AWS Architecture Blog

Category: Security, Identity, & Compliance

ERGO Architecture

How ERGO Implemented an Event-driven Security Remediation Architecture on AWS

ERGO is one of the major insurance groups in Germany and Europe. Within the ERGO Group, ERGO Technology & Services S.A. (ET&S), a part of ET&SM holding, has competencies in digital transformation, know-how in creating and implementing complex IT systems with focus on the quality of solutions and a portfolio aligned with the entire value […]

Read More
AWS Control Tower Management account screenshot

Field Notes: Enroll Existing AWS Accounts into AWS Control Tower

Originally published 21 April 2020 to the Field Notes blog, and updated in August 2020 with new prechecks to the account enrollment script. Last updated April 8, 2021 to reflect changes in the AWS Organizations service.  Since the launch of AWS Control Tower, customers have been asking for the ability to deploy AWS Control Tower […]

Read More
Sample post-merger AWS environment

Mergers and Acquisitions Readiness with the Well-Architected Framework

Companies looking for an acquisition or a successful exit through a merger, undergo a technical assessment as part of the due diligence process. While being a profitable business by itself can attract interest, running a disciplined IT department within your organization can make the acquisition more valuable. As an entity operating cloud workloads on AWS, […]

Read More
Figure 2 - Tagging Strategy

Field Notes: How FactSet Uses ‘microAccounts’ to Reduce Developer Friction and Maintain Security at Scale

This post was co-written by FactSet’s Cloud Infrastructure team, Gaurav Jain, Nathan Goodman, Geoff Wang, Daniel Cordes, Sunu Joseph and AWS Solution Architects, Amit Borulkar and Tarik Makota. FactSet considers developer self-service and DevOps essential for realizing cloud benefits.  As part of their cloud adoption journey, they wanted developers to have a frictionless infrastructure provisioning […]

Read More
Route 53 PHZs and Resolver Endpoints

Using Route 53 Private Hosted Zones for Cross-account Multi-region Architectures

This post was co-written by Anandprasanna Gaitonde, AWS Solutions Architect and John Bickle, Senior Technical Account Manager, AWS Enterprise Support Introduction Many AWS customers have internal business applications spread over multiple AWS accounts and on-premises to support different business units. In such environments, you may find a consistent view of DNS records and domain names […]

Read More
SIH: Emvironment in AWS Cloud-2

Fast and Cost-Effective Image Manipulation with Serverless Image Handler

As a modern company, you most likely have both a web-based and mobile app platform to provide content to customers who view it on a range of devices. This means you need to store multiple versions of images, depending on the device. The resulting image management can be a headache as it can be expensive […]

Read More

Field Notes: Automating Migration Requests for Reserved Instances and Savings Plans in Closed Accounts

Enterprise AWS customers are often managing many accounts under a payer account, and sometimes accounts are closed before Reserved Instances (RI) or Savings Plans (SP) are fully used. Manually tracking account closures and requesting RI and SP migration from the closed accounts can become complex and error prone. This blog post describes a solution for automating […]

Read More
Cow

The Satellite Ear Tag that is Changing Cattle Management

Most cattle are not raised in cities—they live on cattle stations, large open plains, and tracts of land largely unpopulated by humans. It’s hard to keep connected with the herd. Cattle don’t often carry their own mobile phones, and they don’t pay a mobile phone bill. Naturally, the areas in which cattle live, often do […]

Read More
WAF Solution Architecture

Field Notes: How to Identify and Block Fake Crawler Bots Using AWS WAF

In this blog post, we focus on how to identify fake bots using these AWS services: AWS WAF, Amazon Kinesis Data Firehose, Amazon S3 and AWS Lambda. We use fake Google/Bing bots to demonstrate, but the principles can be applied to other popular crawlers like Slurp Bot from Yahoo, DuckDuckBot from DuckDuckGo, Alexa crawler from […]

Read More
Raspberry PI

Field Notes: Integrating IoT and ITSM using AWS IoT Greengrass and AWS Secrets Manager – Part 2

In part 1 of this blog I introduced the need for organizations to securely connect thousands of IoT devices with many different systems in the hyperconnected world that exists today, and how that can be addressed using AWS IoT Greengrass and AWS Secrets Manager.  We walked through the creation of ServiceNow credentials in AWS Secrets […]

Read More