AWS Partner Network (APN) Blog

Discovering and Reporting on Agile Assets with AWS Systems Manager

By Kiran Chadalavada, AWS Business Leader at Cognizant AWS Practice
By Soumya Banerjee, Lead Architect, AWS Practice at Cognizant AWS Practice

Cognizant_Logo-3
Cognizant-APN Badge-3
Connect with Cognizant-1
Rate Cognizant-1

Hundreds of large enterprises rely on Cognizant’s ability to provide customized cloud management platform capabilities with a differentiated experience.

To excel, we integrate multiple management tools into our Cloud Management Platform (CMP) to provide a unified view of customers’ Amazon Web Services (AWS) environments.

When it comes to managing workloads across hybrid and heterogeneous cloud environments, a key challenge is dealing with asset tracking. This includes software and hardware inventory.

As we provide customers with push-button provisioning capabilities, it’s even more critical to track the number of software and hardware inventories. We track every configuration item for security, as well as usage metrics.

To address this growing need of managing and reporting asset details, Cognizant uses AWS Systems Manager, which gives you visibility and control of your infrastructure on AWS.

Overview

In this post, we will explore specific use cases for software and hardware inventory collection and tracking that we do for customers using AWS Systems Manager.

Cognizant is a AWS Partner Network (APN) Premier Consulting Partner and member of the AWS Managed Services Provider (MSP) Partner Program.

To provide a unified view of assets for customers at the click of a button, we integrated AWS Systems Manager into CMP. Currently, we manage around 50,000 servers across various clients. With the adoption of Systems Manager, we reduced the manual effort of maintaining the inventory details by 70 percent.

Inventory Data and Reporting at Scheduled Intervals

Using the Systems Manager State Manager association with the AWS-GatherSoftwareInventory document, we collect inventory data from instances in a customer’s hybrid cloud environment spanning multiple AWS accounts and regions. This includes inventory details from instances that are hosted in our customer’s data center.

We use the Systems Manager Resource Data Sync feature to send inventory data collected from all of our managed instances to a single Amazon Simple Storage Service (Amazon S3) bucket.

We then use Amazon Athena to query and pull specific inventory details out of the bucket, and to build custom reports. For more detailed information and the steps involved, see Configuring Resource Data Sync for Inventory.

Cognizant offers greater asset visibility to customers by providing the ability to build their own custom reports, with all the inventory data in a single S3 bucket.

Using AWS Lambda functions, we can execute Athena queries and compile the results into a custom inventory report. We quickly push out the custom reports to customers and individuals in our team using Amazon Simple Email Service (SES).

We also perform analytics on this inventory data using Amazon QuickSight. Centralizing inventory reporting has helped us improve the operational efficiency up to 80 percent over other methods by providing accurate insights on a customer’s hybrid environment.

Cognizant-Systems-Manager-1

Figure 1 – Inventory collection and reporting across accounts using Resource Data Sync.

Here’s the sequence of steps shown in Figure 1 that summarize the inventory collection and reporting process flow for multiple accounts spread out across multiple AWS Regions:

  1. In Account 1, State Manager executes the AWS-GatherSoftwareInventory document on managed Amazon Elastic Compute Cloud (Amazon EC2) instances.
  2. Resource Data Sync collects the inventory for these instances and sends it to AWS Systems Manager.
  3. The inventory data from on-premises managed instances is collected as result of State Manager executing the AWS-GatherSoftwareInventory document.
  4. Resource Data Sync sends the inventory data to an Amazon S3 bucket.
  5. Using the same steps performed earlier for the first account, Resource Data Sync collects the inventory data for the second account and sends it to the S3 bucket.
  6. Using the same steps performed earlier, Resource Data Sync collects the inventory data for the third account and sends it to S3.
  7. An Amazon CloudWatch Event invokes a Lambda function on a periodic basis.
  8. Lambda triggers the execution of Athena queries to generate datasets for ingestion by analytical tools like Amazon QuickSight and for report distribution.
  9. Athena executes the queries on S3 buckets to generate datasets containing inventory data from all accounts and stores them in another S3 bucket.
  10. The reports are distributed to end users using Amazon SES.

Automating the Tagging of Instances

From a customer’s point of view, asset tracking is key for understanding capacity consumption and optimization, as well as for managing the security and governance aspects.

Systems Manager Automation allows you to represent operational tasks and runbooks as code, in a JSON or YAML document. You can execute that code across multiple accounts in multiple regions.

Using Automation documents, you can define steps in your workflow such as seeking approval for certain actions or calling any AWS API, among other available actions or plugins.

At Cognizant, we help our cloud customers to simplify the process of asset tracking by tagging existing and new instances using custom Automation documents.

Cognizant-Systems-Manager-2

Figure 2 – Automated tagging of instances using an Automation document.

Here’s the sequence of steps that summarize the process in Figure 2:

  1. Administrator runs the triggers that execute AWS System Manager Automation using the console and specifies the document to invoke.
  2. Document encapsulates the logic to tag instances.
  3. Amazon EC2 instances are tagged with the key-value pairs based on the logic encoded in Automation document.

The following code example shows the steps in the Automation document we used to tag the Amazon EC2 instances:

mainSteps:
- name: launchInstance
  action: aws:runInstances
  maxAttempts: 3
  timeoutSeconds: 1200
  onFailure: Abort
  inputs:
    ImageId: "{{ ImageId }}"
    InstanceType: "{{ InstanceType }}"
    SubnetId: "{{ SubnetId }}"
    KeyName: "{{ KeyName }}"
    SecurityGroupIds:
    - "{{ SecurityGroupIds }}"
- name: createTags
  action: aws:createTags
  maxAttempts: 3
  onFailure: Abort
  inputs:
    ResourceType: EC2
    ResourceIds:
    - "{{ launchInstance.InstanceIds }}"
    Tags:
    - Key: Tag1Key
      Value: "{{ Tag1Value }}"
    - Key: Tag2Key
      Value: "{{ Tag2Value }}"

Why Systems Manager?

Our reasons at Cognizant for choosing AWS Systems Manager include the following benefits:

Support for Hybrid Cloud Environments

Many enterprise customers have infrastructure hosted in hybrid environments, both private and public clouds. Using AWS Systems Manager features, we can provide a range of cloud management capabilities for Windows Server, AL, AL2, RHEL, CentOS, Ubuntu, and SUSE–based operating systems.

Operational Efficiency

We have automated inventory collection and centralized inventory data storage to a single Amazon S3 bucket using the Resource Data Sync feature.

We use Systems Manager Automation across multiple accounts and regions for the following:

  • Tagging instances.
  • Baking golden images for our AMIs.
  • Cleaning up the infrastructure by deleting unused Amazon Elastic Block Store (Amazon EBS) volume snapshots.
  • Managing database snapshots.
  • Terminating unwanted instances.

We also use Parameter Store to manage the configuration data and secret securely separate from code. We use Patch Manager for patching instances across multiple operating systems.

Overall, AWS Systems Manager has helped us gain operational efficiencies of 400 percent and reduce customer support costs.

Improved Security Posture

Security is the bedrock of everything we do at Cognizant Cloud. Systems Manager helps us perform operations without having to open up ports in our virtual private cloud (VPC) for SSH or RDP access.

All the actions are audited in AWS CloudTrail and execution outputs can be stored in Amazon S3 or Amazon CloudWatch Logs. Access control is driven by AWS Identity and Access Management (IAM) policies and roles.

Cost-Effective Management Solution

The majority of Systems Manager features are provided at no additional cost, and the rest follow the pay-per-use model. There are no licenses to worry about or servers to manage. This lets us build cost-effective solutions and pass the savings to customers.

Summary

Cognizant—with the help of AWS Systems Manager—has automated tagging for more than 50,000 instances, increasing efficiency by 80 percent. This has helped us streamline the way resources are managed and governed.

Being a native tool, AWS Systems Manager has powerful cloud management abilities that makes it a highly scalable and agile toolset. As part of the Cognizant Cloud Management Platform, Systems Manager helps us provide secure and differentiated operational support in an automated way to multiple customers.

The content and opinions in this blog are those of the third party author and AWS is not responsible for the content or accuracy of this post.

.


Cognizant_Logo-3
Connect with Cognizant-1

Cognizant – APN Partner Spotlight

Cognizant is an APN Premier Consulting Partner. They transform customers’ business, operating, and technology models for the digital era by helping organizations envision, build, and run more innovative and efficient businesses.

Contact Cognizant | Practice OverviewBuy on Marketplace

*Already worked with Cognizant? Rate this Partner

*To review an APN Partner, you must be an AWS customer that has worked with them directly on a project.