aws

Policies and Standards Automations

Manage multiple AWS accounts under a single management account
Terminology:
- Organizational units: Group of single or multiple accounts within an organization
- Member accounts: Any account other than the management account and Organizational units
No additional billing for Organizations but the owner of the management account pays for the bills on the accounts in it
Service control policies (SCPs) are a type of organization policy that you can use to manage permissions in your organization. SCPs offer central control over the maximum available permissions for all accounts in your organization
AWS Cloudformation StackSets and AWS Service Catalog helps in automating deployments across accounts in an organization

Consists of a catalog of products, which are basically cloudformation templates we can upload
Then we can deploy this products by passing input parameters
Key terms:
- Portfolios: collection of products

What does it do?
- Group AWS resources in resource group —-> create these resource groups with resource tags
- View aggregated data
- Take action (automated and manual) on the resources
Systems manager supports
- Operation management
- Change management
- Node management
- Application management
- shared resources
Works with on-premise/ec2 servers as well, need to ssm install agent on it

Using AWS Config, EventBridge, SSM Patch manager, SSM State manager, SSM Run command we can accomplish this

AWS Systems Manager Run Command lets you remotely and securely manage the configuration of your managed instances
You can restrict command execution to specific managed nodes by creating an IAM user policy that includes a condition that the user can only run commands on nodes with specific tags

Fleet-wide automation for common administration tasks using predefined/custom runbooks (Automation documents)