AWS Cloud Operations & Migrations Blog

Category: Advanced (300)

CfCt AWS SAM blog

Simplify infrastructure deployments using Customizations for AWS Control Tower and AWS Serverless Application Model

Customers want flexibility and simpler ways to manage their AWS accounts. There are several ways customers can choose to customize their AWS account deployments at scale with flexibility such as Account Factory Customization (AFC), a native solution within AWS Control Tower account factory, or Customizations for Control Tower (CfCT), which this blog focuses on. To […]

Automate updating approval cut off dates for Patch Manager Patch Baselines

Automate updating approval cut off dates for Patch Manager Patch Baselines

AWS Systems Manager Patch Manager helps AWS customers manage and automate the process of patching their Linux and Windows managed nodes in AWS and hybrid environments. It provides various options and allows greater control over which patches are approved or rejected during installation using patch baselines. One parameter of patch baseline approval rules is the Auto […]

Announcing AWS CloudTrail Lake Dashboards – Visualize and Analyze CloudTrail data

In January 2022, AWS announced general availability of AWS CloudTrail Lake, a managed audit and security lake that allows you to aggregate, immutably store and query activity logs for auditing, security investigation and operational troubleshooting. Since launch, thousands of customers have adopted this feature. We are excited to announce that CloudTrail Lake dashboards are now […]

Managing CloudWatch Synthetics canaries at scale

Managing CloudWatch Synthetics canaries at scale

Amazon CloudWatch Synthetics offers an automated approach to monitoring the performance and availability of your application endpoints, REST APIs, and website content, allowing you to discover issues before your customers do. As your applications and suite of accompanying canaries grows over time, it becomes more challenging and time consuming to manage them at scale. This […]

How to grant least privilege access to third-parties on your private EC2 instances with AWS Systems Manager

AWS Systems Manager Session Manager provides a more secure way to manage your Amazon Elastic Compute Cloud (EC2) instances without the need to open inbound ports, maintain bastion hosts, or manage SSH keys. Furthermore, you can use it with a combination of AWS services to give access to external third-parties. Due to business requirements, you […]

Estimating AWS Config recorder costs and usage using AWS CloudTrail

AWS Config is a service that tracks configuration changes of AWS resources in your AWS account.  AWS Config uses the configuration recorder to create a configuration item whenever it detects a change to a resource type that it is recording. For example, if AWS Config is recording Amazon S3 buckets, AWS Config creates a configuration […]

AWS Organizations, moving an organization member account to another organization: Part 3

In part one, we identified different features of AWS Organizations requiring guidance and consideration when you move an account from one organization in Organizations to another. We focused on Organizations Polices, AWS Resource Access Manager (AWS RAM) shares, and AWS global condition context keys. In part two of the series, we identified behavior and actions when you want […]

AWS Organizations, moving an organization member account to another organization: Part 2

In part one, we identified different features of Organizations requiring guidance and consideration when you move an account from one organization in Organizations to another. We focused on Organizations Polices, AWS Resource Access Manager (AWS RAM) shares, and AWS global condition context keys. In this post, part two of a three-part series, we identify behaviors […]

AWS Organizations, moving an organization member account to another organization: Part 1

AWS customers use AWS Organizations as the basis of a multi-account AWS environment as defined by the Organizing Your AWS Environment Using Multiple Accounts AWS Whitepaper. Organizations is an AWS service that enables you to centrally manage and govern multiple accounts. Often there is a scenario when you must move an AWS account from one […]

Visualizing Resources with Workload Discovery on AWS

Operations Teams (Ops Teams) across enterprises typically rely on documented architecture diagrams to understand the dependencies of various workloads deployed on AWS. As enterprises continue to deploy large-scale multi-tiered workloads, it can become challenging for Ops Teams to track the ever changing relationships between the deployed resources, often meaning that documentation can’t keep up with […]