AWS Management & Governance Blog

Category: Advanced (300)

Restrict Access by Member Account to a Centralized CloudTrail Logging Bucket

Restrict Access by member account to a centralized CloudTrail logging bucket

Logging and monitoring are critical components of a governance, risk, and compliance strategy. When you use AWS CloudTrail with AWS Organizations, you get an eagle-eye view of account activity across your AWS infrastructure. However, as your enterprise scales workloads in the cloud and accelerates cloud use, the logs can increase exponentially. Over time, you can […]

Read More
Use AWS License Manager API operations to manage your Oracle licenses based on Oracle cloud policy

Use AWS License Manager API operations to manage your Oracle licenses based on Oracle cloud policy

Learn with Shree on how to use AWS License Manager API operations to manage your Oracle licenses (for databases running on Amazon RDS for Oracle, Amazon EC2 and on-premises servers) based on Oracle cloud policy. Additionally, learn how to use the built-in integration of License Manager API operations with AWS CloudTrail to prepare for vendor audit.

Read More
Build and deploy a serverless app

Building and deploying a serverless app using AWS Serverless Application Model and AWS CloudFormation

Customers are constantly looking to innovate in order to remain competitive in their respective markets. One way to achieving such competitiveness is through the ability to build services and applications fast and cost effectively, thereby reducing time to market while driving down costs. One of the feedback we regularly get from customers is that, applications […]

Read More
Create a Jira issue using an AWS Config remediation action

Create a Jira issue using an AWS Config remediation action

AWS Config can create issue entries in the Jira Service Management platform when it determines an AWS resource is noncompliant. In this blog post, I show you how to configure an AWS Config rule to create a Jira issue after the rule detects a noncompliant AWS resource. I also share Jira Service Desk configuration changes […]

Read More
Automating the installation and configuration of Prometheus using Systems Manager documents

Automating the installation and configuration of Prometheus using Systems Manager documents

As organizations migrate workloads to the cloud, they want to ensure their teams spend more time on tasks that move the organization forward and less time managing infrastructure. Installing patches and configuring software is what AWS calls undifferentiated heavy lifting, or the hard IT work that doesn’t add value to the mission of the organization. […]

Read More
Set up Prometheus metrics collection on on-premises VMs and servers and ingest the metrics into Amazon Managed Service for Prometheus

Collect on-premises metrics using Amazon Managed Service for Prometheus

Prometheus is a popular open-source metrics monitoring solution that is widely used in a variety of workloads. Although it’s common for customers to use Prometheus to monitor container workloads, it’s also used to monitor Amazon Elastic Compute Cloud (Amazon EC2) instances and virtual machines (VMs) and servers in on-premises environments. Amazon Managed Service for Prometheus […]

Read More
Featured Image for Blog Post with title 'Use AWS CloudWatch Contributor Insights to monitor AWS Foundations Benchmark Controls"

Use AWS CloudWatch Contributor Insights to monitor CIS AWS Foundations Benchmark controls

Contributor Insights is a feature of AWS CloudWatch that can be used to analyze log data to create time series that displays contributor data. This will help you understand who or what is impacting your system and application performance by identifying top talkers, pinpointing outliers, finding the heaviest traffic patterns, and ranking the top system […]

Read More
Monitoring your EC2 server fleet with advanced CloudWatch agent capabilities

Monitoring your EC2 server fleet with advanced CloudWatch agent capabilities

Customers who are running fleets of Amazon Elastic Compute Cloud (Amazon EC2) instances use advanced monitoring techniques to observe their operational performance. Capabilities like aggregated and custom dimensions help customers categorize and customize their metrics across server fleets for fast and efficient decision making. Customers need visibility not only into infrastructure metrics (like CPU and […]

Read More
Automating shared VPC deployments with AWS CloudFormation

Automating shared VPC deployments with AWS CloudFormation

VPC sharing allows customers to share subnets from a central AWS account with other AWS accounts in the same organization created in AWS Organizations. Centralized control of your virtual private cloud (VPC) structure allows you to maintain separation of duties through AWS account boundaries. A best practice for creating VPCs and other resources in the AWS […]

Read More

Introducing AWS CloudFormation Guard 2.0

In their blog post published last year, Write preventive compliance rules for AWS CloudFormation templates the cfn-guard way, Luis, Raisa, and Josh showed you how to use CloudFormation Guard, an open source tool that helps validate your AWS CloudFormation templates against a rule set to keep AWS resources in compliance with company guidelines. Since the […]

Read More