AWS Services for Hybrid Deployments

This week’s customer explained that they want to use the same management tools in both their data center and AWS when possible. To support this requirement, I suggested that the customer migrate their on-premises containers to use Amazon Elastic Container Service (Amazon ECS) Anywhere so that they can use common tooling for running containers. I also suggested that the customer use the following tools to manage resources across environments: AWS Systems Manager for operational support and tasks, and AWS Backup for managing backups in one centralized place.

Amazon ECS Anywhere

Amazon ECS Anywhere is a feature of Amazon ECS that you can use to run and manage container workloads on customer-managed infrastructure.

Amazon ECS Anywhere builds on the ease and simplicity of Amazon ECS to provide a consistent experience across your container-based applications for working with tooling and APIs. Whether on premises or in the cloud, cluster management, workload scheduling, and monitoring will be similar to what you already know from Amazon ECS. You can reduce costs and mitigate complex local container orchestration by taking advantage of the completely managed solution that Amazon ECS Anywhere provides. Amazon ECS Anywhere can help you meet compliance requirements and scale your business while retaining your on-premises investments.

For a hands-on workshop about Amazon ECS Anywhere, see Amazon ECS Workshop: ECS Anywhere.

AWS Systems Manager

By using AWS Systems Manager, you have visibility and control of your infrastructure on AWS. Systems Manager provides a unified user interface that you can use to view operational data from multiple AWS services and automate operational tasks across your AWS resources.

With Systems Manager, you can group resources — such as Amazon Elastic Compute Cloud (Amazon EC2) instances, Amazon Simple Storage Service (Amazon S3) buckets, or Amazon Relational Database Service (Amazon RDS) instances — by application. You can also view operational data for monitoring and troubleshooting, and take action on your groups of resources.

Systems Manager is designed to simplify resource and application management, reduce the time needed to detect and resolve operational problems, and make it easier to operate and manage your infrastructure securely at scale.

The following diagram shows how some Systems Manager capabilities perform actions on your resources. The diagram doesn’t cover all capabilities. Each numbered interaction is described after the diagram.

1. Access Systems Manager: Use one of the available options for accessing Systems Manager, such as the AWS Management Console or the AWS Command Line Interface (AWS CLI).
2. Choose a Systems Manager capability: Determine which capability can help you with the action you want to perform on your resources. The diagram shows only a few of the capabilities that IT administrators and DevOps personnel use to manage their applications and resources.
3. Verification and processing: Systems Manager verifies that your AWS Identity and Access Management (IAM) user, group, or role has the needed permissions to perform the action that you specified. If the target of your action is a managed node, the Systems Manager Agent (SSM Agent) that runs on the node performs the action. For other types of resources, Systems Manager performs the specified action or communicates with other AWS services to perform the action on behalf of Systems Manager.
4. Reporting: Systems Manager, the SSM Agent, and other AWS services that performed an action on behalf of Systems Manager report their status. Systems Manager can send status details to other AWS services, if configured.
5. Systems Manager operations management capabilities: If you enable Systems Manager operations management capabilities — such as Explorer, OpsCenter, and Incident Manager — they can aggregate operations data or create artifacts in response to events or errors with your resources. These artifacts include operational work items (OpsItems) and incidents. The operations management capabilities from Systems Manager provide both operational insight into your applications and resources, and automated remediation solutions to help troubleshoot problems.

For more resources about Systems Manager, see the following:

• For a tutorial about how to use Systems Manager Run Command, see Remotely Run Commands on an EC2 Instance with AWS Systems Manager.
• For a hands-on workshop about using Systems Manager, see AWS Management and Governance Tools Workshop: AWS Systems Manager.
• For more general information about Systems Manager, see What is AWS Systems Manager?

AWS Backup

You can use AWS Backup to centralize and automate data protection across AWS services and hybrid workloads. AWS Backup offers a cost-effective, fully managed, policy-based service that is designed to simplify data protection at scale.

AWS Backup also helps you support your regulatory compliance or business policies for data protection. Together with AWS Organizations, you can use AWS Backup to centrally deploy data protection policies to configure, manage, and govern your backup activity across your company’s AWS accounts and resources. Supported resources include the following:

• EC2 instances
• Applications that are supported by Windows Volume Shadow Copy Service (VSS) — including Windows Server, Microsoft SQL Server, and Microsoft Exchange Server — on Amazon EC2
• Amazon Elastic Block Store (Amazon EBS) volumes
• S3 buckets
• Amazon RDS databases, including Amazon Aurora clusters
• Amazon DynamoDB tables
• Amazon Neptune databases
• Amazon DocumentDB (with MongoDB compatibility) databases
• Amazon Elastic File System (Amazon EFS) file systems
• Amazon FSx for NetApp ONTAP file systems
• Amazon FSx for Lustre file systems
• Amazon FSx for Windows File Server file systems
• Amazon FSx for OpenZFS file systems
• AWS Storage Gateway volumes
• VMware workloads on premises, on Amazon Outposts, and in VMware Cloudon AWS

For more information, see What is AWS Backup?