AWS Management & Governance Blog
Category: Advanced (300)
Keeping Ansible effortless with AWS Systems Manager
Ansible is a powerful tool because it lets you handle many complicated tasks with minimal effort. Some time ago, I published running Ansible playbooks using Systems Manager blog when the first version of the AWS Systems Manager (SSM) document was released, which enabled support for Ansible. In that blog, I discussed the tight integration of […]
Read MoreAutomating Feature Release using AWS AppConfig Integration with AWS Codepipeline
Last year, we released AWS AppConfig a new capability within AWS Systems Manager to create, manage, and quickly deploy application configurations. AppConfig enables you to validate your application configuration before deployment and enables you to deploy configuration in a controlled and monitored way. AWS AppConfig enables you to deploy configuration changes independent of the application code […]
Read MoreTracking your Oracle licenses using AWS License Manager
Introduction Many of our customers are running Oracle databases in AWS. They have asked for help with managing their Oracle licenses. In response, AWS has released some new features to AWS License Manager to help customers manage their Oracle licenses running in AWS. AWS License Manager is a service that helps customers manage their software […]
Read MoreSoftware patching with AWS Systems Manager
Cloud computing adoption has been rapidly increasing with enterprises around the globe, opting for various migration patterns during their cloud journey. Taking monolithic legacy applications as-is and moving them to the cloud, is an approach also known as “lift-and-shift,” and is one of the main drivers for cloud migration. As customers become more knowledgeable about […]
Read MoreTrack IBM license usage with AWS License Manager
Introduction In this blog post, I show you how you can track and enforce licensing for your IBM software products running on AWS or on-premises. IBM licenses many of its products using a processor-based licensing approach by Processor Value Units (PVU). IBM defines a processor, for purposes of PVU-based licensing, to be each processor core […]
Read MoreManaging aged access keys through AWS Config remediations
One of the security best practices that is time-consuming to manage is enforcing IAM access key rotation for IAM users. Access keys give IAM users the ability to connect to Amazon EC2 instances. Therefore rotating these regularly (for example, every 90 days) is one of the key steps in protecting your resources from unauthorized access. […]
Read MoreMulti-Account patch compliance with Patch Manager and Security Hub
Update 10/2020 – Viewing patch compliance findings across AWS accounts in AWS Security Hub is supported natively. For more information please see What’s new announcement here. Introduction In this blog post, I discuss how to import critical patch compliance findings into Security Hub. Security Hub is a service that provides customers with a comprehensive view […]
Read MoreImplementing Serverless Transit Network Orchestrator (STNO) in AWS Control Tower
Introduction Many of the customers that we have worked with are using advanced network architectures in AWS for multi-VPC and multi-account architectures. Placing workloads into separate Amazon Virtual Private Clouds (VPCs) has several advantages, chief among them isolating sensitive workloads and allowing teams to innovate without fear of impacting other systems. Many companies are taking […]
Read MoreUsing State Manager over cfn-init in CloudFormation and its benefits
Introduction If you have deployed Amazon Elastic Cloud Compute (EC2) instances via AWS CloudFormation, you most likely want to install software or configure the operating system of the instance. To accomplish this, you may have used cfn-init, one of the CloudFormation helper scripts available to AWS customers since February 2012. However, since that time AWS […]
Read MoreManaging resources using AWS CloudFormation Resource Types
Introduction Both custom resources and resource types are used to create an AWS CloudFormation resource that allow you to manage third-party resources. For example, during the creation of a simple website you may want to provision a third-party website monitor, which has a public API. In this case, you would develop and use a resource […]
Read More