Questions tagged with Operational Excellence
Content language: English
Sort by most recent
Browse through the questions and answers listed below or filter and sort to narrow down your results.
Does AWS provide prescriptive guidance on how to setup, operate, and manage cost in an enterprise environment? I'm looking for how-to's, workshops, and/or specific documentation, and best practices. There is a ton of content that AWS provides, however, there doesn't seem to be one comprehensive place on the site that provide the type of prescriptive guidance I'm looking for.
**What is the advantage of AWS organization management over the account management ? Why take the leap****** Every Company has users and resources they interact with. End of the day - management of these users and resources (allowing the intended and blocking the un-intended usage) is the purpose of our job. Answer is to use an account level strategy or organizational level strategy. In AWS , few years back , focus was on securing an account and VPCs did the separation for production, development and testing stages. [Please understand Separate VPC is as good as a separate datacenter ]. Now idea is promoted that practically each developer or team will have an account and the department will work as an OU and Enterprise will run as a AWS organization - handling this multi account strategy. So along comes SCPs (at the end of the day they are DENY rules). Control Tower and Landing Zone. But the same things can be run on account level. *Are we Securing the blast radius by limiting to an account ? incase of an account compromise ? **I do not agree as firstly* when your running a multi-account system similar cross account access are also in place which needs to be secure along with the basic level account security management. Also top-managing account in organization can be compromised . In fact the attack surface largely increasing onto an other level. Causes difficulties to visibility and monitoring - ( Guard Duty can be enabled for multi accounts and Cloud Trails Aggregator can be used )- but it is getting complicated. Secondly, anyways one has to keep the account secure also. Clear demarcation is possible and good environment can be provided with VPC , Conditional statements , tagging. In case of merger there can be cross account access enabled with external ID. **I am not here to challenge but I want to gain an understanding in why the shift was undertaken. Also any resources in this regard will be great help. Even a comment might help. ****** **
**Issue** - Systems Manager State Manager (Document = "AWS-StopEC2Instance") fails with Detailed status = "InvalidAutomationParameters". - I tried to check "output" in Execution History, but the console says "Automation execution [ID] does not exist", so I have no idea how to investigate further. **Steps** 1. Go to State Manager and click "create association" 2. Choose a document "AWS-StopEC2Instance" 3. Choose "InstanceID" and "AutomationAssumeRole" in "Input parameters" section. 4. Apply the association and see "InvalidAutomationParameters". **What I checked** 1. I checked the document "AWS-StopEC2Instance". It says "AutomationAssumeRole" is optional. However, if I don't input "AutomationAssumeRole" in State Manager create association page, I am told "ValidationException. This assume role is invalid". 2. I executed the document "AWS-StopEC2Instance" as a Systems Manager Automation task. I didn't have to specify "AutomationAssumeRole" and it was executed successfully. For these reasons, I guess there is something wrong with State Manager.
In context of Ops#10 of the Well-Architected Framework tool, please expand on "Identify drivers for improvement to help you evaluate and prioritize opportunities." An example would help-- is 'driver' meant to be an organizational goal, a key executive, an abstract principle?
The first pillar of the well-architected framework is Operational Excellence. However, then the remaining five are, also after consulting the docs, just more specialized aspects of the first pillar. Is there a good way to think about Operational Excellence capturing something totally different than the other pillars? Thanks!