AWS Cloud Operations & Migrations Blog

Automate continuous compliance at scale in AWS

AWS Config continuously monitors and records your AWS resource configurations. You can use the service to automate the evaluation and remediation of recorded configurations against desired configurations. You also can review changes in configurations and relationships between AWS resources and dive into the history of a resource configuration. AWS Config conformance packs provide a general-purpose compliance […]

Use existing Logging and Security Account with AWS Control Tower

AWS Control Tower provides the easiest way for you to set up and govern your AWS environment, or landing zone, following prescriptive AWS best practices managed on your behalf. AWS Control Tower orchestrates multiple AWS services (AWS Organizations, AWS CloudFormation StackSets, Amazon Simple Storage Service (Amazon S3), AWS Single Sign-On (AWS SSO), AWS Config, AWS CloudTrail) to build a landing zone […]

Bootstrapping multiple AWS accounts for AWS CDK using CloudFormation StackSets

The AWS CDK makes it easy to deploy an application to the AWS Cloud. But first you must “bootstrap” the target AWS account. You can bootstrap an AWS account by using the AWS CDK CLI and running cdk bootstrap. This is great for teams that have access to AWS accounts, or only need to bootstrap […]

Introducing new language extensions in AWS CloudFormation

AWS CloudFormation, an Infrastructure as Code (IaC) service that lets you model, provision, and manage AWS and third-party resources, recently released a new language transform that enhances the core CloudFormation language. For our first release, these enhancements are new intrinsic functions for JSON string conversion (Fn::ToJsonString), length (Fn::Length), and support for intrinsic functions and pseudo-parameter […]

Monitoring Data Ingestion Tasks with Amazon CloudWatch Metrics and Alarms

Data is produced every day in increasing volumes and varieties in on-premises and cloud environments. Data ingestion into AWS is a common task and there are many services and architecture patterns that customers use to bring in data. In this post, we provide a guide for establishing monitoring and alerting on a data ingestion workload […]

Building data-driven migration plans with application dependency discovery

Large-scale enterprise cloud migration projects are quite complicated. For example, legacy applications can be highly dependent on operating systems and external services, as well as suffer from a lack of maintenance. This creates challenges for finding the dependencies among different applications. An inventory list of equipment may not be available or updated. Therefore, we don’t […]

How to Manage Licenses for Servers Migrating to AWS using AWS License Manager

We often see large enterprises migrating their workloads to AWS, reaping the benefits of the state-of-the-art migration tool AWS Application Migration Service, and they prefer migrating their Microsoft workloads along with licenses. This post will show how we can lift and shift large enterprise workloads with Windows Bring Your Own Licenses (BYOL) using Application Migration […]

Integrating Kubecost with Amazon Managed Service for Prometheus

This blog post was co-written by Linh Lam, Solution Architect, Kubecost Customers can track their Kubernetes control plane and Amazon Elastic Compute Cloud (Amazon EC2) costs using AWS Cost and Usage Reports. However, they often need deeper insights to accurately track Kubernetes costs across namespaces, clusters, pods, and more. We recently announced that AWS and […]

Announcing AWS Config Compliance Scores for conformance pack

Back in November 2019, we announced AWS Config Conformance Packs, which is a collection of AWS Config rules and remediation actions that can be easily deployed as a single entity in an account and a region or across an organization in AWS Organizations. Conformance Packs have helped AWS customers to manage and enforce compliance of […]

Copy existing AWS CloudTrail trails events to a AWS CloudTrail Lake event data store

AWS announced the general availability of AWS CloudTrail Lake on 5th Jan 2022, a managed audit and security lake that lets you aggregate, immutably store, and query activity logs for auditing, security investigation, and operational troubleshooting. Since launch, customers have adopted this feature, and it’s an integral part of customer operational and security operational processes. […]