AWS Management & Governance Blog

Category: Learning Levels

Automatic drift remediation solution architecture

Implement automatic drift remediation for AWS CloudFormation using Amazon CloudWatch and AWS Lambda

“Stack drift” is a common occurrence for organizations using AWS CloudFormation, and remediating stack drift represents a persistent and tedious challenge for organizations managing critical infrastructure with CloudFormation stacks. Stack drift occurs when the actual configuration of an infrastructure resource differs from its expected configuration. Typically, this is caused by users editing resources directly by […]

Read More

Configure Session Manager access for federated users using SAML session tags

In this blog post, we show you how to configure Attribute-Based Access Control (ABAC) permissions to federate users into AWS Systems Manager Session Manager. We demonstrate how you can use attributes defined in external identity systems as part of the ABAC decisions within AWS, with SAML session tags. For example, you can grant access to […]

Read More

Keeping Ansible effortless with AWS Systems Manager

Ansible is a powerful tool because it lets you handle many complicated tasks with minimal effort. Some time ago, I published running Ansible playbooks using Systems Manager blog when the first version of the AWS Systems Manager (SSM) document was released, which enabled support for Ansible. In that blog, I discussed the tight integration of […]

Read More

Automating Feature Release using AWS AppConfig Integration with AWS Codepipeline

Last year, we released AWS AppConfig a new capability within AWS Systems Manager to create, manage, and quickly deploy application configurations. AppConfig enables you to validate your application configuration before deployment and enables you to deploy configuration in a controlled and monitored way. AWS AppConfig enables you to deploy configuration changes independent of the application code […]

Read More
Image showing the current AWS License Manager license configurations.

Tracking your Oracle licenses using AWS License Manager

Introduction Many of our customers are running Oracle databases in AWS. They have asked for help with managing their Oracle licenses. In response, AWS has released some new features to AWS License Manager to help customers manage their Oracle licenses running in AWS. AWS License Manager is a service that helps customers manage their software […]

Read More

Software patching with AWS Systems Manager

Cloud computing adoption has been rapidly increasing with enterprises around the globe, opting for various migration patterns during their cloud journey. Taking monolithic legacy applications as-is and moving them to the cloud, is an approach also known as “lift-and-shift,” and is one of the main drivers for cloud migration. As customers become more knowledgeable about […]

Read More
Image showing associate license configuration dialog with AWS Systems Manager managed instance

Track IBM license usage with AWS License Manager

Introduction In this blog post, I show you how you can track and enforce licensing for your IBM software products running on AWS or on-premises. IBM licenses many of its products using a processor-based licensing approach by Processor Value Units (PVU). IBM defines a processor, for purposes of PVU-based licensing, to be each processor core […]

Read More
Overview of architecture: Multiple target accounts send info to master account

Managing aged access keys through AWS Config remediations

One of the security best practices that is time-consuming to manage is enforcing IAM access key rotation for IAM users. Access keys give IAM users the ability to connect to Amazon EC2 instances. Therefore rotating these regularly (for example, every 90 days) is one of the key steps in protecting your resources from unauthorized access. […]

Read More

One-Click access to servers and VMs with Session Manager and MontyCloud

IT administrators and DevOps engineers often perform routine operations to manage their cloud infrastructure, modern on-premises environment workloads, and applications. One such routine operation is the ability to manage Amazon EC2 instances, on-premises instances, and virtual machines (VM) through a remote session. Several tasks such as application and server log reviews, fine-tune configurations, or aborting […]

Read More