AWS Management & Governance Blog

AWS Config best practices

AWS Config is a service that maintains a configuration history of your AWS resources and evaluates the configuration against best practices and your internal policies. You can use this information for operational troubleshooting, audit, and compliance use cases. In this blog post, I share best practices on how to use AWS Config as a tool […]

Read More
Partition count

Enhancing workload observability using Amazon CloudWatch Embedded Metric Format

Builders who run their workloads on AWS have many needs. In order to best serve their own customers, they need access to a reliable platform on which to run those workloads. They need flexible compute options, scalable data storage, and robust networking. They must make their workloads both scalable and highly available. Builders also desire […]

Read More

Remediate drift via resource import with AWS CloudFormation

When it comes to restaurants, consistency is key. Being able to create a salad once is simple, but being able to recreate the exact salad multiple times tends to be more difficult. Little variances between them may cause issues, like too much or not enough salad dressing, ruining the balance of the composed salad. Infrastructure […]

Read More

Simplified Bring-Your-Own-License experience using AWS License Manager

AWS License Manager’s simplified Bring-Your-Own-License (BYOL) experience allows you to effectively govern and manage software licenses, such as Windows and SQL Server, that require a dedicated physical server. You can enjoy the flexibility and cost effectiveness of using your own licenses on Amazon EC2 Dedicated Hosts, but with the simplicity, resiliency, and elasticity of Amazon EC2. […]

Read More
Illustration of the flow of actions between accounts for the Security Hub account association handshake.

Automating AWS Security Hub Alerts with AWS Control Tower lifecycle events

AWS Control Tower is an AWS managed service that automates the creation of a well-architected multi-account AWS environment. Control Tower simplifies new account provisioning for your AWS Organization. Control Tower also centralizes logging from AWS CloudTrail and AWS Config, and provides preventative and detective guardrails. AWS Security Hub can be used to provide a comprehensive […]

Read More

Duplicating infrastructure on AWS

In large enterprise organizations, it’s challenging to maintain standardization across environments. This is especially true if these environments are provisioned in a self-service manner—and even more so when new users access these provisioning services. Once you have the resources deployed into an environment, it can be hard, or even impossible, to change it. In case […]

Read More

How to execute Chef recipes using AWS Systems Manager

It’s exciting to see how many AWS customers are taking advantage of AWS Systems Manager to manage and deploy infrastructure configuration at scale. I have previously blogged about the benefits of using AWS Systems Manager with configuration management tools, including Ansible and Salt. Recent improvements to the configuration management functionality, has made the service even […]

Read More

Deploy Conformance Packs across an Organization with Automatic Remediation

AWS Config conformance packs help you manage configuration compliance of your AWS resources at scale – from policy definition to auditing and aggregated reporting using a common framework and packaging model. Many enterprises have multiple AWS accounts to manage their AWS infrastructure and demand an easy way to manage compliance policy definitions across their organization. […]

Read More
Workflow diagram that shows how Control Tower's lifecycle events are generated and recorded

Using lifecycle events to track AWS Control Tower actions and trigger automated workflows

Many customers that I work with are creating and provisioning new accounts using AWS Control Tower. They prefer an AWS native solution for creating their environment knowing that it will be based upon documented AWS Best Practices. As customers scale their account creation, there exists an opportunity to use additional Control Tower features to perform […]

Read More

Building a fully automated Dow Jones Asset Tracking System on AWS

Dow Jones is a global provider of news and business information, delivering content to consumers and organizations around the world across multiple formats, including print, digital, mobile and live events. Dow Jones has produced unrivaled quality content for more than 130 years and today has one of the world’s largest news gathering operations globally. It […]

Read More