AWS Management & Governance Blog

Category: Advanced (300)

Managing resources using AWS CloudFormation Resource Types

Introduction Both custom resources and resource types are used to create an AWS CloudFormation resource that allow you to manage third-party resources. For example, during the creation of a simple website you may want to provision a third-party website monitor, which has a public API. In this case, you would develop and use a resource […]

Read More

AWS Control Tower Detective Guardrails as an AWS Config Conformance Pack

Many of the customers I work with would like to be able to apply AWS Control Tower’s detective guardrails to an existing AWS account before moving them to Control Tower governance. Now that you can launch AWS Control Tower in an existing AWS Organization, customers want to evaluate their existing accounts for compliance with AWS […]

Read More

Setting up custom AWS Config rule that checks the OS CIS compliance

AWS announced that AWS Systems Manager’s Run Command now offers Chef InSpec audits through the AWS-RunInspecChecks document. This is a significant win for Systems Manager enthusiasts and other users who prefer an OS-based compliance check solution rather than using a whole new cloud service. This blog post is not about how to keep an OS […]

Read More

Monitor your private internal endpoints 24×7 using CloudWatch Synthetics

Introduction Since Amazon CloudWatch Synthetics launched in 2019, Synthetics canaries have become the first line of defense to reliably alert developers if their public endpoints, including REST APIs and URLs, show unexpected latencies or availability drops. In addition, Synthetics canaries can also monitor for broken links, or unauthorized content changes resulting from phishing, code injection, […]

Read More
Event-based notifications AWS Service Catalog

Creating event-based notifications and remediation in AWS Service Catalog using AWS Config

AWS Service Catalog allows organizations to quickly let their users deploy approved IT services to organize, govern, and provision cloud resources on AWS. However, users launching multiple instances can cause issues because: Some instances are not always active. The lack of limits on the number of active instances can result in an organization’s costs going […]

Read More
Partition count

Enhancing workload observability using Amazon CloudWatch Embedded Metric Format

Builders who run their workloads on AWS have many needs. In order to best serve their own customers, they need access to a reliable platform on which to run those workloads. They need flexible compute options, scalable data storage, and robust networking. They must make their workloads both scalable and highly available. Builders also desire […]

Read More

Remediate drift via resource import with AWS CloudFormation

When it comes to restaurants, consistency is key. Being able to create a salad once is simple, but being able to recreate the exact salad multiple times tends to be more difficult. Little variances between them may cause issues, like too much or not enough salad dressing, ruining the balance of the composed salad. Infrastructure […]

Read More

How to execute Chef recipes using AWS Systems Manager

It’s exciting to see how many AWS customers are taking advantage of AWS Systems Manager to manage and deploy infrastructure configuration at scale. I have previously blogged about the benefits of using AWS Systems Manager with configuration management tools, including Ansible and Salt. Recent improvements to the configuration management functionality, has made the service even […]

Read More

Building a fully automated Dow Jones Asset Tracking System on AWS

Dow Jones is a global provider of news and business information, delivering content to consumers and organizations around the world across multiple formats, including print, digital, mobile and live events. Dow Jones has produced unrivaled quality content for more than 130 years and today has one of the world’s largest news gathering operations globally. It […]

Read More

Creating Packer images using AWS System Manager Automation

If you run AWS EC2 instances in AWS, then you are probably familiar with the concept of pre-baking Amazon Machine Images (AMIs). That is, preloading all needed software and configuration on an EC2 instance, then creating an image of that. The resulting image can then be used to launch new instances with all software and […]

Read More