Chapter 8: AWS Management & Governance
The Architect’s Blueprint for Efficiency, Consistency, and Automation.
🚀 The Governance Ecosystem
🏗️ Infrastructure as Code (IaC)
CloudFormation: Create and manage resources using JSON/YAML templates.
- Consistency across environments
- Version control for infrastructure
- Reduces manual configuration drift
🔄 CI/CD Pipeline
AWS CodePipeline: Automates the build, test, and deploy phases.
- CodeCommit: Git repositories
- CodeBuild: Compiles/Tests code
- CodeDeploy: Automates deployment
📈 Monitoring & Logs
CloudWatch: The performance guardian.
- Metrics: Numerical performance data
- Alarms: Proactive notifications
- Logs: Centralized application records
🕵️ Security & Compliance
CloudTrail: The auditor.
- Logs every API call
- Identifies “Who, What, When, Where”
- Crucial for regulatory compliance
I. Infrastructure Provisioning
Managing infrastructure in the cloud requires moving away from manual clicks to automated specifications.
Key Concept: CloudFormation Templates
- Parameters: Input values (e.g., Instance Type).
- Resources: (Required) The actual AWS objects being created.
- Mappings: Conditional values (e.g., Region-specific AMIs).
- Outputs: Values returned after stack creation (e.g., Public IP).
II. Monitoring vs. Observability
Amazon CloudWatch
Focuses on Infrastructure Health.
- Basic (5 min) vs. Detailed (1 min) metrics.
- Custom Dashboards for visualization.
- Alarms to trigger Auto Scaling or SNS.
AWS X-Ray
Focuses on Application Performance.
- Tracing requests across microservices.
- Identifying bottlenecks and latency.
- Visual Service Maps.
III. Deep Dive: Management Services
| Service | Core Functionality | Exam Tip / Use Case |
|---|---|---|
| Systems Manager | Fleet Management & Automation | Patching EC2 instances at scale without SSH. |
| AWS Config | Resource Change Tracking | Auditing if S3 buckets were ever made public. |
| Trusted Advisor | Best Practice Recommendations | Cost optimization, security gaps, and performance. |
| Health Dashboard | Service Health Alerts | Proactive alerts for AWS-side outages. |
| Service Catalog | Self-Service Provisioning | Allowing users to deploy “approved” templates only. |
| License Manager | Software License Tracking | Managing IBM/Microsoft/Oracle license compliance. |
Exam Readiness: Key Insights
- CloudTrail vs. CloudWatch: CloudTrail is for API/User Activity (Auditing). CloudWatch is for Performance/Logs (Monitoring).
- Infrastructure as Code: Use CloudFormation for AWS-native provisioning and Proton for managing serverless/container application stacks.
- Centralized Governance: Use AWS Organizations integrated with CloudTrail to aggregate logs from all sub-accounts into one S3 bucket.
- Automation: Systems Manager (SSM) is the “Swiss Army Knife” for managing OS-level tasks on EC2 and On-Premises servers.