July Partner SA Highlights – Learn About Opsee, Splunk, and Twistlock
Our Partner Solutions Architect (SA) teams work closely with APN Partners, and become very familiar with APN Partner solutions that are either built on, or integrate with, AWS. Needless to say, our SAs often discover APN Partner solutions that take advantage of AWS in unique and innovative ways to help solve customer needs.
Each month, we’re going to provide background on a few APN Partner solutions that Partner SA team members want to highlight. You’ll hear from the SA themselves about what the solution does, and what they find to be interesting about the solution. To kick things off, my colleagues David Rocamora and Brandon Chavis would like to tell you more about solutions from APN Technology Partners Opsee, Splunk, and Twistlock.
How to Monitor Your Apps with Opsee
Are you running a number of services in AWS and looking for a way to monitor them? Take a look at Opsee. Opsee is a monitoring platform with deep AWS integration. Customers can create health checks for their services and AWS CloudWatch metrics, and Opsee will continuously test them and track environment changes automatically, with no agents to install or shell scripts to cURL. Customers manage health checks through Opsee’s web UI, and health checks run from an Amazon EC2 Instance inside the customer’s AWS account.
I like Opsee for two reasons. First, I feel they prioritize customer security. Opsee needs a lot of access to customer AWS accounts to make it quick and easy to set up health checks. Opsee gets access to your account with a cross-account IAM role and unique external ID for each customer. This is a very secure way for APN Partners to access customer AWS accounts.
The second reason I like Opsee is how easy I feel they make setting up advanced checks. With just a few clicks you can create health checks for services that inspect status codes, headers, response bodies, and metrics so you know your applications are working as expected. Notifications can easily plug into systems you are already using like email, Slack, or Pagerduty. If you want to build custom notification integrations, Opsee supports webhooks too.
Opsee is free for a limited time during their public beta, and can monitor services running inside and outside of AWS. If you want to give it a try, visit https://opsee.com.
Splunk Adds Native Support for Amazon EC2 Container Service and Docker 1.10 with Release of Splunk logging driver for Docker
If you run containers at scale, you likely understand the importance of comprehensive monitoring of your infrastructure. The visibility that solid monitoring solutions provide into the functionality of your applications and infrastructure is, in my opinion, critical for running reliable services. In Docker 1.10 and newer, you can use the new Splunk Logging Driver for Docker to send your container logs directly to Splunk Enterprise and Splunk Cloud via the HTTP Event Collector. The Splunk logging driver will also be natively integrated with Amazon EC2 Container Service (ECS) by way of the ECS Agent, meaning that you can configure your containers to use the Splunk logging driver in your ECS Task Definitions.
Splunk provides the ability to correlate container-level metrics with other infrastructure data, which provides helpful context when tracking potential issues and identifying root-causes. The driver adds Docker specific methods of identifying containers, like labels and environment variables, to the already deep support for AWS infrastructure monitoring capabilities provided by Splunk Enterprise and Splunk Cloud. This means you can identify, for example, which ECS container instance your container lived on during a specified time period, allowing you to track information from the container level to the AWS infrastructure level all within the same tool.
Finally, this implementation was designed with security and scalability at the forefront; support for TLS, SSL Certificates and role-based access control are built in. To find a more complete breakdown of this new feature from Splunk themselves, take a look at their blog.
Introducing Twistlock – A Solution for Securing Container Workloads
As more companies implement containers in their production architecture, the demand for security solutions that are designed for container-based workloads increases. APN Partner Twistlock can help AWS customers secure their container workloads, including containerized applications that run on Amazon EC2 Container Service and container images that are stored in EC2 Container Registry.
Twistlock provides a way to verify the trust of container images and to regulate the runtime behavior of your containers. Twistlock can scan images for malware and CVEs, monitor and enforce your compliance policies, and dynamically apply security controls to running containers across a cluster of EC2 instances.
For example, you may want to automatically prevent a container with a specific CVE from ever running in your environment, or you may want to prevent your containers from running unapproved commands or binaries; Twistlock can provide this level of control for you.
Twistlock applies a framework that understands the normal behavior of your containers and can alert you when this behavior deviates from the expected, alerting your teams or taking automatic actions, like killing a container that is behaving in an insecure manner. Finally, Twistlock can also monitor the Docker daemon and control who can interact with it, and how; Alice might need to run containers, but Bob might only need read permissions like “docker inspect”.
The sum of these capabilities allows businesses to enforce compliance requirements across their containerized environment. We’ve built a small CloudFormation template to let you try out Twistlock yourself. The template is located here. We used a base Ubuntu 16.04 image and the free Developer Edition of Twistlock, deployed in a demo “Onebox” configuration, meaning the management console and the Defender Agent are installed together on the same host.
All you’ll need to get up and running is an EC2 Keypair and a Developer Edition license from Twistlock (twistlock.com/developer-edition).
After the CloudFormation template completes, click the “Output” tab to be taken to your Twistlock console login page. Upon logging in, you’ll be brought to the licensing page- enter your license here.
- Compliance: https://youtu.be/fD5cBLWO9pg
- Access control: https://youtu.be/U2tB6Pj7Q0Q
- Runtime Defense: https://youtu.be/C4qK9aRMSbM
- Vulnerability management: https://youtu.be/wxaoRAeR2yM
 Please note that these posts are informative in nature, and are not endorsements from AWS of the solutions highlighted, which are built, released, and managed by the third-party.