AWS Managed Services Features

At AWS, we want you to be successful. Consistent and secure operations in the cloud is a critical component. Our Operations Plans, AWS Managed Services Accelerate and AWS Managed Service Advanced, are designed to give you the right level of operational support, leverage standard AWS services, and augment your operations capabilities regardless of where you are in your cloud journey. We recommend AWS Managed Services Accelerate when you are already using AWS and would like us to augment your operational capabilities, and AWS Managed Services Advanced when you are looking for a full end-to-end operational solution. Operations Plans work at the level of an AWS accounts.

 

AWS Managed Services Accelerate
Operations Plan
 
AWS Managed Services Advanced
Operations Plan
 
Incident Management and Service Desk
   

Service Levels

Plus SLAs typically used for non-business critical workloads
Premium SLAs typically used for business critical workloads
Plus SLAs typically used for non-business critical workloads
Premium SLAs typically used for business critical workloads

Incident Management - Infrastructure and Security

AMS uses IT service management (ITSM) incident management best practices to restore service, when needed, as quickly as possible 24/7/365. SLAs are offered e.g.:

<= 15 minute response- P1 in Premium accounts
<= 4 hours restoration- P1 in Premium accounts
AMS uses IT service management (ITSM) incident management best practices to restore service, when needed, as quickly as possible 24/7/365. SLAs are offered, e.g.:

<= 15 minute response- P1 in Premium accounts
<= 4 hours restoration- P1 in Premium accounts
Incident management - AWS Incident Detection and Response  AWS Incident Detection and Response extends the incident management capabilities for subscribed or onboarded workloads. AWS Incident Detection and Response is available at no additional charge in eligible regions for AWS Managed Services direct customers with AWS Enterprise Support. AWS Incident Detection and Response extends the incident management capabilities for subscribed or onboarded workloads. AWS Incident Detection and Response is available at no additional charge in eligible regions for AWS Managed Services direct customers with AWS Enterprise Support. 

Backup and Recovery 

Backup configuration and restoration  Backup configuration and restoration

Service Requests 

Unlimited  Unlimited
Service Delivery     

Cloud Service Delivery Manager

Designated Cloud Service Delivery Manager (CSDM) who provides visibility, recommendations, escalation, and reporting through all phases of the onboarding, migration, and operational lifecycle and coordinates with your operations team
Designated Cloud Service Delivery Manager (CSDM) who provides visibility, recommendations, escalation, and reporting through all phases of the onboarding, migration, and operational lifecycle and coordinates with your operations team

Cloud Architect

Designated Cloud Architect (CA) who provides technical and operational expertise to improve your operational excellence in the cloud Designated Cloud Architect (CA) who provides technical and operational expertise to improve your operational excellence in the cloud

Operations on Demand Access*

20 hour blocks purchased for one-time or recurring non-standard operational work for standard catalog items or customized requests - currently available in the United States
20 hour blocks purchased for one-time or recurring non-standard operational work for standard catalog items or customized requsts - currently available in the United States

Proactive Programs

As requested through Operations on Demand*
Planned Event Management (PEM) events
Operational Logging, Monitoring, and Reporting     

AWS Resource Monitoring

Leveraging Amazon CloudWatch, AWS Health, and logs Leveraging Amazon CloudWatch, AWS Health, and logs

Controls Enforcement

Curated library of AWS Config rules
Curated library of AWS Config rules

Logging and Log Aggregation

AWS CloudTrail, Amazon CloudWatch, VPC flowlogs, AWS Managed Services Change Record, and system logs AWS CloudTrail, Amazon CloudWatch, VPC flowlogs, system logs, and AWS Managed Services change management activity

Reporting and Cost Optimization

Monthly reports and cost optimization guidance

Monthly reports, cost optimization guidance and execution, and quarterly reviews
Security Management    

Security Monitoring 

AWS GuardDuty/Amazon Macie alert investigation and remediation AWS GuardDuty/Amazon Macie alert investigation and remediation

Security Conformance

Detective controls and guardrails aligned with National Institute of Standards and Technology (NIST) and the Center for Internet Security (CIS) security frameworks
AWS Managed Services security hardended account and landing zone configuration, rotating bastions, all modifications through change management

IAM and Security Review 

AWS Config rules and alerts for common misconfigurations AWS Config rules and alerts, security review and approval by AWS Managed Services security team

Access Managment 

AWS IAM and AWS Systems Manager Session Manager
AWS IAM and Managed Microsoft Active Directory

Managed Firewall 

Customer Managed*

Managed Palo Alto Networks

Endpoint Protection 

Customer Managed* Managed TrendMicro
Patch Management and Operating System Support     

Patch Management 

Optional add-on: Automated patching with failure remediation for critical security and important updates Included: Automated patching with failure remediation for critical security and important updates

Amazon Machine Image (AMI) Management 

Customer Managed* Operations optimized and security enhanced Amazon Machine Image (AMIs) provided for supported OSes

Supported Operating Systems

Amazon Linux, CentOS, Oracle Linux, Red Hat Enterprise Linux (RHEL), SUSE Linux Enterprise Server, and Microsoft Windows Server. See documentation for major and minor versions of these operating systems supported by AWS Managed Services. Amazon Linux, CentOS, Oracle Linux, Red Hat Enterprise Linux (RHEL), SUSE Linux Enterprise Server, and Microsoft Windows Server. See documentation for major and minor versions of these operating systems supported by AWS Managed Services.
Landing Zone and Network Management    

Landing Zone and Account Operations 

Customer deployed and managed via AWS Control Tower or custom-built solution. See Operations on Demand for landing zone operations.* AWS Managed Services deployed and managed AWS Landing Zone

Network Configuration 

Network monitors and flowlog alerts. See Operations on Demand for additional configuration support.*
Pre-configured network with ongoing managed AWS Transit Gateway, Amazon VPC, and AWS Direct Connect
Provisioning and Change Management    

Change Protection 

AWS Config checks and audit via AWS CloudTrail Changes executed through change management, approved automations, manual review for non-standard changes, and detective guardrails

Provisioning 

AWS Console, APIs, CLI, AWS Cloudformation, AWS Service Catalog, AWS CodeDeploy AWS Managed Services Change Management, AMS AMIs, AWS Cloudformation, AWS Service Catalog, ITSM Integration, Developer Mode, and self-service provisioning

Change Management 

Customer provided  AWS Managed Services provided Change Management

IT Service Management (ITSM) Integration 

Using capabilities of ITSM tools, and and custom integrations
AWS Managed Services ServiceNow Connector
     

*Operations on Demand provides a flexible alternative to gain access to cloud operations expertise. Customers can purchase blocks of hours from a catalog of operations activities, and can be used for one-time and recurring operations activities not covered by operations plans.