manage aws services - splunkconf aws services cost, security, ... aws add-on get data in config...

Manage AWS ServicesCost, Security, Best Practice and Troubleshooting

Elias Haddad | Principal Product ManagerPeter Chen | Principal Software Engineer

September 2017 | Washington, DC

▶ Challenges in Managing Enterprise Level AWS Services▶ Get Data In – AWS Add-on▶ Data Analysis and Visualization – AWS App▶ Case Study▶ Q & A

Agenda

ChallengesinManagingEnterpriseLevelAWSServices

CostOptimization▶ Multi accounts▶ Budget planning▶ RI planning▶ Cost forecasting▶ Anomaly detection▶ Smart alerting

Challenges inManagingEnterpriseLevelAWSServices

SecurityStrategy▶ Access monitoring▶ API call monitoring▶ User management▶ Anomaly detection▶ Smart alerting

CostOptimization


BestPractice

▶ Config Rule▶ Inspector▶ EC2▶ ELB

SecurityStrategy

CostOptimization

▶ EBS▶ EIP▶ SG▶ IAM


BestPractice

SecurityStrategy

CostOptimization

Troubleshooting

▶ Change management▶ Network topology▶ Association analysis

Splunk SolutionAWS App & Add-on

Splunk Add-on for AWS

Explore AnalyzeDashboard Alert

Splunk App for AWS

EC2

EMR

Kinesis

R53

VPC

ELB

S3

CloudFront

CloudTrail

CloudWatch

RedshiftSNS

API Gateway

Config

RDS

CF

IAM

Lambda

Get Data In

AWS Add-onGet Data In

Kinesis S3CloudWatchConfig SQS CloudTrail Billing

Multiaccounts AssumeRole Highthroughput

EasyconfigurationScaleoutDistributedjob

Real-timecollection

HealthMonitoring

More

…...

KeyNewFeaturesinAWSAdd-on4.3and4.4New Input: SQS-Based S3

CloudTrail AccessLogs Config PlainText

S3 Event Notification

SQS

DLQFail over

Batch Process

Adaptable Downloader

Pluggable Decoder

▶ Higher throughput

▶ Real-time ingestion

▶ Cost efficient

▶ High availability

▶ Scale out capability

KeyNewFeaturesinAWSAdd-on4.3and4.4Trouble Shooting: Health Dashboard

KeyNewFeaturesinAWSAdd-on4.3and4.4Easier Configuration: New Designed Configuration GUI

Best Practice of Get Data InExample 1: Get CloudTrail Data of Hundreds Accounts in Real-time

Account 1

Account 2

Account 3

Account 100

S3

Centralized account

SQS

CloudTrail FilesCross account delivery

S3 event notification

Forwarder 1


Forwarder 2


Forwarder 3


Index Cluster

SQS-Based S3 Input

Bucket 1

Bucket 2

Bucket 3

Best Practice of Get Data InExample 2: Get Data More Securely

EC2 with Instance Role

Splunk

Account 1

Account 2

Account 3

AssumeRole

Kinesis

S3

CloudWatchConfig

SQS

CloudTrail

Billing

Config Rule Inspector

Data Analysis and Visualization

AWS AppData Analysis and Visualization

SavedSearch LookupDataModelsSummary

Dashboard

DataTransformation

SearchAcceleration

MachineLearning

SecurityStrategy

NetworkTopology

ForecastAnalysis

OverlayLayers

RIPlanning

ChangePlayback

BestPractice

Timeline

AnomalyDetection

Real-timeStatus

SmartAlerting

ReportAcceleration

▶ Add support of “Instance Size Flexibility”

Key NewFeaturesin AWSApp5.1Reserved Instance Inventory and Planner

AZ 1

AZ 2

AZ 1

AZ 2

Region

Unitsnano 32x

large

4xlarge

AZ Scope Regional Benefit

Instance Size Flexibility

▶ Add support of “Instance Size Flexibility”


▶ Add support of Platform and Tenancy in RI planer▶ Support window selection in RI Planer


Key NewFeaturesin AWSApp5.1Anomaly Detection Modular Visualization

▶ Manage anomaly detection jobs

▶ Manage alerts▶ View anomalies

detected

Key NewFeaturesin AWSApp5.1Dedicated Dashboard for Anomaly Detection

Key NewFeaturesin AWSApp5.1More Insights

EC2

EBS

EIP

SG

ELBIAM COST OPTIMIZING

SECURITY

PERFORMANCE

FAULT TOLERANCE

Key NewFeaturesin AWSApp5.1Decoupled Dependency of AWS Add-on

Search Head

Splunk App for AWS

Forwarder


Forwarder


▶ Not available in hybrid environment▶ Not able to connect multiple forwarders

Indexer Cluster

Key NewFeaturesin AWSApp5.1Decoupled Dependency of AWS Add-on

Search Head

Splunk App for AWS

Forwarder


Forwarder


Summary IndexAccounts InfoInputs Info

Typical Use Cases

UseCase– ManageBillingReport

3 kinds of reports, different granularity▶ CloudWatch Estimated Cost▶ Monthly Report▶ Detailed Billing Report

Budget planning and tracingCost analysis on different grouping rulesCost analysis on customized tags

Case Study – Optimize Reserved Instance

Statistics of RI Best purchase plan of RI▶ Based on historical data▶ Based on forecasting▶ Based on adjusted forecasting

▶ Support 3 payment options▶ Support Regional RI▶ Support Size Flexibility

▶ Distribution & utilization ▶ Detail information

Case Study – Topology

Interactive network topologyInteractive IAM association presentingExport to picture

Multiple overlaysPlayback of changes

CaseStudy– AnomalyDetection

Customvisualizationonanytimechart Nativesupportofalerting

▶ Email, SNS, ServiceNow▶ Number of instance launched daily▶ Amount of money spent daily

manage aws services - splunkconf aws services cost, security, ... aws add-on get data in config...

Documents