Provisioning & Configuration Management |
- Setup, Configure & Operate AWS managed Resources
-
Launch & Configure Infrastructure stacks & associated AWS
resources
-
Remove Capacity when overprovisioned, Rightsizing resources
- Set and Manage Tag Policies
-
Archival Policy Configuration. Archive rule to Glacier, EFS,
S3 …
|
|
|
|
Conformance Pack Management |
- Set Control Tower Detective Guardrails
- AI & ML Conformance policies Implementation
- Access policies Guardrails management
- RDS config Rules Implementation
- Containers EKS and ECS Security Policy and configs
- EC2 and Load Balancers Hardening
-
Implement the needed conformance pack based on any available
resource
|
|
|
|
AWS Container Management |
-
Provision, Implement EKS and ECS Clusters and configuration
- Update, change and upgrade Pods and Clusters
-
Set Backup and Autoscaling policies for Pods and Clusters
|
|
|
|
Patch Management |
- Monitor & Report applicable OS Updates
-
Apply applicable patches and updates to AWS resources
-
Create a Test machine to implement patches for testing and
then move to Prod
-
Tag instances to associate them with custom maintenance
windows and Patch Baselines
|
|
|
|
Application Lifecycle |
- Implement & Manage CICD Pipelines
- Infrastructure Provisioning and Deployment
- Design & optimization of Standard Packs
|
|
|
|
Continuity Management |
-
Specify backup schedules based on needed RTO and RPO for
each resource available and filter them by Environment
- Execute and Validate backups daily
-
Restoration DryRun & DR Drills (if a DR strategy is
defined)
|
|
|
|
Security Management |
-
Manage the lifecycle of users, rotate IAM credentials
regularly, set password policies, apply the concept of least
privilege, and enable MFA
-
Check and Enable Security Services related to the AWS
Account - Config Rules, Security Hub, VPC FLow logs,
Cloudtrail logs ...
-
Determine SSL certificates required for the workloads
- WAF Implementation, Configuration and Monitoring
-
Manage privileged credentials for OS access provided to
customer by Zero&One
-
Manage federated authentication system(s) for customer
access to AWS console/APIs (Through AD, SSO, or Control
Tower)
- AWS Vulnerability Scanning
- Trend Micro deep security
- Conformity ongoing check for account security
-
Conduct Black Box (Twice per year) Penetration testing
|
|
|
|
Incident Management |
-
Proactively monitor and report incidents against defined
metrics
-
Categorize priority, respond and resolve incidents within
committed SLAs
- Assist in Application Level Troubleshooting
|
|
|
|
Problem Management |
- Identify and remediate problems identified
- Identify and report RCA post problem remediation
|
|
|
|
Change Management |
- Recommend Best practices & design solutions for RFCs
- Review and Approve RFCs
- Schedule & Report maintenance windows
- Request for change in scope
|
|
|
|
Logging & Monitoring |
-
Configuring alarms against customers/ workload defined
metrics
-
Installation & configurations of agents and scripts for
monitoring, patching, security, etc..
-
Monitoring alarms & recording AWS infrastructure change
logs
- Recording application change logs
- Monitoring Application performance
-
Set Specific monitors and Anomaly detection Using Machine
Learning models that predicts issues
- Trend Micro Security monitoring
- Conformity governance monitoring
|
|
|
|
Cost Management |
-
Perform ongoing cost management and resources cleanup
-
Continuous cost optimization recommendation & implementation
- Set billing & budget Alerts
-
Recommend and Implement Saving Plans and Reserved Instances
|
|
|
|
TAM |
|
|
|
|