZoOdoshFbnze+F2xkPwmw+pTghOXbBqT8sF5oaNXwDv7Tezx8Yx8kE/jtNwFL4aFehZWfcgx2n7gtDN/PR3dMdIFKVcXuEOk8Qk7d5fZI0TyGMrWa8fy5eQcVeJcHq2StoZ3e7P4trCzwZsgGqP5ElW29aiUPkpckFTQeKTIjsU1b3no6v6NKUSWGxdA1vuk5kdYTL4qyogL/Hm9nKQk8JkwT4FeY0J149mwF7w1NKK01c3NUVJgvFpdMZVu6X03XeyOE+Qud7zIJEcf5jlFJ1QFzX3IwOW2DF0mQfFbIXWErpjtaqcZbziVnogsw+gO3woK03aaz0/ptPi8FIwhCA8Rsq3OawoQ2SbtiyawnnL2bfz5V2usyQP3BdtHNMytcWzgzx4uzl3MVNg+JZBWUOyxGRear0xXx4R3bFWSomN6TvZTRwULsTnLZRInoYu/aaBfBteTds3RFi6CFOExCnV8wo+XZrR6vqFrDXIp/i7SvE3NQ4g25S3wQJLC6opglZ6xcW82GHPU0GqXGckvHD+4EKnW2UfbHfWSQ7nPNJnHLnP3kn57p09oHuv7V1ULuKF8d8OkSwz0xg74N6ptJ85gyphjKsAY93WVy3Xz8qHO/0l++a667sLVwEdWyevvMTUnBKHx+yKRKrigXbxnvc7keakbO0nIDMHnttz6BejNUwkM648qE5X8/3DLjfNJ1HEIpbH2ULYd2ugZMZ/oH1lVg5Hq484xSPrYj4GETX6KcFJVb1ATXHu2XNhoYsxV5EbIX7IvCZBhjGXUMdPr4K/3eIwbArUlavuqp0zuZ6xoYqxcqMoqJzFseDJSj7TMO0oLy8qoO6MH1h3yVgMSpbaFRFUv7uC/UxumB3esjy838qrcZ0BbCZ8sDsdcZ83SrsyahnIetsGnPdyhEs3ODfVGp8mDFEYOKJEZYC7CFHdaKNCYE2Swamqjp/Gwbt0+nz66zSQ2tBpQzE8L4WyeMbD3ntUhw8iMewyJniDRMnro8cM2ikLrY6242KJdQM9Cteei9rqqLXvW9i2wbm7Z4OTD/QU518QkfIcipIT++hiqMLLNKGnVbfoxa6YqmVlHcUBBkSGwzDt2OH+vkcnATJCI7q1s1xbjvv3XTB/ltbgv1NaQ/+U1gjcKVC6aQ67OP3Hbpl/ddEKvsVzDr91+/z9FS9ozlMEAaM/XQq/N/7hsvY/Tan+/lVxDOaSjj+/ivh7d90/5VpDX569CC/Q2fTeyacX4uW7DZHf+ZYZxn4EFYH/DCqM+hlUH7J//TsL6E9U/a9HFUL80VCF/oQq5TTZ27swSArndA33fweycAaFWPz/IrK+WvNv+bstf+ewRdN/xX885NM/Qwz/5G3rf+Fl63ml/+0/Y9/qvvv/YlT4Dw== -------------------------------------------------------------------------------- /media/ep01-st01.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/ep01-st01.png -------------------------------------------------------------------------------- /media/ep03-p01.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/ep03-p01.png -------------------------------------------------------------------------------- /media/ep03-p02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/ep03-p02.png -------------------------------------------------------------------------------- /media/ep03-p03.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/ep03-p03.png -------------------------------------------------------------------------------- /media/ep03-p04.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/ep03-p04.png -------------------------------------------------------------------------------- /media/ep03-p05.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/ep03-p05.png -------------------------------------------------------------------------------- /media/ep03-p06.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/ep03-p06.png -------------------------------------------------------------------------------- /media/ep03-p07.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/ep03-p07.png -------------------------------------------------------------------------------- /media/ep03-p08.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/ep03-p08.png -------------------------------------------------------------------------------- /media/ep03-p09.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/ep03-p09.png -------------------------------------------------------------------------------- /media/ep03-p10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/ep03-p10.png -------------------------------------------------------------------------------- /media/ep03-p11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/ep03-p11.png -------------------------------------------------------------------------------- /media/ep03-p12.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/ep03-p12.png -------------------------------------------------------------------------------- /media/ep03-p13.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/ep03-p13.png -------------------------------------------------------------------------------- /media/ep03-p14.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/ep03-p14.png -------------------------------------------------------------------------------- /media/ep03-p15.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/ep03-p15.png -------------------------------------------------------------------------------- /media/ep03-p16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/ep03-p16.png -------------------------------------------------------------------------------- /media/ep03-p17.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/ep03-p17.png -------------------------------------------------------------------------------- /media/ep03-p18.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/ep03-p18.png -------------------------------------------------------------------------------- /media/ep03-p19.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/ep03-p19.png -------------------------------------------------------------------------------- /media/ep03-p20.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/ep03-p20.png -------------------------------------------------------------------------------- /media/ep03-p21.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/ep03-p21.png -------------------------------------------------------------------------------- /media/ep03-p24.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/ep03-p24.png -------------------------------------------------------------------------------- /media/ep03-p27.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/ep03-p27.png -------------------------------------------------------------------------------- /media/ep03-p28.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/ep03-p28.png -------------------------------------------------------------------------------- /media/ep03-p29.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/ep03-p29.png -------------------------------------------------------------------------------- /media/ep03-p30.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/ep03-p30.png -------------------------------------------------------------------------------- /media/ep03-st01.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/ep03-st01.png -------------------------------------------------------------------------------- /media/ep04-st01.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/ep04-st01.png -------------------------------------------------------------------------------- /media/ep05-st01.drawio: -------------------------------------------------------------------------------- 1 | 7VxXl5vYsv41fjxe5PAICBAgECIIoZdZJJGDCCL8+rvpVtsdZI9nHXvunHPc7rCpnau+qq/YIH9CuXISW69J1DqMik8IFE6f0M0nBKFJEvxeBfOzAIZR4lkSt2l4l30VmOkS3YXQXTqkYdS9adjXddGnzVthUFdVFPRvZF7b1uPbZpe6eDtr48XRB4EZeMVHqZOGffIspXDoq3wbpXHyMjMM3WtK76XxXdAlXliPr0Qo/wnl2rrun0vlxEXFqrwXvTz3E75R+2VhbVT1P9IhFeh+76AbWkPsDjn0Rk/3/8KeR7l5xXDf8CeEKMB4bJjeQDFeiy+iSw1mAhvp57t2iOtQv1T8q3uyHQMawFgzfa18NYpXNqBQ+V3zj7iGGMcEv7miHsKXPQL9PW/z7daB+IFCHoj89nfX311/d/3d9X+sK/KGGZC2HqowWqkHAtVjkvaR2XjBWjuCTAHIkr4swBUMil6RxhUoF9FlHWwNwIJXpsWaNGyj4hb1aeCtFWlRcHVRt0Be1VX0ZeLXLHgnxlvU9tH0SnRnRTGqy6hvZ9DkXvvC5fcUBSPv1+NXvidfWD15xfXoS0fvnmPEX4b+SsOgcGfiv8DKxA+y8j+MT/8y/77s6p5YBHfTfnqVO6AwT9Gr9t+nE0edewXF35z9u+vvrr+7/gQy+ib7vGOprm/rPOK+xKyXSPWraIp8S1M48pGmEOIBTSHUr6IpGP7AU+bgV1H/wQD10BdpBZT1cpO+qiluvTAF+ninqlemeGSp1Tz3YwIYebm+z7SOCm6zm7VcTvF6IvHZGzvscwwQ0DxNKQV19bD2j+556Q8MS5E0TBOPDbvaD8CjYO7g6OvmAVTAFtIq3j1dbVDovuxHU4Rel3xB6jeh+BPgRL+DE/UATsgjOEG/Ck74g6znHY5ejJuWT8c2X7S/8/yo0Osu7dMn8/p139claFCsFawX5PFTDHil8cvT17ct2DXPSL2k02oP9mlK5kUKvUhAOfR6YBPm+RIRmir+hHDpkd0bI6SIcc2AL820E96OQYlT1+uUY1zwZ3NMnA0FCmJiF/zhaLhJhDgevLHxydkS/mHRnEJinBN7umS3IoSLHZiBDumW7HZxvOMEPr0yhkAdJS4/njV50xrmoEJT6l55Wj9EdS9rm0N4JTRbWXgYkeNSznG45wS3XQStrovA2JpY6k26vnCJ5GbyJ4TlhOaMJtXShCja3Zaq0iN0KRIv7xQw/dw5dAVtMpVTR2lhLkowxp2w8yXJSsPr3trTom8XrAsVrJ9Pop+PUb87g45LFuY3apcfEE0znHwvaQ6eK1mfaQ5hyy2NTlipdSILny8bnC11W5iJlGcRxhKu+/G6bInuxhIqGYAlMmkSlDp0RmQ0EXjv4mWd58WqXo6gslKefx+IcOGJEM5xw14InFfkxFIN0xZtORWZGOFsN2fdZB+0Gm0eoHArL+FAM/JI0G5/aUNcXFPLXbafuzbaW9ZMp1R5mI7DjQdLSXKKGoKLgY0UcEj2Qp9tp7jeur2PZ0Gq6TFI41dmMggAc3ruL5B3CtFwu8Hnzc52D+J2Ro1CVDlvAQ1vpXbUp1l2tx3TjkBdbDTRoLcNMdNw0d1enJuRc4GkVYVM3tWlUBGiANrtXREzaCiBdsI6I1dvgjFRkNuuDuPd0jRRHB5cBTfMye1qmT+jrDRIHq+YfFO4CZYbtHA9lCcxzncCyhXWQQYAZo9aq1rxwihZ1MvOGEiitiPB7GJ5Uk+DttiLJh3BwoXdhmNPJJolEuhFnlpTM5DNbelJzOCkUKoAKAJvsCJxgxjxLdP23n5q0p01+FsiuK6jn1AwDCoGMUJdzvnK5cyBuVYEnh53pjNVYNwQC/ZWQxaX89VMKMNoL+0g3y63FjnqqHzdH49XAjkhYeUbIDwJWe+ZDpxxhXfrGXZc9RiLR4XoxmGzogKuW6XajGMmnqV5sFQiGKiNVi6XM92FYavfaBNMCkgGYSEPdD7D3oAfAO6Eo88S6OHM1Qbb8IRvhK0ToqpkKkXoBBGRZVN50ceBQS5qZBAKwhP9hDFVSQXTQiBFrTMok8yhvhrSU42FyTcjtRhNwUe2XTA7GgMVfMWN8Ym7JIouz+olVuz2WO11gw+dUwZChZR6pH8D8VLYSpZTdB4/tiXUywSIHquN8p0Pn1yzsre5kVAT8A2Dcvwhn2pXDrcToskXhmTj+dCICrFsRiixtcGzd6MXX6t6URvIP9GuvUkonO02O80apLwYJKATwTpE+7pj9kAzVIgfpjQ1oT47DKe2VkeV9PapJPDuSZ5Ag51ytGd/vxaXcBmJaKpv/nYUYq4SKCw77iVva59bWlEBVbH0QADv5oreRUo88a6nPlMxU9+CeAfm5eRqb3mHuKvakG2vZIQmhGUdjSC+GUrSkd5wq8n9NR3E0YC8OncTNSCVLDRgqgZ6q+QFojUwS9aT0emML24M+80hdXlSPj3RVVyLO3i/m+fCH6SJCWPRiPM0VbEsykNM3zH+Aek8o9qUQqIY01U9MGYLbLOoGwsEwcaqxhMBQh2wtVCIRMCBVAG/JGZAZVJPqK6+6kzAOwgurJSWMXZwyeNe5mpftRr9oBWY0qWNZZFpqJFsa3BP8fMmGQ3oFqhRKygbbmMNZKF7wwZ4EwyWcCTn3ILomwV21hEIGruVFeHxHEy4IB8G2S5SGbZScdCFYWcS00rQCPCH8BBg0aXuWg/uL1t/CnCfIrJQgndeouqifKqms03EK9dw6yMcoboeUClUUs0G+GQTzSFJvFVlEMWU85Iv+LSPKado2MuRX0OXbZRhdUSoftB1QzV9f6LKa4ALN3W7W/uHl8YfyASlkGpvyvKKZJanpu21sg3FTVXbdCetE+SLIm2HUNyOg7FxQYxX9cIot6PElismkqN/TlmDr5ujLMrjWVCJ80JgoIpFK3oUhnpnFhQUWuoyd9f06IdTpl2YtFB1gNLcmyk3JmhqNQuDWtV0MPX2RMzJRRPmbRMTa1SPMJbmyTjW8XqSNp4IN46sLOa5GzOjLDJSvvrWCfZJeGcgQVWHTB/2vuOe2EJtQ0o16Cfw5leTusY6OyMVVmgBy/VdI/iOqlzCYQXllRj8FiOiKukgzQ8BewlPVLs/nUpdvOgn0GiTNqsD1sR+DHqFpJHKQXyt35sdvjGYOs1dWaI9r19k/BTbRm+g++pwq+BIDeutNDnOjs9XFtbX0bkQww8UuT95aXz2He3WEodaHcih2wF9BXMjZjKdjo3rpclECz5EVWbLAJ/JxZtIQ+cTvvj+1eIO7s3FDdlQ837WjSFTcPXGltZ8HqF8dXu5o8pAYzRdlWjemLgGzh0blWTeN26m4F3BUoTmSsZJmcOixAyWeN7voO019AVHgaxreBZOKwasLd4CHhDWBAsKNzogtsthr47b0V8B/YRrgcQDPd1nawRdMy2GlQ0b59tcjuN4TfrW77/pwBDFH5wXYr8ocSb/hxLn7DlxZiKA/TP4yxNfEmfUiY4b+2wsW8pYqXGXDttuP7Izo5BMceXkpZTwI99YZ3fJrJNFS6GmhTaWE/oxU7x4IOmwKO2jLbCqI0msERTlzO31HQ8LbD5SfB1uzJybsYJxhE15LU/hikhpmlP8pE1POeANJXUSr066uqY0QGIROi/KRwoYkZWpXcxKeGwsOnXikenIs9YtDfzOqjdnBkZW6+tCfJEm8yJBg6V17rKdfHm3DlbZinR0Kw7jkzUuiwm33g+DwlXjzriYaZtsOt+wNC2vuo2sCSV+UWDvSkCwsAlP/Em82rBqxji3s+uIsw61UUYGhuztvIKIKjzv91ReLeq8GJaMx7jfXCMN8+iwFTQX8EPg39YorSw3td7Y5IaNEcU24mC+rLl2FvmIXHplEu1xo2PWZD9G+skd1lRSE2vjUMw3d4MtZrjmZ+FWuGidCivSouduo/TiedymuhSp4qSn3nk3E+TBIZ7pairJ/twoDLK/2BildbxPwym72I4M9nR19YnY4q69E/3j6Bx5v6q5/iTUyBLEIEKP2JDqCZUPlnOBxFo86KlvO9liOO1ycPzRdadGiAJV8CsTscOjvQwV4TatL8JlcEMSCXDlzSgvk5RO8oFE6Kw+nddEkF+y6EoHOch1SnB5UDMe59flWiC5r92oGnoqp91ZZ0hpWzk1f1zjIfiJm0gleDNPWLmmtwlmeYWTAOvNx32Nta3vgHFMs+AofNQyMLI0zm6M08YOoYv+6szojJEoSlkbiVv2JCYqp3q3VTieXKaUtes2vfEX7iASZs1mYdmj0+maHEr4WgAHyGZ/223lstQpdHsVOLfIIOFKkRWKqvb1XGV1FFEhLJSWhg2nbn9ZvLBxRplHbsLRqrduTPKdDjsUZBd7OD8XDXaDu5KWzDo7yhFKEoxDoz0uGyWlzo55CeIQ6fM5dkPRdJp+G6EdaqH7ebkATcwYOvSNtC/5UuerZdSzmGXs5JjaILN3oRO8SCNNGmPen7tV4/CQMATPn1vKMTgsST1k6qaL33n9FLNP95enbX4JY9e60drSDV2ZXCvIhqejeRIuEgwfL9ClIFmi2+9ytdjfbMI/YaUYERNTV1srNFE4Ea5HTyQ3NLSrJwXk2/C4NxxNgMUd3/lIEFH1RsK7XdHqVT2QuQI51OYkU5ujHLiQsd9OjQ625madD430iAtxMsO2LYNUOb+Q8MA5jQWtZt06wN1ZM1zM9Zb+wpFzb6+Ub53YBTrVylz56SDsGOfpJpJlehpjG9xeO81rziCLGGNJQFnH8ZZv82vmwJV62zr7cVZnC85cOtBXXrkJ0b4LzQ1mZCSSJWe0Cua4nokoJrf6vALyYsJ9uU59Y5SC8beMtW1ks8o39dlIJ8UhUUQnhvPagp9nvaG2jHNG62yfmRwtn4MI9/Xd/twIqFZ3IU7K8g4qktVn1415FsYcBK6FNs3FLkKkaWMRNZ3owDvTMfC8IkGtbVYdlHUlhzU2ZAGWThQFpb3QJhsy265pmLKkuxvlUifGcfWTqA0atRXLEeFlpzoAfyYnzPCOl9g7HdODdugBbDq8MSoVsa5HSjkwcupu1bJ0Oftm8ruqMY+y3l73MERh4BbFT13cQojsSGsZAiviFtxV5cFVWzYWHV2vztg1pNJUSpM0110iDbZ2NuYaVeGFCDUjDYiNRqLk4VxjGm2miZL707LThbyAzoll9EmuV9RY1yVsGOC+u2bdlQ/UCN/cICLacChKduy5CqAMT6OQ7kZVpwcjY7KS3aooDjAgMByGKcsM16fZXwmQ4QvBys3hUHLc33bA/DCtwX/V8TL6Ia+Rqj5qnw6YIdHro9Gbf+yo+d1pK/gnrAv51hH063Ne0BzcHUAs/uFk+N74zYntn+ZV3z8vDqJ1gx+fR3zvwPtDwtXU6ToKfwODdfdBHp6Kp3dt/hHfdflrT5xhkv6Mo29TZ/ojxrAHh87YTzhzZnB7XyMdZKCyKHakVio+9q+PmXIUxtGLeuu2T+q4rryC/ypl3z5N+tpmV6+2fFJ3FvX9fDeaN/T1W4t2vdf2zPpy4mrywuu6NHgRC2nx0uybKu/qoQ2i7+zq5UVJr42j/nvt7g3XPX/Xgm1UeH16e/tO5CNj3LvqKwS/Wh7Fyc8kBNMUTRIkcD7qDQgI8p11n9d9H+OrgYHGVn//0uwJ5923Z/3y4OtlHvTdC5J/0h6nyXf4el7BV7R90dAPAXCcCL2ImwsjElk9eAU3jOb/DwB/KrIebuvXAOsvI4B+hzTiTxDwrv3Laz8/CwHfU+krltsDXgE6jrr+4xNvpvQWwCgItEurYQJ/kY9teG4dUKpAQKmCqPsxivzVNPaAgdDPUYB8pFsBp3AU+zY7/wwqIgAVvYUGjH1gIgL6DD1IeEj0F5HRg+fpd1MyKvht1MCAf0O6w5EwCgv/felOWxc/CT7o+1T5wcNzAB6EfJAt/4RDwIcRF//HEsn3COJPiQT92UTybyn5o4N+icdPnyJwvD5IPgZkr/Da8tP66ZP2YyWn26BKrau0r9t0PQOFHr3o9Ov9nuVgFCf++/z+Wfs/x/EJ4vMLUbzLKd74PvXR8V9kPx2TxH+W46M/6PjYP8rxPx5FvDj+h+RrxSPbpuu6P1S2wwMKv2exoIyz4BvAiXv+wUEtt0o+I/gD4SMZ+VEIf2wG/sCPZngvfCQjPwrhj83Wq5dVvxU+kpH4xxW/7w0/6A2/642vD/j+rci4pp8ohlHIq7pN2oKBngNctfrKD4fO10/L/nHx83GOFD078PNrkiy4fPTCZLRi3H/G+E96ovruVh0nX/Lz15/CQH9NMv69+PPa458+LWjOXR+V3UrZXuXF0QNGl6ogDaOnG8svbX77/K/0+d/q/B1C/7NCaPccRv4o7wHip4TRlxPOvyWMrm+ifvnw+vNh2Nf/AgDl/w8= -------------------------------------------------------------------------------- /media/ep05-st01.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/ep05-st01.png -------------------------------------------------------------------------------- /media/episode-02-step-00-overview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-02-step-00-overview.png -------------------------------------------------------------------------------- /media/episode-03-account-id.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-03-account-id.png -------------------------------------------------------------------------------- /media/episode-03-app-overview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-03-app-overview.png -------------------------------------------------------------------------------- /media/episode-03-cloudshell-describe.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-03-cloudshell-describe.png -------------------------------------------------------------------------------- /media/episode-03-cloudshell-upload.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-03-cloudshell-upload.png -------------------------------------------------------------------------------- /media/episode-03-command-parameters.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-03-command-parameters.png -------------------------------------------------------------------------------- /media/episode-03-compliance-tab.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-03-compliance-tab.png -------------------------------------------------------------------------------- /media/episode-03-custom-application.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-03-custom-application.png -------------------------------------------------------------------------------- /media/episode-03-debug.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-03-debug.png -------------------------------------------------------------------------------- /media/episode-03-example-explorer.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-03-example-explorer.png -------------------------------------------------------------------------------- /media/episode-03-explorer-configure.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-03-explorer-configure.png -------------------------------------------------------------------------------- /media/episode-03-get-process.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-03-get-process.png -------------------------------------------------------------------------------- /media/episode-03-initial-setup.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-03-initial-setup.png -------------------------------------------------------------------------------- /media/episode-03-kms-policy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-03-kms-policy.png -------------------------------------------------------------------------------- /media/episode-03-logs-tab.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-03-logs-tab.png -------------------------------------------------------------------------------- /media/episode-03-message.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-03-message.png -------------------------------------------------------------------------------- /media/episode-03-monitoring-tab.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-03-monitoring-tab.png -------------------------------------------------------------------------------- /media/episode-03-opsitem-details.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-03-opsitem-details.png -------------------------------------------------------------------------------- /media/episode-03-opsitems-tab.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-03-opsitems-tab.png -------------------------------------------------------------------------------- /media/episode-03-performance-counters.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-03-performance-counters.png -------------------------------------------------------------------------------- /media/episode-03-pid.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-03-pid.png -------------------------------------------------------------------------------- /media/episode-03-powershell-session.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-03-powershell-session.png -------------------------------------------------------------------------------- /media/episode-03-resource-group.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-03-resource-group.png -------------------------------------------------------------------------------- /media/episode-03-resources-tab.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-03-resources-tab.png -------------------------------------------------------------------------------- /media/episode-03-runbook-results.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-03-runbook-results.png -------------------------------------------------------------------------------- /media/episode-03-runbook-tab.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-03-runbook-tab.png -------------------------------------------------------------------------------- /media/episode-03-security-group.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-03-security-group.png -------------------------------------------------------------------------------- /media/episode-03-session-preferences.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-03-session-preferences.png -------------------------------------------------------------------------------- /media/episode-03-set-registry.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-03-set-registry.png -------------------------------------------------------------------------------- /media/episode-03-start-session.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-03-start-session.png -------------------------------------------------------------------------------- /media/episode-03-step-00-overview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-03-step-00-overview.png -------------------------------------------------------------------------------- /media/episode-03-step-03-application-visibility.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-03-step-03-application-visibility.png -------------------------------------------------------------------------------- /media/episode-03-tags.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-03-tags.png -------------------------------------------------------------------------------- /media/episode-03-target-instance.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-03-target-instance.png -------------------------------------------------------------------------------- /media/episode-03-troubleshoot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-03-troubleshoot.png -------------------------------------------------------------------------------- /media/episode-03-userdata.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-03-userdata.png -------------------------------------------------------------------------------- /media/episode-03-view-counters.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-03-view-counters.png -------------------------------------------------------------------------------- /media/episode-03-windows-ami.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-03-windows-ami.png -------------------------------------------------------------------------------- /media/episode-04-link.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-04-link.png -------------------------------------------------------------------------------- /media/episode-05-step-01-prepare.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-05-step-01-prepare.png -------------------------------------------------------------------------------- /media/episode-05-step-02-mitigate-respond.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-05-step-02-mitigate-respond.png -------------------------------------------------------------------------------- /media/episode-05-step-03-post-incident.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-05-step-03-post-incident.png -------------------------------------------------------------------------------- /media/episode-05.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/episode-05.png -------------------------------------------------------------------------------- /media/fleet-manager-kms.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/fleet-manager-kms.png -------------------------------------------------------------------------------- /media/github-raw.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/github-raw.png -------------------------------------------------------------------------------- /media/iam-add-user.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/iam-add-user.png -------------------------------------------------------------------------------- /media/iam-console-link.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/iam-console-link.png -------------------------------------------------------------------------------- /media/iam-console-sign-in.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/iam-console-sign-in.png -------------------------------------------------------------------------------- /media/image23.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/image23.png -------------------------------------------------------------------------------- /media/image24.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/image24.png -------------------------------------------------------------------------------- /media/incident-annotations.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/incident-annotations.png -------------------------------------------------------------------------------- /media/incident-create-analysis-window.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/incident-create-analysis-window.png -------------------------------------------------------------------------------- /media/incident-create-analysis.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/incident-create-analysis.png -------------------------------------------------------------------------------- /media/incident-custom-event.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/incident-custom-event.png -------------------------------------------------------------------------------- /media/incident-detection-question.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/incident-detection-question.png -------------------------------------------------------------------------------- /media/incident-generated-opsitem.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/incident-generated-opsitem.png -------------------------------------------------------------------------------- /media/incident-recommendations.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/incident-recommendations.png -------------------------------------------------------------------------------- /media/incident-relative-timeframe.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/incident-relative-timeframe.png -------------------------------------------------------------------------------- /media/incident-timeframe-edit.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/incident-timeframe-edit.png -------------------------------------------------------------------------------- /media/instance-iam-role.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/instance-iam-role.png -------------------------------------------------------------------------------- /media/inventory-bucket-policy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/inventory-bucket-policy.png -------------------------------------------------------------------------------- /media/parameter-create.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/parameter-create.png -------------------------------------------------------------------------------- /media/patch-add-exceptions.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/patch-add-exceptions.png -------------------------------------------------------------------------------- /media/patch-add-group.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/patch-add-group.png -------------------------------------------------------------------------------- /media/patch-create-baseline.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/patch-create-baseline.png -------------------------------------------------------------------------------- /media/patch-dashboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/patch-dashboard.png -------------------------------------------------------------------------------- /media/patch-export-report.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/patch-export-report.png -------------------------------------------------------------------------------- /media/patch-install-now.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/patch-install-now.png -------------------------------------------------------------------------------- /media/patch-modify-group.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/patch-modify-group.png -------------------------------------------------------------------------------- /media/patch-never-reported.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/patch-never-reported.png -------------------------------------------------------------------------------- /media/patch-now-results-install.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/patch-now-results-install.png -------------------------------------------------------------------------------- /media/patch-now-results.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/patch-now-results.png -------------------------------------------------------------------------------- /media/patch-patch-group.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/patch-patch-group.png -------------------------------------------------------------------------------- /media/patch-s3-report.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/patch-s3-report.png -------------------------------------------------------------------------------- /media/patch-scan-now.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/patch-scan-now.png -------------------------------------------------------------------------------- /media/patch-view-baseline.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/patch-view-baseline.png -------------------------------------------------------------------------------- /media/prepare-create-contact.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/prepare-create-contact.png -------------------------------------------------------------------------------- /media/prepare-create-escalated-contact.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/prepare-create-escalated-contact.png -------------------------------------------------------------------------------- /media/prepare-escalation-plan.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/prepare-escalation-plan.png -------------------------------------------------------------------------------- /media/prepare-response-plan.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/prepare-response-plan.png -------------------------------------------------------------------------------- /media/quick-setup-config-drilldown.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/quick-setup-config-drilldown.png -------------------------------------------------------------------------------- /media/quick-setup-config-options.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/quick-setup-config-options.png -------------------------------------------------------------------------------- /media/quick-setup-config-recording.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/quick-setup-config-recording.png -------------------------------------------------------------------------------- /media/quick-setup-create.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/quick-setup-create.png -------------------------------------------------------------------------------- /media/quick-setup-drilldown.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/quick-setup-drilldown.png -------------------------------------------------------------------------------- /media/quick-setup-get-started.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/quick-setup-get-started.png -------------------------------------------------------------------------------- /media/quick-setup-host-mgmt.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/quick-setup-host-mgmt.png -------------------------------------------------------------------------------- /media/resource-data-sync-contents.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/resource-data-sync-contents.png -------------------------------------------------------------------------------- /media/resource-data-sync-individual.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/resource-data-sync-individual.png -------------------------------------------------------------------------------- /media/review-template-disabled.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/review-template-disabled.png -------------------------------------------------------------------------------- /media/run-command-details.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/run-command-details.png -------------------------------------------------------------------------------- /media/run-command-invocation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/run-command-invocation.png -------------------------------------------------------------------------------- /media/schedule-patching-operations.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/schedule-patching-operations.png -------------------------------------------------------------------------------- /media/ssm-aws-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/ssm-aws-logo.png -------------------------------------------------------------------------------- /media/state-association-configure-details.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/state-association-configure-details.png -------------------------------------------------------------------------------- /media/state-association-configure-parameters.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/state-association-configure-parameters.png -------------------------------------------------------------------------------- /media/state-association-details.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/state-association-details.png -------------------------------------------------------------------------------- /media/state-execution-detail.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/state-execution-detail.png -------------------------------------------------------------------------------- /media/state-explorer.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/state-explorer.png -------------------------------------------------------------------------------- /media/state-multi-account.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/state-multi-account.png -------------------------------------------------------------------------------- /media/tear-down.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/media/tear-down.png -------------------------------------------------------------------------------- /misc/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/misc/.DS_Store -------------------------------------------------------------------------------- /misc/association_configuration.json: -------------------------------------------------------------------------------- 1 | { 2 | "Name": "[DOCUMENT-NAME]", 3 | "Parameters": { 4 | "AutomationAssumeRole": [ 5 | "arn:aws:iam::[ACCOUNT-ID]:role/AWS-SystemsManager-AutomationAdministrationRole" 6 | ], 7 | "ResourceGroupName": [ 8 | "ManagedInstances" 9 | ], 10 | "RebootOption": [ 11 | "NoReboot" 12 | ], 13 | "Operation": [ 14 | "Scan" 15 | ] 16 | }, 17 | "ScheduleExpression": "cron(30 09 ? * * *)", 18 | "AssociationName": "SSMWorkshop-MultiAccountPatch", 19 | "ComplianceSeverity": "MEDIUM", 20 | "SyncCompliance": "AUTO", 21 | "ApplyOnlyAtCronInterval": true, 22 | "TargetLocations": [ 23 | { 24 | "Accounts": [ 25 | "[ACCOUNT-ID]" 26 | ], 27 | "Regions": [ 28 | "us-east-1" 29 | ], 30 | "TargetLocationMaxConcurrency": "1", 31 | "TargetLocationMaxErrors": "1", 32 | "ExecutionRoleName": "AWS-SystemsManager-AutomationExecutionRole" 33 | } 34 | ] 35 | } -------------------------------------------------------------------------------- /misc/loop-and-stress.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | ** DO NOT Kill this script. It is very critical to the worldwide deployment of our new trading platform 3 | ** This script is loggin data to benchmark deployment times and may consume lots of CPU; If this becomes an issue 4 | ** you can turn off logging by changing the registry key HKLM\SOFTWARE\SampleApp\CrazyLogs from 1 to 0 5 | #> 6 | 7 | $result = 1 8 | $number = 1 9 | $path="C:\logfile.log" 10 | Get-ItemProperty -Path HKLM:\SOFTWARE\SampleApp -Name "CrazyLogs" 11 | $a = Get-ItemPropertyValue 'HKLM:\SOFTWARE\SampleApp' -Name CrazyLogs 12 | 13 | While ($a -eq 1) { 14 | $result = $result * $number 15 | $number++ 16 | $SampleString = "Added sample {0} at {1}" -f $result,(Get-Date).ToString("h:m:s") 17 | Add-Content -Path $path -Value $SampleString -Force 18 | $a = Get-ItemPropertyValue 'HKLM:\SOFTWARE\SampleApp' -Name CrazyLogs 19 | } -------------------------------------------------------------------------------- /misc/put_metric_alarm.json: -------------------------------------------------------------------------------- 1 | { 2 | "AlarmName": "[INSTANCE_ID]-BurstableInstanceCPUCreditBalanceLow", 3 | "AlarmDescription": "Burstable instance type cpu credit balance approaching zero", 4 | "ActionsEnabled": true, 5 | "AlarmActions": [ 6 | "arn:aws:ssm:us-east-1:[ACCOUNT_ID]:opsitem:2#CATEGORY=Cost" 7 | ], 8 | "MetricName": "CPUCreditBalance", 9 | "Namespace": "AWS/EC2", 10 | "Statistic": "Average", 11 | "Dimensions": [ 12 | { 13 | "Name": "InstanceId", 14 | "Value": "[INSTANCE_ID]" 15 | } 16 | ], 17 | "Period": 300, 18 | "EvaluationPeriods": 1, 19 | "Threshold": 5, 20 | "ComparisonOperator": "LessThanThreshold", 21 | "Tags": [ 22 | { 23 | "Key": "SSMWorkshop", 24 | "Value": "true" 25 | } 26 | ] 27 | } -------------------------------------------------------------------------------- /misc/userdata.ps1: -------------------------------------------------------------------------------- 1 | 2 | $url="https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/main/misc/loop-and-stress.ps1" 3 | Invoke-WebRequest $url -OutFile "c:\loop-and-stress.ps1" 4 | New-Item -Path HKLM:\SOFTWARE -Name \"SampleApp\" 5 | Set-ItemProperty -Path HKLM:\SOFTWARE\SampleApp -Type DWORD -Name CrazyLogs -Value 1 6 | $trigger = New-JobTrigger -AtStartup -RandomDelay 00:00:30 7 | Register-ScheduledJob -Trigger $trigger -FilePath c:\loop-and-stress.ps1 -Name StressCPU 8 | Restart-Computer 9 | -------------------------------------------------------------------------------- /operational_excellence/cfntemplates/oe-workshop-episode-01.yml: -------------------------------------------------------------------------------- 1 | #* 2 | #* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | #* SPDX-License-Identifier: MIT-0 4 | #* 5 | #* Permission is hereby granted, free of charge, to any person obtaining a copy of this 6 | #* software and associated documentation files (the "Software"), to deal in the Software 7 | #* without restriction, including without limitation the rights to use, copy, modify, 8 | #* merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 9 | #* permit persons to whom the Software is furnished to do so. 10 | #* 11 | #* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 12 | #* INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 13 | #* PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 14 | #* HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 15 | #* OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 16 | #* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 17 | #* 18 | 19 | #------------------------------------------------------------------------------ 20 | # 21 | # Template: oe-workshop-episode-01.yaml 22 | # Purpose: AWS CloudFormation template to launch a test EC2 instance 23 | # 24 | # 25 | #------------------------------------------------------------------------------ 26 | 27 | AWSTemplateFormatVersion: '2010-09-09' 28 | Description: AWS CloudFormation template to launch a test EC2 instance 29 | 30 | #----------------------------------------------------------- 31 | # Parameters 32 | #----------------------------------------------------------- 33 | Parameters : 34 | LatestAmazonLinuxAmiId : 35 | # Use public Systems Manager Parameter 36 | Type : 'AWS::SSM::Parameter::Value' 37 | Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2' 38 | 39 | Resources: 40 | 41 | #------------------------------------------------- 42 | # IAM role and instance profile to enable Systems Manager registration on EC2 instances 43 | #------------------------------------------------- 44 | ManagedInstanceRole: 45 | Type: AWS::IAM::Role 46 | Properties: 47 | AssumeRolePolicyDocument: 48 | Version: '2012-10-17' 49 | Statement: 50 | - Effect: Allow 51 | Principal: 52 | Service: 53 | - ec2.amazonaws.com 54 | Action: sts:AssumeRole 55 | ManagedPolicyArns: 56 | - arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore 57 | - arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy 58 | - arn:aws:iam::aws:policy/CloudWatchAgentAdminPolicy 59 | Path: "/" 60 | RoleName: !Join [ '-', ['AmazonSSMManagedInstanceCore', !Ref 'AWS::Region'] ] 61 | 62 | ManagedInstanceProfile: 63 | Type: AWS::IAM::InstanceProfile 64 | Properties: 65 | Path: "/" 66 | Roles: 67 | - !Ref ManagedInstanceRole 68 | InstanceProfileName: !Sub 'ManagedInstanceProfile-${AWS::Region}' 69 | 70 | #------------------------------------------------- 71 | # VPC and required resources to enable network connectivity to AWS Systems Manager 72 | #------------------------------------------------- 73 | VPC: 74 | Type: 'AWS::EC2::VPC' 75 | Properties: 76 | CidrBlock: 10.0.0.0/16 77 | EnableDnsSupport: true 78 | EnableDnsHostnames: true 79 | InstanceTenancy: default 80 | Tags: 81 | - Key: Name 82 | Value: OE-Workshop-CFN 83 | InternetGateway: 84 | Type: 'AWS::EC2::InternetGateway' 85 | Properties: 86 | Tags: 87 | - Key: Name 88 | Value: OE-Workshop-CFN 89 | VPCGatewayAttachment: 90 | Type: 'AWS::EC2::VPCGatewayAttachment' 91 | Properties: 92 | VpcId: !Ref VPC 93 | InternetGatewayId: !Ref InternetGateway 94 | SubnetPublic: 95 | Type: 'AWS::EC2::Subnet' 96 | Properties: 97 | AvailabilityZone: !Select [0, !GetAZs ''] 98 | CidrBlock: 10.0.0.0/20 99 | MapPublicIpOnLaunch: true 100 | VpcId: !Ref VPC 101 | Tags: 102 | - Key: Name 103 | Value: OE-Workshop-CFN 104 | RouteTablePublic: 105 | Type: 'AWS::EC2::RouteTable' 106 | Properties: 107 | VpcId: !Ref VPC 108 | Tags: 109 | - Key: Name 110 | Value: OE-Workshop-CFN 111 | RouteTableAssociationPublic: 112 | Type: 'AWS::EC2::SubnetRouteTableAssociation' 113 | Properties: 114 | SubnetId: !Ref SubnetPublic 115 | RouteTableId: !Ref RouteTablePublic 116 | RouteTablePublicInternetRoute: 117 | Type: 'AWS::EC2::Route' 118 | DependsOn: VPCGatewayAttachment 119 | Properties: 120 | RouteTableId: !Ref RouteTablePublic 121 | DestinationCidrBlock: '0.0.0.0/0' 122 | GatewayId: !Ref InternetGateway 123 | NetworkAclPublic: 124 | Type: 'AWS::EC2::NetworkAcl' 125 | Properties: 126 | VpcId: !Ref VPC 127 | Tags: 128 | - Key: Name 129 | Value: OE-Workshop-CFN 130 | SubnetNetworkAclAssociationPublic: 131 | Type: 'AWS::EC2::SubnetNetworkAclAssociation' 132 | Properties: 133 | SubnetId: !Ref SubnetPublic 134 | NetworkAclId: !Ref NetworkAclPublic 135 | NetworkAclEntryInPublicAllowAll: 136 | Type: 'AWS::EC2::NetworkAclEntry' 137 | Properties: 138 | NetworkAclId: !Ref NetworkAclPublic 139 | RuleNumber: 100 140 | Protocol: -1 141 | RuleAction: allow 142 | Egress: false 143 | CidrBlock: '0.0.0.0/0' 144 | NetworkAclEntryOutPublicAllowAll: 145 | Type: 'AWS::EC2::NetworkAclEntry' 146 | Properties: 147 | NetworkAclId: !Ref NetworkAclPublic 148 | RuleNumber: 100 149 | Protocol: -1 150 | RuleAction: allow 151 | Egress: true 152 | CidrBlock: '0.0.0.0/0' 153 | InstanceSecurityGroup: 154 | Type: AWS::EC2::SecurityGroup 155 | Properties: 156 | GroupDescription: "Security Group for SSM Workshop test instances" 157 | GroupName: OE-Workshop-CFN 158 | SecurityGroupEgress: 159 | - IpProtocol: -1 160 | FromPort: 0 161 | ToPort: 65535 162 | CidrIp: 0.0.0.0/0 163 | Tags: 164 | - Key: Name 165 | Value: OE-Workshop-CFN 166 | VpcId: !Ref VPC 167 | 168 | #------------------------------------------------- 169 | # One Amazon Linux 2 EC2 instances using the latest AMI for Amazon Linux 2 170 | #------------------------------------------------- 171 | LinuxEc2InstanceOne: 172 | Type: AWS::EC2::Instance 173 | Properties: 174 | InstanceType: t2.micro 175 | ImageId: !Ref LatestAmazonLinuxAmiId 176 | NetworkInterfaces: 177 | - AssociatePublicIpAddress: "true" 178 | DeviceIndex: "0" 179 | GroupSet: 180 | - Ref: "InstanceSecurityGroup" 181 | SubnetId: 182 | Ref: "SubnetPublic" 183 | IamInstanceProfile: !Sub 'ManagedInstanceProfile-${AWS::Region}' 184 | Tags: 185 | - Key: Name 186 | Value: TestAmazonLinuxInstance -------------------------------------------------------------------------------- /operational_excellence/cfntemplates/workshop-config-prerequisites.yml: -------------------------------------------------------------------------------- 1 | Resources: 2 | ConformancePackServiceLinkedRole: 3 | Type: AWS::IAM::ServiceLinkedRole 4 | Properties: 5 | AWSServiceName: config-conforms.amazonaws.com 6 | Description: Service Linked Role for AWS Config Conforms 7 | 8 | S3OperationsAutomationsExecutionRole: 9 | Type: "AWS::IAM::Role" 10 | Properties: 11 | RoleName: S3OperationsAutomationsExecutionRole 12 | AssumeRolePolicyDocument: 13 | Version: "2012-10-17" 14 | Statement: 15 | - 16 | Effect: "Allow" 17 | Principal: 18 | Service: 19 | - "ssm.amazonaws.com" 20 | Action: 21 | - "sts:AssumeRole" 22 | Path: "/" 23 | 24 | S3OperationsAutomationExecutionRolePolicies: 25 | Type: "AWS::IAM::Policy" 26 | Properties: 27 | PolicyName: "S3OperationsAutomationsExecutionRolePolicy" 28 | PolicyDocument: 29 | Version: "2012-10-17" 30 | Statement: 31 | - 32 | Effect: "Allow" 33 | Action: "s3:*" 34 | Resource: "*" 35 | Roles: 36 | - 37 | Ref: "S3OperationsAutomationsExecutionRole" 38 | SSMConfigEC2LabRole: 39 | Type: AWS::IAM::Role 40 | Properties: 41 | RoleName: WorkshopEC2SSMRole 42 | AssumeRolePolicyDocument: 43 | Version: '2012-10-17' 44 | Statement: 45 | - Effect: Allow 46 | Principal: 47 | Service: ec2.amazonaws.com 48 | Action: sts:AssumeRole 49 | ManagedPolicyArns: 50 | - arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM 51 | SSMConfigEC2LabProfile: 52 | Type: AWS::IAM::InstanceProfile 53 | Properties: 54 | Roles: 55 | - !Ref 'SSMConfigEC2LabRole' 56 | Path: / 57 | InstanceProfileName: WorkshopEC2SSMRole 58 | S3LoggingBucket: 59 | Type: "AWS::S3::Bucket" 60 | Properties: 61 | BucketName: !Sub 's3serversideloggingbucket-${AWS::AccountId}' 62 | AccessControl : "LogDeliveryWrite" 63 | 64 | ConformancePackDeliveryBucket: 65 | Type: "AWS::S3::Bucket" 66 | Properties: 67 | BucketName: !Sub 'awsconfigconforms-delivery-bucket-${AWS::AccountId}' 68 | 69 | ConformancePackDeliveryBucketPolicy: 70 | DependsOn: ConformancePackServiceLinkedRole 71 | Type: AWS::S3::BucketPolicy 72 | Properties: 73 | Bucket: 74 | Ref: "ConformancePackDeliveryBucket" 75 | PolicyDocument: 76 | Version: '2012-10-17' 77 | Statement: 78 | - 79 | Sid: AWSConfigConformsBucketPermissionsCheck 80 | Effect: Allow 81 | Principal: 82 | AWS: 83 | - !Sub 'arn:aws:iam::${AWS::AccountId}:role/aws-service-role/config-conforms.amazonaws.com/AWSServiceRoleForConfigConforms' 84 | Action: 's3:GetBucketAcl' 85 | Resource: !Sub 'arn:aws:s3:::awsconfigconforms-delivery-bucket-${AWS::AccountId}' 86 | - 87 | Sid: AWSConfigConformsBucketDelivery 88 | Effect: Allow 89 | Principal: 90 | AWS: 91 | - !Sub 'arn:aws:iam::${AWS::AccountId}:role/aws-service-role/config-conforms.amazonaws.com/AWSServiceRoleForConfigConforms' 92 | Action: 's3:PutObject' 93 | Resource: !Sub 'arn:aws:s3:::awsconfigconforms-delivery-bucket-${AWS::AccountId}/*' 94 | Condition: 95 | StringEquals: 96 | 's3:x-amz-acl': bucket-owner-full-control 97 | - 98 | Sid: ' AWSConfigConformsBucketReadAccess' 99 | Effect: Allow 100 | Principal: 101 | AWS: 102 | - !Sub 'arn:aws:iam::${AWS::AccountId}:role/aws-service-role/config-conforms.amazonaws.com/AWSServiceRoleForConfigConforms' 103 | Action: 's3:GetObject' 104 | Resource: !Sub 'arn:aws:s3:::awsconfigconforms-delivery-bucket-${AWS::AccountId}/*' 105 | 106 | UnusedEBSVolume: 107 | Type: AWS::EC2::Volume 108 | Properties: 109 | Size: 10 110 | VolumeType: gp3 111 | AvailabilityZone: !Select 112 | - 0 113 | - Fn::GetAZs: !Ref 'AWS::Region' 114 | -------------------------------------------------------------------------------- /operational_excellence/episode-01-step-00-overview.md: -------------------------------------------------------------------------------- 1 | # Episode 01: Using AWS Systems Manager as a Foundation for Operationally Excellent Workloads 2 | 3 | ![](/operational_excellence/media/ssm-aws-logo.png) 4 | 5 | NOTE: You will incur charges as you go through either of these workshops, as they will exceed the [limits of AWS free tier](http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/free-tier-limits.html). 6 | 7 | ## Table of Contents 8 | 9 | - [Summary](#summary) 10 | - [Learning Objectives](#learning-objectives) 11 | - [Gettting Started](#getting-started) 12 | 13 | ## Summary 14 | 15 | AWS Systems Manager plays a key role in enabling operational excellence. AWS Systems Manager allows our customers to manage and enable the collection of operational telemetry from EC2 Instances, on-premise servers and virtual machines (VMs), and VMs in other cloud environments. 16 | 17 | In this episode we will walk through setting up the Systems Manager (SSM) Agent on EC2, and using this to deploy and configure the CloudWatch Agent. Additionally, we will set up an Amazon CloudWatch alarm for performance metrics on the EC2 instance to create OpsItems in Systems Manager OpsCenter. 18 | 19 | For more information about the various AWS Systems Manager capabilities see: 20 | 21 | - [Automation](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-automation.html) 22 | - [Distributor](https://docs.aws.amazon.com/systems-manager/latest/userguide/distributor.html) 23 | - [OpsCenter](https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter.html) 24 | - [Run Command](https://docs.aws.amazon.com/systems-manager/latest/userguide/execute-remote-commands.html) 25 | - [Session Manager](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html) 26 | - [State Manager](https://docs.aws.amazon.com/en_us/systems-manager/latest/userguide/systems-manager-state.html) 27 | 28 | ## Learning Objectives 29 | 30 | During this workshop episode, we will work towards the following learning objectives: 31 | 32 | - Gain an understanding of how to use AWS Systems Manager to manage EC2 instances. 33 | - Learn how to use the Systems Manager Agent to deploy and configure the CloudWatch agent. 34 | - Learn how to use OpsItems to respond to changes in CloudWatch alarm state. 35 | 36 | ## Getting Started 37 | 38 | Click the link below to go to the next section. 39 | 40 | [![](/operational_excellence/media/episode-01-step-01-manage-ec2.png)](/operational_excellence/episode-01-step-01-manage-ec2.md) 41 | -------------------------------------------------------------------------------- /operational_excellence/episode-01-step-03-tear-down.md: -------------------------------------------------------------------------------- 1 | # Tear down workshop 2 | 3 | ![](media/ssm-aws-logo.png) 4 | 5 | **Congratulations!** You have completed the **Episode 1: Using Amazon Systems Manager as a Foundation for Operationally Excellent Workloads** workshop. 6 | 7 | ## Tear down instructions 8 | 9 | ### Delete the CloudFormation stack 10 | 11 |
12 | To delete the CloudFormation stack

13 | 14 | 1. Open the AWS CloudFormation console at https://console.aws.amazon.com/cloudformation/home. 15 | 1. In the navigation pane, choose **Stacks**. 16 | 1. Choose the stack **oe-workshop** and click **Delete**. 17 | 1. Choose **Delete stack**. 18 | 19 |

20 | 21 | ### Delete the CloudWatch alarm 22 | 23 |
24 | To delete the CloudWatch alarm

25 | 26 | 1. Open the Amazon CloudWatch console at https://console.aws.amazon.com/cloudwatch/home. 27 | 1. In the navigation pane, choose **Alarms**. 28 | 1. Choose the alarm previously created **memory-used-alarm**, choose **Actions**, and choose **Delete**. 29 | 30 |

31 | 32 | ### Delete Systems Manager resources 33 | 34 |
35 | To delete the Parameter Store parameter

36 | 37 | 1. Open the AWS Systems Manager console at https://console.aws.amazon.com/systems-manager/. 38 | 1. In the navigation pane, choose [**Parameter Store**](https://console.aws.amazon.com/systems-manager/parameters). 39 | 1. Choose the parameter **AmazonCloudWatch-linux** and choose **Delete**. 40 | 1. In the **Delete parameters** window, choose **Delete parameters**. 41 | 42 |

43 | 44 |
45 | To delete the State Manager associations

46 | 47 | 1. Open the Systems Manager console at https://console.aws.amazon.com/systems-manager/. 48 | 1. In the navigation pane, choose [**State Manager**](https://console.aws.amazon.com/systems-manager/state-manager). 49 | 1. Choose the radio button next to the association named **CloudWatchAgent-Install** and choose **Delete**. 50 | 1. In the **Delete association** window, choose **Delete**. 51 | 1. Repeat this process for the association named **CloudWatchAgent-Configure**. 52 | 53 |

-------------------------------------------------------------------------------- /operational_excellence/episode-02-step-00-overview.md: -------------------------------------------------------------------------------- 1 | # Episode 2: Manage and Track Application and Infrastructure Configuration Changes using AWS Config 2 | 3 | ![](media/config-aws-logo.png) 4 | 5 | NOTE: You will incur charges as you go through either of these workshops, as they will exceed the [limits of AWS free tier](http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/free-tier-limits.html). 6 | 7 | ## Table of Contents 8 | 9 | - [Summary](#summary) 10 | - [Learning Objectives](#learning-objectives) 11 | - [Gettting Started](#getting-started) 12 | 13 | ## Summary 14 | 15 | Understanding the right tools to manage compliance for your application and infrastructure is critical to running operationally excellent workloads in the cloud. In this episode we will dive into the AWS Config service, and demonstrate some of the ways our customer’s use AWS Config to manage and track configuration changes in their environment. 16 | 17 | In episode two, you will enable the service [AWS Config](https://aws.amazon.com/config/) which enables you to assess, audit, and evaluate the configurations of your AWS resources. 18 | 19 | ## Learning Objectives 20 | 21 | During this workshop episode, we will work towards the following learning objectives: 22 | 23 | - Gain an understanding of the different components of the AWS Config service, from config rules, config items, as well as remediation actions. 24 | - Gain hands on experience using the AWS Config service to remediate non-compliant items. 25 | - Learn how to use AWS Config advanced query to quickly search for items that have a specific configuration applied. 26 | 27 | 28 | ## Getting Started 29 | 30 | Click the link below to go to the next section. 31 | 32 | [![](media/enable-config.png)](/operational_excellence/episode-02-step-01-enable-config.md) 33 | -------------------------------------------------------------------------------- /operational_excellence/episode-02-step-01-enable-config.md: -------------------------------------------------------------------------------- 1 | # Enabling AWS Config 2 | 3 | ![](media/config-aws-logo.png) 4 | 5 | NOTE: You will incur charges as you go through either of these workshops, as they will exceed the [limits of AWS free tier](http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/free-tier-limits.html). 6 | 7 | ## Table of Contents 8 | 9 | - [Summary](#summary) 10 | - [Instructions](#instructions) 11 | - [Deploy AWS Config Prerequisites](#deploy-aws-config-prerequisites) 12 | - [Enable AWS Config](#enable-aws-config) 13 | - [Next Section](#next-section) 14 | 15 | ## Summary 16 | 17 | In this section you will (1) enable AWS Config to monitor and record your AWS resource configurations. 18 | 19 | Prior to enabling these features, you will create several IAM Roles, Policies and a S3 bucket needed for AWS Config Conformance Packs and Autoremdiation. [AWS CloudFormation](https://aws.amazon.com/cloudformation/). AWS CloudFormation gives you an easy way to model a collection of related AWS and third-party resources, provision them quickly and consistently, and manage them throughout their lifecycles, by treating infrastructure as code. 20 | 21 | ## Instructions 22 | 23 | ### Deploy AWS Config Prerequisites 24 | 25 | **To save the CloudFormation template locally** 26 | 27 | 1. Open the CloudFormation template [workshop-config-prerequisites.yml](cfntemplates/workshop-config-prerequisites.yml). 28 | 1. Choose **Raw**. 29 | 30 | ![](/media/github-raw.png) 31 | 32 | 1. Open Notepad and copy the entire text. 33 | 1. Save the file to your local machine as ```workshop-config-prerequisites.yml```. 34 | 35 | The CloudFormation template will create the resources depicted in the diagram below. 36 | 37 | ![](/media/cloudformation-stack-ep02.png) 38 | 39 | **To deploy Cloudformation template for AWS Config Prerequisites** 40 | 41 | 1. Open the [AWS CloudFormation console](https://console.aws.amazon.com/cloudformation/home). 42 | 1. Choose **Create stack**. 43 | 1. For **Specify template**, choose **Upload a template file**, choose the file you saved locally ```workshop-config-prerequisites.yml```, and choose **Next**. 44 | 45 | ![](/media/cloudformation-create-stack-ep02.png) 46 | 47 | 1. For **Stack name**, enter ```workshop-config-prerequisites```, and choose **Next**. 48 | 1. On the **Configure stack options** page, leave the defaults and choose **Next**. 49 | 1. On the **Review** page, check the box **I acknowledge that AWS CloudFormation might create IAM resources with custom names.** and choose **Create stack**. 50 | 51 | 52 | CloudFormation will begin provisioning the resources specified within the CloudFormation template and once complete, you will have a two S3 Bucket with a S3 Bucket Policy, and some IAM Roles that we will be using together with AWS Config for Autoremediation. You can also use the refresh button to see the latest events related to the CloudFormation stack. Once the status of the CloudFormation stack changes to ```CREATE_COMPLETE```, you can proceed with the next steps. This process should complete within 5 minutes. 53 | 54 | ### Enable AWS Config 55 | 56 | AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. With Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines. This enables you to simplify compliance auditing, security analysis, change management, and operational troubleshooting. 57 | 58 | **To enable AWS Config using General Setup** 59 | 60 | 1. Search for the Config Service under the Management Tools Section in the console, and then click on Config. 61 | 1. Click on Get started, and we will follow the setup wizard. 62 | 63 | ![](/media/config-gettingstarted-ep02.png) 64 | 65 | 1. On the Settings page make the following selections 66 | 67 | ![](/media/config-settings-ep02.png) 68 | 69 | - Record all resources in this region 70 | - Include global resources 71 | - Create AWS Config service-linked role 72 | - Create a bucket (and accept the default bucket name) 73 | 1. Click Next on the next screen, bypassing rule selection. We will setup Config rules in the next steps. 74 | 1. On the last screen click on Confirm. 75 | 76 | ## Next Section 77 | 78 | Click the link below to go to the next section. 79 | 80 | [![](media/config-rule.png)](/operational_excellence/episode-02-step-02-config-rule.md) 81 | -------------------------------------------------------------------------------- /operational_excellence/episode-02-step-02-config-rule.md: -------------------------------------------------------------------------------- 1 | # AWS Config Rule with Remdiation 2 | 3 | ![](media/config-aws-logo.png) 4 | 5 | NOTE: You will incur charges as you go through either of these workshops, as they will exceed the [limits of AWS free tier](http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/free-tier-limits.html). 6 | 7 | ## Table of Contents 8 | 9 | - [Summary](#summary) 10 | - [Instructions](#instructions) 11 | - [Creating a Config rule to restrict incoming TCP traffic to specified ports as non-compliance](#creating-a-config-rule-to-alert-on-systems-manager-agent-non-compliance ) 12 | - [Deploy an EC2 instance](#deploy-an-ec2-instance) 13 | - [Add Remediation to your AWS Config Rule](#add-remediation-to-your-aws-config-rule) 14 | - [Next Section](#next-section) 15 | 16 | ## Summary 17 | 18 | AWS Config provides AWS managed rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resources comply with common best practices. For example, you could use a managed rule to quickly start assessing whether your Amazon Elastic Block Store (Amazon EBS) volumes are encrypted or whether specific tags are applied to your resources. You can set up and activate these rules without writing the code to create an AWS Lambda function, which is required if you want to create custom rules. 19 | 20 | In this section you will (1) create an AWS Config Rule to evaluate if security groupd that are in use disallow unrestricted incoming TCP traffic to the specified ports, and (2) use AWS Systems Manager Automation Documents to remediate non-compliant secuirty groups. 21 | 22 | ## Instructions 23 | 24 | ### Creating a Config rule to restrict incoming TCP traffic to specified ports as non-compliance 25 | 26 | You can create config Rules to monitor a number of items within your infrastructure. Beside utilizing AWS managed Config rules you can also create custom rules using AWS Lambda functions. Located here in [Github](https://github.com/awslabs/aws-config-rules) are same sample config rules you can create and implement in Lambda. 27 | 28 | In this step we will create a Config rule that will evaluate if EC2 security groups that are in use disallow unrestricted incoming TCP traffic to the specified ports. 29 | 30 | 1. Go to the AWS Config console, and then click on Rules on the left side of the console. 31 | 1. Click on Add Rule 32 | 1. In the Add Rule screen in the Filter section type ```restricted-common-ports```, click on the restricted-common-ports rule. 33 | 1. Under the Trigger Section take notice of the trigger type. Leave the remaining settings as-is. 34 | 1. Click Next and then Add rule 35 | 36 | ### Deploy an EC2 instance 37 | 38 | Next, let’s deploy a EC2 instance with a security group that allows TCP port 22 from the internet to test our Config rule. 39 | 40 | 1. Open the Amazon EC2 console by choosing EC2 under Compute. 41 | 1. From the Amazon EC2 dashboard, choose Launch Instance. 42 | 1. The Choose an Amazon Machine Image (AMI) page displays a list of basic configurations called Amazon Machine Images (AMIs) that serve as templates for your instance. Select the HVM edition of the Amazon Linux 2 AMI. 43 | 1. On the Choose an Instance Type page, choose t3.small as the hardware configuration of your instance and Review and Launch. 44 | 1. On the Configure Instance Details page, select the ```WorkshopEC2SSMRole``` as the IAM role and then choose Next: Add Storage: 45 | 1. On the Add Storage page, leave the defaults and then choose Next: Add Tags. 46 | 1. On the Add Tags page, leave the defaults and then choose Next: Configure Security Group 47 | 1. On the Configure Security Group page, Create a new security group called ```workshop-securitygroup``` 48 | 1. On the Review Instance Launch page, choose the Proceed without key pair option. 49 | 1. To launch your instance, select the acknowledgment check box, then choose Launch Instances. 50 | 1. The instance should be up and running in around a minute. 51 | 52 | ### Add Remediation to your AWS Config Rule 53 | 54 | AWS Config provides a set of managed automation documents with remediation actions. You can also create and associate custom automation documents with AWS Config rules. 55 | 56 | Now return to the Config rule you created, click into the rule, and click Re-evaluate after the instance is up and running. You will have wait a minute or two for the result, and then refresh the web page. After a few moments the security group with the instance we deployed should be flagged as non-compliant. 57 | 58 | ***Adding Remeditaion to the Config rule to alert on Systems Manager agent non-compliance*** 59 | 60 | 1. In the AWS Config console, click on the restricted-common-ports rule you created. 61 | 62 | 1. Click Actions | Re-evaluate after the instance is up and running 63 | 64 | ![](/media/config-reevaluatessmrule-ep02.png) 65 | 66 | 1. You will have wait a minute or two for the result, and then refresh the web page. After a few moments the security group that was creted should be flagged as non-compliant. 67 | 68 | 1. Next you will fix this non-compliant resource by adding a remediation action to the Config rule. 69 | 70 | 1. Click Actions | Manage remediation 71 | 72 | 1. Under the Edit: remediation action do the following: 73 | - Remediation method: Manual remediation 74 | - Remediation action: AWS-DisablePublicAccessForSecurityGroup 75 | - Resource ID parameter: GroupId 76 | - This passes the non-compliant security group ID to the remediation action 77 | 78 | ![](/media/config-ssmremediation1-ep02.png) 79 | ![](/media/config-ssmremediation2-ep02.png) 80 | 81 | 1. Click Save 82 | 83 | 1. Go back into the Config rule and look at non-compliant resources. Select the security group we deployed and then click on Remediate. 84 | 85 | 1. Once completed, click on the security group resource and click Manage Resource button. 86 | 87 | 1. Click on the Inbound rules tab for the security group and the public access rule for port 22 should be deleted. 88 | 89 | 1. Return to AWS Config, and click on the restricted-common-ports rule and re-evaluate the rule once more. You will see that the security group is now compliant. 90 | 91 | 92 | ## Next Section 93 | 94 | Click the link below to go to the next section. 95 | 96 | [![](media/config-conformancepack.png)](/operational_excellence/episode-02-step-03-config-conformancepack.md) 97 | -------------------------------------------------------------------------------- /operational_excellence/episode-02-step-03-config-conformancepack.md: -------------------------------------------------------------------------------- 1 | # AWS Config Deploy Conformance Pack 2 | 3 | ![](media/config-aws-logo.png) 4 | 5 | NOTE: You will incur charges as you go through either of these workshops, as they will exceed the [limits of AWS free tier](http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/free-tier-limits.html). 6 | 7 | ## Table of Contents 8 | 9 | - [Summary](#summary) 10 | - [Instructions](#instructions) 11 | - [Deploy conformance pack](#deploy-conformance-pack) 12 | - [View compliance remediation](#view-compliance-remediation) 13 | - [Next Section](#next-section) 14 | 15 | ## Summary 16 | 17 | A conformance pack is a collection of AWS Config rules and remediation actions that can be easily deployed as a single entity in an account and a Region or across an organization in AWS Organizations. 18 | 19 | In this section you will (1) create an conformance pack with remediation to evaluate your S3 buckets accoriding to S3 Best Practices, and (2) use AWS Systems Manager Automation Documents to remediate non-compliant S3 Buckets. 20 | 21 | ## Instructions 22 | 23 | ### Deploy conformance pack 24 | 25 | Before we can deploy the conformance pack, we will need to edit it. Conformance packs that AWS provides represent collated best practices, however they are not “one size fits all” and need some tailoring before being leveraged. 26 | 27 | 1. First, download the conformance pack template from this [link](cfntemplates/Operational-Best-Practices-for-Amazon-S3-with-Remediation.yml). - Operational-Best-Practices-for-Amazon-S3-with-Remediation 28 | 1. Next edit this file so we can make it usable with your lab environment. You will need to replace the `````` entries with the proper account number for your account (without dashes). You will find this entry on these line numbers: 29 | - 43 30 | - 80 31 | - 139 32 | - 179 33 | 1. Go to the [Config Console](https://console.aws.amazon.com/config), and then click on Conformance packs. 34 | 1. Click on Deploy conformance pack on the top right of the page. 35 | 36 | ![](/media/config-conformancepack1-ep02.png) 37 | 38 | 1. Under template details, select Upload template, and then select the Upload a template. Click Choose file, upload your modified template, and finally click Next. 39 | 1. Give the conformance pack a name that is meaningful to you. - Workshop-Operational-S3-BestPractices-WithRemediation 40 | 1. This conformance pack will require a parameter to function. Click Add parameter and then add a new key called ```S3TargetBucketNameForEnableLogging```. 41 | - The value for this will be the name of the ```s3serversideloggingbucket``` created by the CloudFormation stack you deployed in the prerequisites. Copy the name of the bucket into the value field. 42 | 1. Click Next, and finally click Deploy conformance pack. 43 | 44 | ![](/media/config-conformancepack2-ep02.png) 45 | 46 | ### View compliance remediation 47 | 48 | We will check compliance status for each rule in conformance pack and associated resources. Conformance Packs can also be deployed to an AWS Organization; however, this is out of scope for this lab. 49 | 50 | 1. Once the conformance pack is deployed, click on conformance pack name to drill down into details. You can view list of rules and their compliance status. 51 | 52 | ![](/media/config-conformancepack3-ep02.png) 53 | 54 | 1. Click on a rule name to see its details. 55 | 1. Expand Resources in Scope section to see resources in scope and their compliance status. If there are any existing non-compliant resources, you can manually remediate them or wait for auto-remediation to complete. 56 | 1. To see auto-remediation in action on a new resource, create a new S3 bucket using S3 Console. Config will discover the resource and mark it as non-compliant if it is not following S3 best practices. 57 | 1. Go back to conformance pack details and select a rule with remediation action. 58 | 1. Expand Resources in Scope section to see newly created resource with its compliance status. If the resource is non-compliant, the auto-remediation action will apply to resource within few minutes. 59 | 1. Refresh the page to see updated resource compliance status. 60 | 61 | ## Next Section 62 | 63 | Click the link below to go to the next section. 64 | 65 | [![](/operational_excellence/media/config-advancedquery.png)](/operational_excellence/episode-02-step-04-config-advancedquery.md) 66 | -------------------------------------------------------------------------------- /operational_excellence/episode-02-step-04-config-advancedquery.md: -------------------------------------------------------------------------------- 1 | # Querying the Current Configuration State of AWS Resources using AWS Config Advanced Query 2 | 3 | ![](media/config-aws-logo.png) 4 | 5 | NOTE: You will incur charges as you go through either of these workshops, as they will exceed the [limits of AWS free tier](http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/free-tier-limits.html). 6 | 7 | ## Table of Contents 8 | 9 | - [Summary](#summary) 10 | - [Instructions](#instructions) 11 | - [Next Section](#next-section) 12 | 13 | ## Summary 14 | 15 | You can use AWS Config to query the current configuration state of AWS resources based on configuration properties for a single account and Region or across multiple accounts and Regions. You can perform ad hoc, property-based queries against current AWS resource state metadata across all resources that AWS Config supports. The advanced query feature provides a single query endpoint and a powerful query language to get current resource state metadata without performing service-specific describe API calls. You can use configuration aggregators to run the same queries from a central account across multiple accounts and AWS Regions. 16 | 17 | In this section you will (1) run several queries against AWS resources to report on the current configuration state and (2) also use AWS CLI to run a query and output its information. 18 | 19 | ## Instructions 20 | 21 | 1. Go to the [Config Console](https://console.aws.amazon.com/config), and then click on Advanced queries. 22 | 1. Click in the search box, and then click Name, and then select EC2 instances by type. Finally click on the Copy to editor button. 23 | 24 | 1. Change the instance type on the last line to t3.small. The complete, new query will look like this: 25 | 26 | ``` 27 | SELECT 28 | resourceId, 29 | resourceName, 30 | resourceType, 31 | configuration.instanceType, 32 | tags, 33 | availabilityZone 34 | WHERE 35 | resourceType = 'AWS::EC2::Instance' 36 | AND configuration.instanceType = 't3.small' 37 | ``` 38 | 39 | 1. These results are simple, but do not show the relationships between resources. Let’s run a more interesting query that reveals more about the environment that the instance has been created in. Copy the resourceId from the previous query and execute a new one with that as a parameter. 40 | 41 | ``` 42 | SELECT 43 | * 44 | WHERE 45 | relationships.resourceId = 'your server id' 46 | ``` 47 | 48 | 1. Scrolling-down to the output you can now see a more detailed list of resources that are related to this server, including its VPC, attached EBS volume, subnet, security group, elastic network interface, and the CloudFormation stack that created it. 49 | You can create groupings and aggregations through Advanced Query as well: 50 | 51 | ``` 52 | SELECT 53 | configuration.complianceType, 54 | COUNT(*) 55 | WHERE 56 | resourceType = 'AWS::Config::ResourceCompliance' 57 | GROUP BY 58 | configuration.complianceType 59 | ``` 60 | 1. And unused EBS volumes: 61 | 62 | ``` 63 | SELECT 64 | resourceId, 65 | accountId, 66 | awsRegion, 67 | resourceType, 68 | configuration.volumeType, 69 | configuration.size, 70 | resourceCreationTime, 71 | tags, 72 | configuration.encrypted, 73 | configuration.availabilityZone, 74 | configuration.state.value 75 | WHERE 76 | resourceType = 'AWS::EC2::Volume' 77 | AND configuration.state.value <> 'in-use' 78 | ``` 79 | 1. The results from any and all of these queries can be exported to either CSV or JSON using the Export as button. 80 | 81 | 1. Finally, you can send queries to Config using the AWS Command Line Interface. This approach gives you a highly extensible method of scripting your data extraction. A simple example is this command: 82 | 83 | ``` 84 | aws configservice select-resource-config --expression "SELECT resourceId WHERE resourceType='AWS::EC2::Instance'" --output yaml 85 | ``` 86 | 87 | ## Next Section 88 | 89 | Click the link below to go to the next section. 90 | 91 | [![](/operational_excellence/media/tear-down.png)](/operational_excellence/episode-02-step-05-tear-down.md) 92 | -------------------------------------------------------------------------------- /operational_excellence/episode-02-step-05-tear-down.md: -------------------------------------------------------------------------------- 1 | # Tear down workshop 2 | 3 | ![](media/config-aws-logo.png) 4 | 5 | **Congratulations!**You have completed the **Episode 2: Manage and Track Application and Infrastructure Configuration Changes using AWS Config** workshop. 6 | 7 | ## Tear down instructions 8 | 9 | ### Delete EC2 Instance and Security Group 10 | 11 |
12 | To delete the EC2 Instance and Security Group

13 | 14 | 1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/. 15 | 1. In the navigation pane, choose **Instances**. 16 | 1. Select on the EC2 Instance that was created and Click **Instance state | Terminate Instance**. 17 | 1. Click the **Terminate** Button. 18 | 1. In the navigation pane, choose **Security Groups**. 19 | 1. Select the **workshop-securitygroup** Security Group and Click **Actions | Delete security groups**. 20 | 1. Click **Delete** Button 21 |

22 | 23 | ### Delete AWS Config Resources 24 | 25 |
26 | Delete AWS Config Conformance Pack

27 | 28 | 1. Open the AWS Config console at https://console.aws.amazon.com/config/. 29 | 1. In the navigation pane, choose **Conformance packs**. 30 | 1. Select the Conformance pack and click **Actions | delete**. 31 | 1. Enter the phrase ```Delete``` to confirm this action and click **Delete**. 32 |

33 |
34 | To delete the AWS Config rule

35 | 36 | 1. In the navigation pane, choose **Rules**. 37 | 1. Click on the **Rule**. 38 | 1. Under the **Remediation action section** click **Delete**. 39 | 1. Enter the phrase ```Delete``` to confirm this action and click **Delete**. 40 | 1. Click Actions | Delete rule. 41 | 1. Enter the phrase ```Delete``` to confirm this action and click **Delete**. 42 |

43 | 44 |
45 | To disable AWS Config

46 | 47 | 1. In the navigation pane, choose **Settings**. 48 | 1. Click **Edit**. 49 | 1. Uncheck the **Enable recording** check box. 50 | 1. Click **Save**. 51 |

52 | 53 |
54 | (Optional) To delete the Config recorder and Config delivery method

55 | 56 | To delete the Config recorder and Config delivery channel, perform the following steps using AWS CloudShell: 57 | 58 | From the AWS Management Console, you can launch AWS CloudShell by choosing the following options available on the navigation bar: 59 | 60 | 1. Choose the AWS CloudShell icon. 61 | 2. Start typing "cloudshell" in Search box and then choose the CloudShell option. 62 | 63 | ![](https://docs.aws.amazon.com/cloudshell/latest/userguide/images/launch_options.png) 64 | 65 | 1. To delete the Config recorder, enter the following command: 66 | 67 | ```aws configservice delete-configuration-recorder --configuration-recorder-name default``` 68 | 69 | 1. To delete the Config delivery channel, enter the following command: 70 | 71 | ```aws configservice delete-delivery-channel --delivery-channel-name default``` 72 | 73 | 1. Return to the AWS Config console to confirm Config is no longer enabled. If you see the **Set up AWS Config** page, then Config has successfully been disabled. 74 | 75 |

76 | 77 |
78 | To delete configuration items stored by AWS Config

79 | 80 | 1. Open the Amazon S3 console at https://s3.console.aws.amazon.com/s3. 81 | 1. Choose the S3 bucket created by AWS Config Setup. The name will be similar to ```config-bucket-123456789012```. 82 | 1. Choose **Empty**. 83 | 84 | 1. On the **Empty bucket** page, type **permanently delete** to confirm deletion of the objects in the S3 bucket. 85 | 1. Choose **Empty**. 86 | 87 | 1. Choose the S3 bucket created by AWS Config Setup. The name will be similar to ```config-bucket-123456789012``. 88 | 1. Choose **Delete**. 89 | 90 | 1. On the **Delete bucket** page, type the name of the S3 bucket to confirm deletion of the S3 bucket. 91 | 1. Choose **Delete bucket**. 92 | 93 |

94 | 95 | ### Delete Cloudformation Stack for AWS Config Prerequisites 96 | 97 |
98 | To delete the CloudFormation Stack

99 | 100 | 1. Open the AWS CloudFormation console at https://console.aws.amazon.com/cloudformation/. 101 | 1. Choose the stack created and click **Delete**. 102 | 1. Click **Delete Stack**. 103 |

104 | 105 | ## Next Section 106 | 107 | Click the link below to go to the next episode, **Episode 3: Implementing Observability with Amazon CloudWatch**. 108 | 109 | [![](media/.png)](/episode-03-step-00.md) -------------------------------------------------------------------------------- /operational_excellence/media/alarm-conditions.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/alarm-conditions.png -------------------------------------------------------------------------------- /operational_excellence/media/alarm-in-alarm-state.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/alarm-in-alarm-state.png -------------------------------------------------------------------------------- /operational_excellence/media/alarm-memory-used.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/alarm-memory-used.png -------------------------------------------------------------------------------- /operational_excellence/media/alarm-name.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/alarm-name.png -------------------------------------------------------------------------------- /operational_excellence/media/alarm-opsitem.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/alarm-opsitem.png -------------------------------------------------------------------------------- /operational_excellence/media/alarm-review.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/alarm-review.png -------------------------------------------------------------------------------- /operational_excellence/media/cloudformation-create-stack-ep01.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/cloudformation-create-stack-ep01.png -------------------------------------------------------------------------------- /operational_excellence/media/cloudformation-create-stack-ep02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/cloudformation-create-stack-ep02.png -------------------------------------------------------------------------------- /operational_excellence/media/cloudformation-stack-ep02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/cloudformation-stack-ep02.png -------------------------------------------------------------------------------- /operational_excellence/media/cloudwatch-disk-used.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/cloudwatch-disk-used.png -------------------------------------------------------------------------------- /operational_excellence/media/cloudwatch-mem-used.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/cloudwatch-mem-used.png -------------------------------------------------------------------------------- /operational_excellence/media/config-aq1-ep02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/config-aq1-ep02.png -------------------------------------------------------------------------------- /operational_excellence/media/config-aq2-ep02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/config-aq2-ep02.png -------------------------------------------------------------------------------- /operational_excellence/media/config-aws-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/config-aws-logo.png -------------------------------------------------------------------------------- /operational_excellence/media/config-conformancepack.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/config-conformancepack.png -------------------------------------------------------------------------------- /operational_excellence/media/config-conformancepack1-ep02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/config-conformancepack1-ep02.png -------------------------------------------------------------------------------- /operational_excellence/media/config-conformancepack2-ep02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/config-conformancepack2-ep02.png -------------------------------------------------------------------------------- /operational_excellence/media/config-conformancepack3-ep02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/config-conformancepack3-ep02.png -------------------------------------------------------------------------------- /operational_excellence/media/config-gettingstarted-ep02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/config-gettingstarted-ep02.png -------------------------------------------------------------------------------- /operational_excellence/media/config-reevaluatessmrule-ep02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/config-reevaluatessmrule-ep02.png -------------------------------------------------------------------------------- /operational_excellence/media/config-rule.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/config-rule.png -------------------------------------------------------------------------------- /operational_excellence/media/config-settings-ep02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/config-settings-ep02.png -------------------------------------------------------------------------------- /operational_excellence/media/config-ssmremediation1-ep02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/config-ssmremediation1-ep02.png -------------------------------------------------------------------------------- /operational_excellence/media/config-ssmremediation2-ep02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/config-ssmremediation2-ep02.png -------------------------------------------------------------------------------- /operational_excellence/media/cwa-parameter.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/cwa-parameter.png -------------------------------------------------------------------------------- /operational_excellence/media/enable-config.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/enable-config.png -------------------------------------------------------------------------------- /operational_excellence/media/ep01-st01.drawio: -------------------------------------------------------------------------------- 1 | 7VrXluPIkf2aftQeGMI9AiC8JQxB8EUH3nuAMF+/ieqqnu6pHq20q9Hq7HYZViIyI03EzbiRifqCss0mjEGfa12c1F8QKN6+oNcvCEIRBPg8BftXAQyj+FdJNhbxu+w3gV0cybsQepcuRZxMPzScu66ei/5HYdS1bRLNP8iCcezWH5ulXf3jqH2QJZ8EdhTUn6VeEc/5VymJQb/JxaTI8o+RYei9pgk+Gr8LpjyIu/U7Ecp9Qdmx6+avpWZjk/o03oddvurxf1D7bWJj0s5/j0LBU7PhoVdKR9wJuc3WTM1/uXzt5RXUy/uCvyB4Dfpj4uIFitlZ/BClHRgJLGTe362DD0v3UfGX6c13NGgAX/rtt8rvegmaHhTacOr/LZ4h2rPBJ1t3S/yxRmC/r8v8celA/BOD/EQUjr9Uf6n+Uv2l+r+mivwQo5GxW9o4OUkAAtVrXsyJ3QfRWbsCzgayfG5q8ASDYlAXWQvKdZJ+BHY+aIr6pG8xqV/JXETBWVHUNdvV3Qjkbdcm3wb+no/eKeqVjHOyfSd65ych6ZpkHnfQ5L32g1Xfk4UL8f68/sa8yIcs/4510Q+ODd7ZPvvW9W+ECArvnPgP8CP+d/Ljvxmz/cNM+LGqd4qP3l375TsWR2GOpM7s5vfEfjfZ76D4iz1/qf5S/TdU/Z/Qwh/ywO/4YprHrkrYb9HjI2b8WYRB/EgYGPITwkB/QhjfmOafThgw/Ikx7CVsk/mTA7plrosWGOvj4HqaKRuDuAD2+J2pvnPFzzx1uuf96AwjH8/vI529gqNnf5abLTtP6f8RrNPlPzKAgP5tSAkcnn9a+9fp69R/4liSoGAK/7ljT/8BeNT0Ozjmrv8JVMASijZT356uKPQ+7Z8NEQdT/g2pfwjFfwKcKOpHOJGf4QST8Gc4wcSfBSfsJ/nH73D04dyiebvK+GZ9NQiT2uymYi7e3Bt289w1oEF9VjBBVGVvMeA7i6dvX3/swan/itS02E5/MG9D0h9S6EMCynEwA5/QXx8Rvm+zLwhb3BnDWiFFyDoafOm2m3NuBkqsdj4XLO2DP9d77l1JUBByt+Zud8vPE8QL4KuLbZ6Ih7dD92qJ9h7MIy1fdQzXKhiBiqmRmNQsU1meKwba4sm7xFb3py5fR8teNGgr/IGjzFvSzbJ+vcUDrrvKwcGInDVyhcEzy/vjwetdV0eWaF+KYDPNg80lv5S/IAzL9080b48+RtHpdbStmaBHnQfVpIDh98mjWuhaaqy2SgedKtGaTbwaSpJTxIPhGJQQujXjQzUTVpsQVmsyq0+geJRx9SLV6obouuVVhqR7WKWUc6l7uCuPFLpdGn0SGPiZXjGmMV1+xwuOQWiHH4x1OER8ejG4RkRginSRR40JPREZzXkuSINyCoJMM5sVVLbK188bHh8cHsMVZrkHjnGKnDuaZbuCKxcCnSGs61eMnxvRqFP2DYpF+YgXipZXnPLndIwx4Uzy1NLYpzExHGenCrK5bfflxYGp5BVJLlFqXVYSbEgmpZ6uVw+vyQixMip0MwMJ9clMFg5gTu1zCgWPGI3FK7ZfVde/CeKOWrWgscEBGr4a/W5uu+yLEz2uwFxMsoEtyrsQvS2p6c/C3q+sDySjxpey2jV8iws8aGf4wsWioBxS+XNEtrtGa64gL7WLM/Xo+ySLb76CWfbmT53MPVFGWqSAU2yur/38UlkUP9yah5BVKo+ytXOTAYCZuz5qTnbQSpnMsrdGkqCrBBhdaB7aY9EP99ClO5g4r15Z5kGgZS4BLeIx2rqFXF/HTFwsVoqlFoAiChYnEa6Ilb1K3QiMrS9UZwlFPBrO3h8o6AYVogwh02d1cjl9o4cWx4q7antbC/qNL5Hh9ESdPgc7Jy1rTMdFfqWvEbmbqDwY9/uAIw8kbkMLhCe+nAPbg0u2Dl4zzaynHTPhruDTulxPVMDdqLTXdS2Fp7QvjoZHC3nVmyN9UlMcj+aLssGggGQQBgqA8hMOFuwGcMffQwZHb0+2s5iew0MrHr0Y1SRbqWMvSvCy3JrUXBcaSbXEwhWEw+ftQrcNGW0HjtSdSaN0vsfm6chAsw66uq7kYfU1l7huTavUBVRwLbtmDzbNFVPetTRT3PHeGqbFxd6jBKFCKgIifIF4yYuS49VTwK1jA80yDqLH6aNKDeGHb7euWFk5uYG9YZFeuFRb58uxuCG6nNIEk+23XlDw47pCuasvgauuQTa03aH1UPigfPeakxgzXVXdWaSqXiRgE965JUY30QawDBljt60obGgub8tj7LRVIwKjkHjOf8gbaKAqd3cPjbN4xMeKJ1v3CsWVz9iWJy/l3ZAC0X2OlKIBnmGoBQe7m61nH2mwPBgec6ldbFME8Q6My8qt4QS3bGrHmBkHIkFz3HHuVpS9LCWfiGB5dYQxFIuwWlDQVX6uRYRSxhZMdsBurXxAlA5GKWcieTyxw8/gsL8VPkfIjze6yjpBhQ113+twkTY6zgQrq4pCu5RJFV9MlQ5vyBRY7bXhc8XaBu1G2yPwzaFdHRAEe6ddHzgIdcDXfC3gEQtSBSzN7YgspRnXfPO0GY9NEFw7BSVfmMUn7obMdqHm9OZNry/KVPSOQxSxTjCjxb7Fz5dk9UAt0pKRV67s1VmI2gyWK9hNMJjCndgrB6JeDljZhCNo5rdOgmV7tGG8fFtkty5k2CmExeQX1ca3k6ARsB/iW3RJ0m4aA3hOxXCLsJDEy1iC1SDXTEF+tNvTxbOTa9jztQbfDjdUipVCdwE+mVz3CAIbNRlEMeV5VAe2GRnp1T2T3rkzdLlWE7d3hJwX07Q0Oww3shkijH9ponrqx2kfLkSOkkhr2LJ8IpnhyE0cWtdS/EJzbX/TJ15OFUlcYkFcF+vqgxivmbXViKvENCcm8nv4LBiL6/q7LMjrk9fw54FfQBWDttTKL51q1yQUO9qxT0NxD+Ot1FO6qDUToLQKdtLPcIo83UKjTrvdbHN84Hue6vwu9hl+RvXkwlAckWUm1m3SNRDg3pOVw35Oa2k1dUnIQ+g84JCAVQuJ2i6m53gOPf/B1NoYk5pFvYG3GmxyyExmR9pLrUcMO089H3qaksbLCcoBX8LxgidtPkF6GAP24t+o1ng8GlNIzQdodC36cwN2uLFGs0JQSOshoT4b9oRdLborKl+WqCCYDxl7ZK41W6jR3l4tnGhxJ0qb56lcdbKwefbOxhfsRhLGIyiyZ+jprxG/ddpCLJMK7BXtvVDKVLH2flDkG8WHENnaIw32TCW8BAp6PrAjDAeHvfkvH7NkS6vm3bSWUsG0F9M4+3OFqnPbyxPZRDqtm5pEcdbG9nDluagkc6H1svlgAFPh+4HI8qaCBYleHOFpqJA4xCHvKZAzxE/+cWLAEbER8AB/JlhQfDUBsaU3Q1vFNTwB/YZrnsAiszDKM4KemRbNyJaLcWMlZ1l2Jn3nz7/o6g7FfnJzd/mTEmfi/1HiXH5NnOkEYP8J/nL4t8QZ9ZL71X1ah0haJzWqxSJOxsrstELQ9cDKRyNhd653nv5ROg+HkmJdj91LhZv3UgmyhaDiunHvLs9oniQxVlQ3O2uYKgfzTLWSXBdf7YrdLzXt8ddmaB7xiUhp2wvsoW9vOeALJUwCax+mdqY0QOLgJifIdxI4kZFJNWMkLLMOk3xwyHbnGOdVROHkdNcnDSOn900+S6XNTiVocfTJP8QtlNWzs9ZVpLvfshcuP+OykLPneRgUBp19YkKpX8vt+boURTOYLnImlFiqwMGAQzB/jR/cQxhcWLMzjFXdLmGdW2c1iXVBDLdqIbyNn4ZBVu2h7YflyFiGhf2Q6JeAikde9wE/ROHrjNLK8dK6q0tcmQxRXCuL9vTMtcskROQmaPLEwKyJPpP9DJk3fzlTSV3orFu9v/zr5bDjMz+LRT7VJw1WpMOs/F6ZhecqFqaUaMJmFsFT3XHi5uFf6WpriPnZKzRipO6F1CcupOCCOVxPBmsafHPDRcx3VSG8r96dC9uOnR98hxxRBiL0elkKMyerxfFSSOiEm1mErlceljceNy9cfX/r+STS+LC1ETe+u8fS4n4/hgLcRC8klwBXvqwm3aRik28EQpXd43kmgtxRJgMVVSDXacDjTSs5jDun64DkvvOTdpnJivJ3kyYksfU67n7GQ/Cb9YmGc3aVM3JHifnFCWovB97b70Z3GcfQA/3Yds2S2KqXoGdp3f0MoywVoep58HZ0vxAoSjpXiT0M4iIoj04VFZYjjq1g3G4sXlzK3gTc7pgybmZ0ewz5rYGHGmyAcg/FSZSbxiRRceBZvy4hfiCJFkU1d3i2ZZckZAzzjaNflsdkpEcQ994qc8iLvzud6GcEN5mwR0JubcDVs+4vL3hqKMnuyrucoAROexQ6Y7LVkNru2WmUxchc7ZkfC7bXz2KCTqiDGvuRAkvsF3SZe8louMbk2mM1y4yh3fxeuCCz96EHfEgrRVhrNT+n0+LwktM4xz1H0rPYS14EyDZtaTgF85Yxb+fLh1ilceY7L0o/pmVq8qGFXHi72w8+lWD4nkJpTTD4ZKiVVhsvFw8fl0ZI8I3uWtGJbRTO+eEeCMSVgtRuU0C+Da+G5ek8LKjcFCJRQnZXCZvUejTbbiEqBfLI60Mmr3c58iHLELfeBEvzyymEVmrF+CzfYdeVQapcpQS8sF7vQKdbRQ9sd8aOD/s80qcssc/uSfnOgzmgR6fsbVgsvEp7b4dIhp6pC9Nj7qm0nzmDLFxoRwLGuq+vSqyG0oNb7SV6xrpruwOXPhWZJ6+8+MSYYvt6sUoCKfMn2kZ71u14khGiuZ+ATG14bs6hX7RS06FIO2Iv22117Z5WsSkegSImvjzPFty+mz0p0t4T7UqjtFlKfkYJFpqq8ex5VO+mGCNkWYXq/Nyz58IC50LfeHaErn3q1jHSj5mA2l5y47ztHgVBnaOOWLY35ZzJ7YwNZXQpNpKEipkf8ytRimcaphyF+iJ98kF7vvkQ9EUnRaFZEU722hvYz8R2sYJ7mgWPe3HTbzOAzYT1VqshznAnlRstF76oNY3Pui+bU9vevsvmOBgwRF7AESUsfMxB8PJO6SUCK4IITlVVNOjH1aGSYfDWqSeUvlX6vB/UXFpc/WntHarBBx7rVhHhV51Aiduzu+iUXeRKFW6HavJVDT1zx5rzymzJtesa2LLAubtj/JMPtAS7viA8ubIoSkzMs42gEiuSmJpWzaQWq6TLhhE1FAMY4Gn2clGOHe4ee3gSIM3VvFPZy61h2X/ZBfNP0xrsz7pehj7lNXQTHCBPQSC1aBdwmoGQz+8EOPZUktppDtoo+fuuon93Gwu++XOif3RF/f09MGh+JXEcRj/dHL83/uFG97/Mu/72fXIE5pKMn99X/K0L8U8JWd8VZy/cC3Q2vXfy01vz4t2GH73+WVfRMA7/gDz8An9C3oX8jLwP2T8feegn5Emnyd5ebUBCMCdrsP8rkAXOpRCD/V9E1ldr/jV7t+WfDDDydyc26nNow37y6uy/8ebsvJ/99m+Ob3Xf/bMoyv0n -------------------------------------------------------------------------------- /operational_excellence/media/ep01-st01.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/ep01-st01.png -------------------------------------------------------------------------------- /operational_excellence/media/episode-01-step-01-manage-ec2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/episode-01-step-01-manage-ec2.png -------------------------------------------------------------------------------- /operational_excellence/media/episode-01-step-02-enable-alarm-actions.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/episode-01-step-02-enable-alarm-actions.png -------------------------------------------------------------------------------- /operational_excellence/media/github-raw.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/github-raw.png -------------------------------------------------------------------------------- /operational_excellence/media/initiate-runbook.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/initiate-runbook.png -------------------------------------------------------------------------------- /operational_excellence/media/oe-create-session.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/oe-create-session.png -------------------------------------------------------------------------------- /operational_excellence/media/parameter-store-details.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/parameter-store-details.png -------------------------------------------------------------------------------- /operational_excellence/media/run-automation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/run-automation.png -------------------------------------------------------------------------------- /operational_excellence/media/session-cwa-wizard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/session-cwa-wizard.png -------------------------------------------------------------------------------- /operational_excellence/media/ssm-aws-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/ssm-aws-logo.png -------------------------------------------------------------------------------- /operational_excellence/media/state-association-configure-details.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/state-association-configure-details.png -------------------------------------------------------------------------------- /operational_excellence/media/state-association-configure-parameters.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/state-association-configure-parameters.png -------------------------------------------------------------------------------- /operational_excellence/media/state-association-details.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/state-association-details.png -------------------------------------------------------------------------------- /operational_excellence/media/tear-down.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/tear-down.png -------------------------------------------------------------------------------- /operational_excellence/media/view-runbook.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-cloud-and-hybrid-operations-workshop/618d0ab6da6a3c282e87a098efaa2e62284a8c8f/operational_excellence/media/view-runbook.png --------------------------------------------------------------------------------