Category: AWS Organizations

AWS Backup simplifies policy-based data protection at scale, and observability offers insights into the backup process for monitoring, issue detection, troubleshooting, and optimization. This ensures backup dependability, efficiency, and security. CloudQuery enables managing and visualizing AWS Backup across accounts, including backup health, configuration, and protected resources to facilitate building a robust compliance posture.

For applications running outside AWS, developers often create IAM users with long-lived credentials which can increase security risks. Instead, learn how to integrate AWS IAM Web Identity Roles with Microsoft Entra ID for centralized user management. This post walks through manual setup steps to register an app in Entra ID and create a role in AWS, and describes an automated architecture to synchronize Entra ID service principals and AWS roles.

Crayon’s customizable landing zone accelerator automates setup of a secure, scalable AWS environment aligned to best practices. It establishes foundational accounts, applies baseline security controls, and integrates AWS services across the organization to drive cloud adoption for companies migrating to AWS while also improving governance for existing customers. Crayon guides customers through the landing zone build and subsequent workload migration, providing automation kits to speed deployments.

Infosys has crafted an automated self-service landing zone solution for AWS which employs AWS Control Tower to generate the customer’s organization unit structure and set up individual accounts. It uses the infrastructure as code tools from Terraform for infrastructure provisioning and Ansible for service configuration. The landing zone provides a pre-configured and secure environment, functioning as a springboard for organizations to manage their AWS resources effectively.

Many enterprises want to streamline identity management by introducing a single identity provider for their multi-cloud approach. In this post, we’ll cover the integration of single sign-on with Azure Active Directory in the context of AWS Control Tower. Learn how Devoteam A Cloud recently led a migration project where it presented a client with two options for integrating SAML 2.0 federation into their AWS Organization using Azure AD.

IAM Health Cloud is a SaaS solution available in AWS Marketplace that enables continuous and central collection and analysis of all AWS Identity and Access Management (IAM) data for determining a company’s IAM posture across any number of AWS accounts. Learn how to use IAM Health Cloud to gain near real-time centralized insight of all IAM assets across multiple AWS accounts, even if they are independent or part of fragmented AWS Organizations.

Data governance serves an important role in ensuring the quality, consistency, and security of data utilized across an organization. Using a multi-account structure with cross-account access is an AWS best practice that offers several other benefits. Learn how to set up a data governance system in AWS Organization accounts with clients’ use cases and solutions, and how ASCENDING overcame the technical challenges listed above.

DevSecOps teams are responsible for providing enhanced infrastructure observability while ensuring they have the ability to respond to security events in a matter of minutes across the entire organization. To address this challenge, Sumo Logic and AWS collaborated to build a solution that provides end-to-end security and incident management (SIEM) across an enterprise using AWS Organizations. This SIEM solution is based on the AWS Security Reference Architecture.

As AWS Control Tower is adopted more and more, it’s important that AWS Consulting Partners within the AWS Solution Provider Program can leverage the multi-account benefits Control Tower offers. Learn how the Solution Provider Program is flexible in the types of customer models it allows. This flexibility serves the end customer’s business needs. However, AWS Partners must take care in how they architect AWS Organizations for their customers, which directly impacts the use of Control Tower.

Many enterprise customers improve project security by segregating individual projects, or project environments like DEV or PROD, in separate AWS accounts. Mapping each project or project environment to a unique account provides a clear and easy way to maintain security boundaries and built-in cost accounting. Learn about EGlobalTech’s project-per-account model for accounts that enables users to seamlessly move between their AWS accounts and roles.