AWS Cloud Operations Blog
Strengthen application resilience with myApplications and AWS Resilience Hub
Introduction
Today, organizations prioritize managing their applications over infrastructure, focusing on business outcomes while leveraging automation and cloud services to handle the underlying infrastructure. They seek to consolidate key application metrics like health, security, cost, and performance from AWS services such as AWS Security Hub or Amazon CloudWatch. These organizations also need to ensure their applications can withstand disruptions and recover swiftly, with an ongoing focus on maintaining their applications’ resilience posture. AWS Resilience Hub and AWS Management Console myApplications feature are application-centric tools that streamline AWS workload management. Resilience Hub assesses and improves application resilience by identifying potential issues and providing recommendations, while myApplications offers a simplified process for defining and managing applications, centralizing key metrics. With Resilience Hub now seamlessly integrated into myApplications in AWS Console Home, you can effortlessly manage and enhance your application’s resilience alongside other essential metrics. The result is a streamlined, all-in-one platform for crafting more robust and reliable workloads. Dive in to see how this integration can simplify your cloud management and strengthen application resilience.
Solution overview
Let’s say you have an application running on AWS. The app uses Amazon Elastic Compute Cloud (Amazon EC2), Amazon Relational Database Service (Amazon RDS), Amazon Simple Storage Service (Amazon S3), and other services to support its operations. Do you need to assess the resilience or compliance posture of your application? Are you unsure whether your application meets organizational policies for infrastructure Recovery Time Objective (RTO) and Recovery Point Objective (RPO)? RTO is the longest time your application can be down before it needs to be up and running again, while RPO is the maximum amount of data your organization can afford to lose if something goes wrong.
With AWS Resilience Hub now seamlessly integrated with the AWS Management Console’s myApplications feature, this information becomes readily accessible. The integration allows you to automatically create and update applications in AWS Resilience Hub based on myApplications constructs, trigger resilience assessments, and continuously monitor results directly in the AWS Management Console. By eliminating the undifferentiated heavy lifting involved in creating and managing applications across multiple services, the integration offers a streamlined experience and a single pane of glass for managing your applications and their resilience posture. Let’s get it done with just a few clicks.
Getting started
First, to onboard your application, go to the AWS Management Console, select the myApplications feature, and click Create New Application. Enter a name for your application and an optional description. To search for and add resources, ensure AWS Resource Explorer is turned on. For more details, see Getting started with AWS Resource Explorer. All added resources will be tagged with the awsApplication tag, which will be used to identify resources within your application. That’s all—your eCommerce application is now defined.
Now, from the myApplications dashboard, you can access a variety of insights into your application’s performance and operations through the Cost and Usage Data, Security, Monitoring and Operations, and DevOps widgets. There’s a new Resilience widget, which we’ll be exploring.
Let’s assess
At first, the Resilience widget won’t display any resilience data because the application hasn’t been assessed by AWS Resilience Hub yet.
To begin the onboarding and assessment process for your application:
- Click on the
Add application to assess
button. - You’ll be prompted to provide an AWS Identity and Access Management (IAM) role, which will be used for read-only access to your application’s resources. To simplify the setup and minimize the effort required for configuring permissions, we recommend using the pre-built AWS managed policy: AWSResilienceHubAssessmentExecutionPolicy. For detailed guidance on IAM roles for AWS Resilience Hub, please refer to the AWS Resilience Hub user guide – Setting Up Permissions.
- Click on the Assess application button. AWS Resilience Hub will create a dedicated resilience policy and an application in your environment (AWS account and Region). This process may take a few seconds to complete. Once everything is set up, AWS Resilience Hub will ran an assessment of your application, and the results will be displayed on the widget.
Widget metrics
The following screenshot illustrates the key metrics available in the widget, providing a comprehensive overview of your application’s resilience status.
First, check if your application has breached any policies. AWS Resilience Hub creates a dedicated policy for your app using default RPO and RTO values. To align the resilience policy with your organization’s needs, you can modify these default values or attach your own policy for future assessments.
Second, we also provide a resilience score—a metric ranging from 0 to 100—that reflects the overall resilience of your application based on its assessments and testing. This score helps evaluate how well your application is prepared to handle disruptions, such as failures or outages, and measures its ability to recover and continue functioning effectively. You can improve your resilience score by implementing the infrastructure and operational recommendations provided by AWS Resilience Hub. See more information in the AWS Resilience Hub user guide – Operational Recommendations.
Third, to monitor your application’s resilience posture over time, we recommend using scheduled assessments. You can enable this directly from the widget, and AWS Resilience Hub will perform daily assessments. The widget will automatically update with the latest data and resilience score history, tracking changes over time.
Finally, the widget will present information on policy and application drifts. Policy drift alerts you when the estimated workload recovery objectives no longer align with the recovery policy set for your application in AWS Resilience Hub. Application drift, on the other hand, detects changes like the addition or deletion of resources within the application’s input sources. Both types of drift are crucial because they indicate that the current state of the application or its infrastructure may no longer meet the defined resilience policies, potentially compromising the application’s ability to recover effectively during disruptions. For more information on drift detection in AWS Resilience Hub, please see the Identifying resilience drift using AWS Resilience Hub blog post.
Best Practices
To maximize the benefits of the new upgrades in AWS Resilience Hub and its integration with myApplications, follow these best practices. These steps will help you effectively manage your applications, enhance their resilience, and prepare them for any challenges.
- Centralize your application management: Use myApplications to consolidate all key metrics—cost, health, security, performance, and resilience—into a single view. This will help you maintain a comprehensive understanding of your application’s security, resilience, and compliance posture.
- Conduct regular workload assessments: Take advantage of AWS Resilience Hub’s enhanced capabilities to schedule resilience assessments. Use AWS Resilience Hub’s drift detection to identify deviations from your intended state, whether in policies or resources.
- Prioritize resilience improvements: Implement the tailored recommendations from AWS Resilience Hub to improve your infrastructure’s resilience. Focus on the most critical areas first for maximum impact.
- Optimize cost management: AWS Resilience Hub offers cost-based infrastructure recommendations, enabling you to balance resilience needs with financial constraints. Monitor cost metrics within myApplications to ensure your resilience initiatives remain budget-friendly.
- Integrate resilience into your development cycle: Incorporate resilience checks into your development and deployment cycles. This ensures that resilience remains a continuous priority rather than a one-time effort.
Conclusion
In summary, the integration of myApplications with AWS Resilience Hub centralizes key metrics and evaluations into a single platform, eliminating the need to switch between tools. This integration simplifies adding and configuring applications for resilience management. It also automates assessments, allowing you to efficiently manage and enhance your application’s resilience posture over time.
The integration is available in all regions where both myApplications capability and AWS Resilience Hub service are supported. You can learn more about it in the AWS Resilience hub user guide.
Give it a try with myApplications in the AWS Management Console and send feedback to the AWS re:Post for AWS Resilience Hub or through your usual AWS Support contacts.