AWS Cloud Operations Blog
Author: Ali Alzand
Ali is a Microsoft Specialist Solutions Architect at Amazon Web Services who helps global customers unlock the power of the cloud by migrating, modernizing, and optimizing their Microsoft workloads. He specializes in cloud operations - leveraging AWS services like Systems Manager, Amazon EC2 Windows, and EC2 Image Builder to drive cloud transformation. Outside of work, Ali enjoys exploring the outdoors, firing up the grill on weekends for barbecue with friends, and sampling all the eclectic food has to offer.
Automate installing AWS Systems Manager agent on unmanaged Amazon EC2 nodes
Managing a fleet of AWS resources at scale can be challenging. Organizations rely on multiple solutions to automate tasks, collect inventory, patch instances, and maintain security compliance. Organizations need to access instances without opening inbound ports or managing SSH keys. AWS Systems Manager (SSM) simplifies this by serving as a centralized management solution that supports […]
Manage third party applications in Windows Server nodes using AWS System Manager and Chocolatey
System Administrators face a never-ending list of tasks in IT organizations, with one of the most critical being the installation and updating of software packages. This process is essential for maintaining a secure posture across systems. However, as the number of servers grows, manually managing updates becomes increasingly time-consuming and inefficient. The challenge we’re addressing […]
Automate Systems Manager patching reports via email and Slack notifications in an AWS Organization
An effective patch management is foremost for maintaining system security, reliability, and compliance across your IT infrastructure. AWS Systems Manager (SSM) provides a comprehensive patching solution, enabling you to automate the deployment of operating system updates to your nodes deployed on AWS, on-premises, and multicloud environments. However, as your organization scales, tracking and reporting on […]
Automate incident reports from AWS Systems Manager Incident Manager
An effective incident management is foremost for maintaining system reliability and ensuring quick responses to unexpected incidents. Incident Manager, a capability of AWS Systems Manager, helps to mitigate and recover from these incidents by enabling automated responses. In a previous blog with Incident Manager, we talked about setting up escalation mechanisms, creating response plans and […]
Identify AWS Systems Manager Patch Compliance Status with AWS CloudTrail Lake
Security and compliance is a shared responsibility between AWS and the customer. The shared responsibility model outlines responsibilities for Security of the Cloud versus Security in the Cloud. Customers are responsible for Security in the Cloud, which includes patching Amazon EC2 instances. For the customers running workloads on EC2 instances, during security audits, they may be […]
Manage AWS Managed Microsoft AD resources with Session Manager port forwarding
Active Directory administrators are accustomed to managing domain resources using Remote Server Administrators Tools (RSAT) installed on either their workstations or a member server in the domain. When it comes to managing resources on a managed Active Directory service, such as the case with AWS Managed Microsoft AD, these tools must be available for administrators […]
Multi-Account patch compliance with Patch Manager and Security Hub
Update 10/2020 – Viewing patch compliance findings across AWS accounts in AWS Security Hub is supported natively. For more information please see What’s new announcement here. Introduction In this blog post, I discuss how to import critical patch compliance findings into Security Hub. Security Hub is a service that provides customers with a comprehensive view […]