Our Amazon Web Services (AWS) MSP Validation Checklist Mapping is designed to provide CloudCheckr partners with a practical means to validate the functional and operational benefits of CloudCheckr when measured against the AWS MSP v4.0 evaluation metrics.
Article Managed Services May 2, 2019

Considerations for Amazon Web Services MSP Partner Program Validation Checklist Mapping

Our Amazon Web Services (AWS) MSP Validation Checklist Mapping is designed to provide CloudCheckr partners with a practical means to validate the functional and operational benefits of CloudCheckr when measured against the AWS MSP v4.0 evaluation metrics.

This validation checklist mapping is meant to respond to the latest version of the AWS MSP evaluation matrix (version 4.0) which was released in February 2019. By definition, the AWS controls are subject to interpretation and revision. This mapping should be used, in conjunction with specific use-case knowledge, to fulfill the listed controls in the manner indicated. Our matrix reflects the most recent program criteria, with improvements focused on raising the bar for both MSP Partner and AWS customer experiences.

1.0 APN Partner Capabilities Overview
1.2 Next Generation Managed Services Evangelism
How CloudCheckr Helps

CloudCheckr offers a forum for MSPs to evangelize the benefits of the cloud, including managed services and AWS in specific. MSP partners are encouraged to participate in CloudCheckr webinars, blog posts and more.

2.0 Business Health
2.2 Financial Planning and Reporting
How CloudCheckr Helps

CloudCheckr can provide AWS financial metrics, profit analysis, and spend analysis reports to assist Partner with providing financial planning reports.

2.0 Business Health
2.6 Validation of Customer References
How CloudCheckr Helps

CloudCheckr can help author case studies covering an MSP’s customers who use CloudCheckr, either via white labeled or CloudCheckr branding.

3.0 Business Management
3.1 Resource/ Capacity Planning
How CloudCheckr Helps

CloudCheckr delivers heatmaps and forecasting reports and reserved instance recommendations to help predict and plan for future usage.

3.0 Business Management
3.4 Supplier Management
How CloudCheckr Helps

CloudCheckr has multiple competencies with AWS and was recognized as AWS re:Invent 2017 Sponsor of the Year. CloudCheckr’s numerous Security Best Practice Checks include ensuring Multi-Factor Authentication is enabled. These features, combined with process documentation from the Partner, can demonstrate due diligence.

3.0 Business Management
3.5 AWS Support Plan
How CloudCheckr Helps

CloudCheckr can detect the support level of an AWS customer.

5.0 Solution Design Capability
5.1 Solution Capabilities
How CloudCheckr Helps

CloudCheckr includes system performance, capacity management and availability reports in the form of heatmaps, utilization reports, idle and unused resources best practice checks. Security and gap identification are addressed with best practice checks and Total Compliance reports. CloudCheckr employees numerous individuals with various AWS certifications including Solutions Architect.

7.0 Infrastructure and Application Migration Capability
7.1 Infrastructure Migration Capabilities Leveraging AWS Best Practices
How CloudCheckr Helps

CloudCheckr is closely-aligned with the AWS Well-Architected Framework, delivering features that address all of the ‘pillars’ described in the framework, particularly Security (Security Best Practice Checks, Total Compliance), Reliability (Availability Best Practice Checks), Performance Efficiency (Heatmaps, Utilization Reports, Right Sizing, Idle and Unused Best Practice Checks), and Cost Optimization (Savings Report, Reservation Recommendations, Right Sizing.)

8.0 Security
8.1 Security Management
How CloudCheckr Helps

CloudCheckr automatically and periodically runs 100+ Security Best Practice Checks, many supporting Automated Self-Healing. Infrastructure is scored on up to 35 compliance standards via Total Compliance. Change Monitoring records changes to infrastructure. Alerts can generate tickets or messages via ServiceNow, Jira, PagerDuty, Slack, email, SNS and even AWS Lambda.

8.0 Security
8.2 Security Event Logging and Retention
How CloudCheckr Helps

CloudCheckr maintains reports and logs for as long as seven years, to assist with audits. Data is immutable a.k.a. read-only for added security. CloudCheckr SnapBack™ enables point-in-time review.

9.0 Security
9.3 Ticketing Systems
How CloudCheckr Helps

CloudCheckr Alerts can generate tickets or messages via ServiceNow, Jira, PagerDuty, Slack, email, SNS and even AWS Lambda.

9.0 Security
9.5 Proactive Monitoring and Alerting
How CloudCheckr Helps

CloudCheckr integrates with both CloudWatch and CloudTrail for ongoing monitoring and alerts. Automated Self-Healing can repair misconfigurations upon detection, if enabled.

9.0 Security
9.6 Next Generation Monitoring Capabilities
How CloudCheckr Helps
9.6.1

CloudCheckr integrates with and ingests data from numerous heterogeneous monitoring and logging sources, both via Direct Integrations and the CloudCheckr Application Programming Interface.

Data sources include Datadog, New Relic, CloudTrail and CloudWatch, including CloudWatch Custom Metrics.

Additionally, CloudCheckr dynamically ingests Blocklist data (https://www.neutrinoapi.com/api/ip-blocklist/) to incorporate malicious IP addresses in order to automatically take action.

The result of these integrations can be configured to trigger events in CloudCheckr. Events can launch Lambda scripts to perform automation, ServiceNow tickets, JIRA, PagerDuty, Slack, SNS, email and other events. CloudCheckr’s Workflow Automation supports “Request Fix”, “Fix Now” and “Always Fix” for hands-off automation. See Case Studies, including Ocado, here: https://cloudcheckr.com/resources/?type=casestudy

 

9.6.2. 

Some of the anomalies CloudCheckr is able to check for, by “comparing patterns in a single metric over time or comparing a metric for a single member of a cluster against other member nodes to identify unhealthy resources” include the following Best Practice Checks:

  • Workspace With Unhealthy State
  • Unhealthy EC2 Instances Attached to Load Balancers
  • Uneven Availability Zone Distribution of EC2 Instances

Specifically, the “Uneven Availability Zone Distribution of EC2 Instances” Best Practice Check meets the “comparing a metric for a single member of a cluster against other member nodes” requirement. It verifies that no Availability Zone within a region houses 50% fewer EC2 instances than any other Availability Zone. This is an example where a single threshold is not used, such as total number of healthy instances in a cluster, but rather the cumulative state of healthy EC2 instances in each Availability Zones within a single region, are statistically compared to determine if a replacement should occur. This is not based on a specific hardcoded instance count threshold. The number of Healthy Instances in an AZ could be 1, 20, or 99 and that still is not enough to determine if an alert is warranted. It all depends upon the statistics of OTHER healthy EC2 instances in other AZs in the same region.

For example:
1+1 = No Alert
1+3 = Alert
20+19 = No Alert
20 + 45 = Alert
99 + 120 = No Alert
99 + 200 = Alert
10 + 10 + 20 = No Alert

10 + 10 + 21 = Alert

In all of those cases, a single metric for a single node is insufficient. The metrics of the entire cluster are factored in and statistically compared to each other in order to determine if an alert is warranted, rather than a static metric.

Specific Use Case / Example:

An Auto-Scaling Group currently has 9 EC2 servers, distributed equally among three Availability Zones, AZ1, AZ2 and AZ3, i.e. three EC2 instances per zone. Suddenly, a failure in AZ1 results in a single EC2 to crash. There are now 2, 3 and 3 instances in the three zones, respectively, in the group.

CloudCheckr detects the anomaly but allows it because the outage is within norms, specifically no more than 50% fewer instances in a specific zone versus the other zone(s).

Now in the same scenario, a second EC2 crashes, also in AZ1. There are now 1, 3 and 3 instances. AZ1 now has 33% of the count of healthy instances in any of the other AZs. An Alert is thrown because this ratio is below 50% of the number of healthy instances in the other Availability Zones.

Alternatively, if there had been 30, 30 and 30 EC2s in the three Availability Zones, and two servers crashed in AZ1, the new ratio would be 28:30:30. This would still be well above the 50% mark so an Alert would not be thrown.

This is an example where a metric based on the number of unhealthy instances is not used as a threshold to generate an alert, but is one variable used to statistically compare against the whole network, in order to generate a notification and recommend action. See Case Studies, including JHC Technology and Ocado, here: https://cloudcheckr.com/resources/?type=casestudy

9.0 Security
9.8 Continuous Compliance
How CloudCheckr Helps

CloudCheckr’s Total Compliance scores infrastructure relative to 35 distinct regulatory standards (PCI-DSS, HIPAA, CIS, NIST, ISO, etc.) with up to seven years of historical data. CloudCheckr SnapBack™ enables point-in-time review.

9.0 Security
9.13 Configuration and Change Management
How CloudCheckr Helps

Change Monitoring reports displays additions, deletions and edits with details on the time and user who made the change.

9.0 Security
9.14 Customer Reports
How CloudCheckr Helps

Web accessible reports are available to end users, often with the ability to specify parameters, for heatmaps, inventory, Right Sizing, and more.

11.0 Optimization
11.2 Automation Optimization Process
How CloudCheckr Helps

CloudCheckr delivers optimization manually and automatically via Savings Report, Reservation Recommendations, Heatmaps, Utilization Reports, Right Sizing, Idle and Unused Best Practice Checks. Many Best Practice Checks can be resolved via “Fix Now” or “Always Fix” or “Request Fix” automated workflows.

12.0 AWS Billing and Cost Management
12.3 Solution Provider Billing Solutions
How CloudCheckr Helps

CloudCheckr provides automated invoicing and cost optimization recommendations including Savings Report, Reservation Recommendations, Heatmaps, Utilization Reports, Right Sizing, Idle and Unused Best Practice Checks.

12.0 AWS Billing and Cost Management
12.5 Solution Provider Rebilling Capabilities
How CloudCheckr Helps

Ability to add custom charges, apply credits, unshare reservations and display blended, unblended, or list pricing.

CloudCheckr empowers certified MSPs, CSPs, Resellers, System Integrators, and Advanced Consulting Partners worldwide to run their cloud as a business. The CloudCheckr cloud management platform (CMP) unifies cost, security, and governance for multi-cloud deployments. Partners of all sizes trust us to manage and optimize public cloud environments so they can effectively grow their practice, increase profitability, improve business operations and confidently meet the expectations of third-party validation audits for next-generation partners.

With CloudCheckr, partners can deliver differentiated products and services to AWS clients to help them:

  • Save money in the cloud by automating cost allocation, optimize spend with analytics and streamlining billing and chargeback processes
  • Mitigate security risks by proactively reducing the attack surface, continuously monitor security activity and demonstrate compliance
  • Increase operational efficiency by reducing resource waste, increasing utilization and automating cloud cost and security management

Cloud management by CloudCheckr includes automated cloud cost and expense management, cloud security, compliance, asset management, and resource utilization that supports most primary and secondary cloud services. Upon completion of the registration process and setting up of the necessary credentials and permissions, CloudCheckr will load valuable partner information about the who is spending money in the cloud, what services are being used, how are these services being used, how are security controls being implemented, where are potential configuration vulnerabilities or concerning activities, and what has been the history of my usage, costs, configurations, and controls.

Subscribe to our Blog
Sign up now to get more great content.

Related Resources

TRY CLOUDCHECKR FREE FOR 14 DAYS!
Learn how CloudCheckr can help you optimize and automate your cloud.
WANT TO SEE CLOUDCHECKR IN ACTION?
 
 

Are You Subscribed to the Check List?

 
 
 

The CloudCheckr Newsletter

Our Best Articles and Insights Direct to Your Inbox

 

SUBSCRIBE

 

Get What You Need to Succeed—Download our White Papers

 
 
 

NEW
WHITE
PAPER

Your Role in the Shared Responsibility Model
A Guide to Understanding and Taking Control

 

DOWNLOAD

 

Free Webinars Await—See What's Next

 
 
 

NEXT
WEBINAR

Defend Your Clouds

Make Your IT Team Your Strongest Security Asset

 

LEARN MORE