AWS Managed Services Features
At AWS, we want you to be successful. Consistent and secure operations in the cloud is a critical component. Our Operations Plans, AWS Managed Services Accelerate and AWS Managed Service Advanced, are designed to give you the right level of operational support, leverage standard AWS services, and augment your operations capabilities regardless of where you are in your cloud journey. We recommend AWS Managed Services Accelerate when you are already using AWS and would like us to augment your operational capabilities, and AWS Managed Services Advanced when you are looking for a full end-to-end operational solution. Operations Plans work at the level of an AWS accounts.
|
AWS Managed Services Accelerate Operations Plan |
AWS Managed Services Advanced Operations Plan |
Incident Management and Service Desk |
||
Service Levels |
Plus SLAs typically used for non-business critical workloads Premium SLAs typically used for business critical workloads |
Plus SLAs typically used for non-business critical workloads Premium SLAs typically used for business critical workloads |
Incident Management - Infrastructure and Security |
AMS uses IT service management (ITSM) incident management best practices to restore service, when needed, as quickly as possible 24/7/365. SLAs are offered e.g.: <= 15 minute response- P1 in Premium accounts <= 4 hours restoration- P1 in Premium accounts |
AMS uses IT service management (ITSM) incident management best practices to restore service, when needed, as quickly as possible 24/7/365. SLAs are offered, e.g.: <= 15 minute response- P1 in Premium accounts <= 4 hours restoration- P1 in Premium accounts |
Incident management - AWS Incident Detection and Response | AWS Incident Detection and Response extends the incident management capabilities for subscribed or onboarded workloads. AWS Incident Detection and Response is available at no additional charge in eligible regions for AWS Managed Services direct customers with AWS Enterprise Support. | AWS Incident Detection and Response extends the incident management capabilities for subscribed or onboarded workloads. AWS Incident Detection and Response is available at no additional charge in eligible regions for AWS Managed Services direct customers with AWS Enterprise Support. |
Backup and Recovery |
Backup configuration and restoration | Backup configuration and restoration |
Service Requests |
Unlimited | Unlimited |
Service Delivery | ||
Cloud Service Delivery Manager |
Designated Cloud Service Delivery Manager (CSDM) who provides visibility, recommendations, escalation, and reporting through all phases of the onboarding, migration, and operational lifecycle and coordinates with your operations team |
Designated Cloud Service Delivery Manager (CSDM) who provides visibility, recommendations, escalation, and reporting through all phases of the onboarding, migration, and operational lifecycle and coordinates with your operations team |
Cloud Architect |
Designated Cloud Architect (CA) who provides technical and operational expertise to improve your operational excellence in the cloud | Designated Cloud Architect (CA) who provides technical and operational expertise to improve your operational excellence in the cloud |
Operations on Demand Access* |
20 hour blocks purchased for one-time or recurring non-standard operational work for standard catalog items or customized requests - currently available in the United States |
20 hour blocks purchased for one-time or recurring non-standard operational work for standard catalog items or customized requsts - currently available in the United States |
Proactive Programs |
As requested through Operations on Demand* |
Planned Event Management (PEM) events |
Operational Logging, Monitoring, and Reporting | ||
AWS Resource Monitoring |
Leveraging Amazon CloudWatch, AWS Health, and logs | Leveraging Amazon CloudWatch, AWS Health, and logs |
Controls Enforcement |
Curated library of AWS Config rules |
Curated library of AWS Config rules |
Logging and Log Aggregation |
AWS CloudTrail, Amazon CloudWatch, VPC flowlogs, AWS Managed Services Change Record, and system logs | AWS CloudTrail, Amazon CloudWatch, VPC flowlogs, system logs, and AWS Managed Services change management activity |
Reporting and Cost Optimization |
Monthly reports and cost optimization guidance |
Monthly reports, cost optimization guidance and execution, and quarterly reviews |
Security Management | ||
Security Monitoring |
AWS GuardDuty/Amazon Macie alert investigation and remediation | AWS GuardDuty/Amazon Macie alert investigation and remediation |
Security Conformance |
Detective controls and guardrails aligned with National Institute of Standards and Technology (NIST) and the Center for Internet Security (CIS) security frameworks |
AWS Managed Services security hardended account and landing zone configuration, rotating bastions, all modifications through change management |
IAM and Security Review |
AWS Config rules and alerts for common misconfigurations | AWS Config rules and alerts, security review and approval by AWS Managed Services security team |
Access Managment |
AWS IAM and AWS Systems Manager Session Manager |
AWS IAM and Managed Microsoft Active Directory |
Managed Firewall |
Customer Managed* |
Managed Palo Alto Networks |
Endpoint Protection |
Customer Managed* | Managed TrendMicro |
Patch Management and Operating System Support | ||
Patch Management |
Optional add-on: Automated patching with failure remediation for critical security and important updates | Included: Automated patching with failure remediation for critical security and important updates |
Amazon Machine Image (AMI) Management |
Customer Managed* | Operations optimized and security enhanced Amazon Machine Image (AMIs) provided for supported OSes |
Supported Operating Systems |
Amazon Linux, CentOS, Oracle Linux, Red Hat Enterprise Linux (RHEL), SUSE Linux Enterprise Server, and Microsoft Windows Server. See documentation for major and minor versions of these operating systems supported by AWS Managed Services. | Amazon Linux, CentOS, Oracle Linux, Red Hat Enterprise Linux (RHEL), SUSE Linux Enterprise Server, and Microsoft Windows Server. See documentation for major and minor versions of these operating systems supported by AWS Managed Services. |
Landing Zone and Network Management | ||
Landing Zone and Account Operations |
Customer deployed and managed via AWS Control Tower or custom-built solution. See Operations on Demand for landing zone operations.* | AWS Managed Services deployed and managed AWS Landing Zone |
Network Configuration |
Network monitors and flowlog alerts. See Operations on Demand for additional configuration support.* |
Pre-configured network with ongoing managed AWS Transit Gateway, Amazon VPC, and AWS Direct Connect |
Provisioning and Change Management | ||
Change Protection |
AWS Config checks and audit via AWS CloudTrail | Changes executed through change management, approved automations, manual review for non-standard changes, and detective guardrails |
Provisioning |
AWS Console, APIs, CLI, AWS Cloudformation, AWS Service Catalog, AWS CodeDeploy | AWS Managed Services Change Management, AMS AMIs, AWS Cloudformation, AWS Service Catalog, ITSM Integration, Developer Mode, and self-service provisioning |
Change Management |
Customer provided | AWS Managed Services provided Change Management |
IT Service Management (ITSM) Integration |
Using capabilities of ITSM tools, and and custom integrations |
AWS Managed Services ServiceNow Connector |
*Operations on Demand provides a flexible alternative to gain access to cloud operations expertise. Customers can purchase blocks of hours from a catalog of operations activities, and can be used for one-time and recurring operations activities not covered by operations plans.