AWS Management & Governance Blog

Category: Advanced (300)

AWS Organizations, AWS Config, and Terraform

In this post, I show how you can use AWS Organizations, AWS Config, and HashiCorp’s Terraform to deploy guardrails at scale. AWS Config provides configuration, compliance, and auditing features that are required for governing your resources and providing security posture assessment at scale. With its recent support for AWS Organizations, AWS Config makes it possible […]

Read More

AWS CloudFormation StackSet Orchestration: Automated deployment using AWS Step Functions

We often use AWS CloudFormation StackSets to automatically deploy infrastructure into many different accounts. Whether they are managed by AWS Control Tower or AWS Organizations, StackSets provide a simple and automated way to handle the creation of resources and infrastructure right after provisioning a new account. You can automatically deploy StackSets to accounts that belong […]

Read More

Extend AWS Control Tower governance using AWS Config Conformance Packs

As many customers adopt AWS Control Tower, they have asked Raphael and me how to add additional governance policies such as the NIST Cybersecurity Framework (CSF) to their environments on top of the guardrails that AWS Control Tower provides. Customers want to enable these additional policies on the AWS Regions where AWS Control Tower is […]

Read More

Identifying resources with the most configuration changes using AWS Config

AWS Config tracks changes made to supported resources and records them as configuration items (CIs), which are JSON files delivered to an Amazon S3 bucket. These are delivered in 6-hour intervals, as configuration history files. Each file contains details about the resources that changed in that 6-hour period, for the respective resource types, such as […]

Read More
Featured Image - Adjusting X-Ray sampling rules dynamically using CloudWatch Alarms

Dynamically adjusting X-Ray sampling rules

In a distributed system environment, tracing service-to-service interactions is essential to easily identify service bottlenecks, faults, and errors. AWS X-Ray allows you to set up tracing on your applications hosted on a variety of compute environments, such as Amazon Elastic Compute Cloud (Amazon EC2), AWS Elastic Beanstalk, Amazon Elastic Kubernetes Service (Amazon EKS), Amazon Elastic […]

Read More

Use Systems Manager Automation documents to manage instances and cut costs off-hours

Cut costs by minimizing infrastructure when it’s not under heavy use, for example turning off EC2 and RDS instances nights and weekends. In this post you will learn how to do this using Systems Manager Automation Documents, State Manager, and CloudWatch Events.

Read More

Deploying packages sequentially using AWS Systems Manager

AWS Systems Manager helps to control the sequence of package deployment in managed instances. Managed instances can be Amazon Elastic Compute Cloud (Amazon EC2) instances, virtual machines (VM) including VMs in other cloud environments, and on-premises servers. Customers are trying to automate the process of managing their state of hybrid infrastructure. They need to run […]

Read More

Analyzing Amazon Lex conversation log data with Amazon CloudWatch Insights

Conversational interfaces like chatbots have become an important channel for brands to communicate with their customers, partners, and employees. They help with faster service, 24/7 availability, and reduced service costs. By monitoring conversations between your customers and the bot, you can gain insights into user interactions, trends, and missed utterances. The additional insights will help […]

Read More

Harness the power of control automation to reduce operational risk and improve compliance

As Financial Service Industry (FSI) customers plan their migration to AWS, a common question is whether there is an easy approach for automating common technology controls to support nearly continuous compliance monitoring. The good news is that AWS provides a number of flexible and powerful capabilities to not only address compliance automation, but to also […]

Read More