AWS Cloud Operations & Migrations Blog

Category: Advanced (300)

Change Management for Life Sciences

In this post, we’ll demonstrate how Customers looking to maintain Good Laboratory Practices (GLP), Good Clinical Practices (GCP), Good Manufacturing Practices (GMP) can get started evaluating their environments for the controls found in Title 21 of the Code of Federal regulations (CFR) Part 11, and remediate non-compliant resources via a change control process using native […]

Create patched clones of your workloads in a multi-account set up using AWS Systems Manager Automation

Zainab Allawi, Associate Solutions Architect, WWPS Solutions Architecture For businesses of different sizes, patch testing has mostly been manual, and patching process errors or incompatibilities could risk disrupting production workloads. AWS Systems Manager Automation simplifies the common maintenance and deployment tasks of Amazon Elastic Compute Cloud (Amazon EC2) instances and other AWS resources. It also […]

Visualize AWS Service Catalog Product Usage in an AWS Organization with Amazon QuickSight

  AWS Service Catalog is a widely used service that simplifies the management of tools, services, and resources in AWS accounts for organizations. This service empowers end users to provision products vetted by their organization in their environments with confidence in security and compliance. Portfolios are shared with AWS accounts in an AWS Organization, from which […]

How to centrally manage AWS IoT Greengrass devices using AWS Systems Manager

Remotely managing vast fleets of disparate systems and applications can be a challenging task for edge device administrators. AWS IoT Greengrass can help these system administrators manage their edge device application stack. However, system software on these devices must be updated and maintained separately via operational policies consistent with those of their larger IT organizations. […]

How Capgemini used AWS Systems Manager and other AWS services to provide cloud-native, self-service patch management and automation

This post was written in collaboration with David Wansell, an Enterprise Cloud Architect at Capgemini with over 20 years of experience across multiple enterprise domains. He designs and builds automation and solutions that enable customers to deliver on their desired outcomes in their cloud adoption journey. Customers need a way to do patch management in […]

Automate vulnerability management and remediation in AWS using Amazon Inspector and AWS Systems Manager – Part 2

Update 11/2022 – In September 2022, Amazon Inspector added support for Windows operating systems for continual software vulnerability scanning. This post supports remediating vulnerabilities only on Linux operating systems supported by the Systems Manager agent. This post is the second part of the Automate vulnerability management and remediation series using Amazon Inspector and AWS Systems […]

Automate vulnerability management and remediation in AWS using Amazon Inspector and AWS Systems Manager – Part 1

Update 11/2022 – In September 2022, Amazon Inspector added support for Windows operating systems for continual software vulnerability scanning. This post supports remediating vulnerabilities only on Linux operating systems supported by the Systems Manager agent. AWS recently launched the new Amazon Inspector for performing continuous vulnerability scans on Amazon Elastic Compute Cloud (Amazon EC2) instances […]

Auto-scaling Amazon EC2 using Amazon Managed Service for Prometheus and alert manager

Customers want to migrate their existing Prometheus workloads to the cloud and utilize all that the cloud offers. AWS has services like Amazon EC2 Auto Scaling, which lets you scale out Amazon Elastic Compute Cloud (Amazon EC2) instances based on metrics like CPU or memory utilization. Applications that use Prometheus metrics can easily integrate into […]

Using AWS CloudTrail Lake to identify older TLS connections to AWS service endpoints

To comply with regulatory standards and follow security best practices, organizations have told us that they want to ensure they have disabled older versions of Transport Layer Security (TLS), such as TLS 1.0 and 1.1, and only use modern TLS 1.2 and 1.3. When connecting to AWS API endpoints, your client software negotiates its preferred TLS version, […]

Deploy Multi-Account Amazon CloudWatch Dashboards

Organizations building modern applications require a way to gain actionable insights into their Amazon Elastic Compute Cloud (Amazon EC2) workloads. Amazon CloudWatch is a monitoring and observability service that collects operational data from logs, metrics, and events. The service lets customers monitor your resources spread across different accounts or regions in a single view, visualize […]