AWS Cloud Operations & Migrations Blog

Category: Advanced (300)

Automate enrollment of accounts with existing AWS Config resources into AWS Control Tower

Customers who deployed AWS Control Tower in their existing organization will begin enrolling existing member accounts located under Organization Units (OU) to bring those accounts under the governance of Control Tower. In most cases, the customer has already enabled AWS Config to record, and evaluate AWS resource configurations in existing accounts. Previously, customers who would want […]

Cross-account configuration with AWS AppConfig

Customers will often start using various AWS services through a single AWS account. As customers continue their AWS journey, they increase the number and diversity of workloads operating on AWS. Furthermore, as the number of users grows, managing this account becomes difficult and time consuming. Then, customers create more accounts for multiple users. This helps […]

Maintain compliance using Service Control Policies and ensure they are always applied

Many of our customers manage multiple AWS accounts in AWS Organizations and utilize Service Control Policies (SCPs) to centrally manage permissions in their organization. SCPs offer central control over the maximum available permissions for every account in your organization and can be applied to an account, organization units (OUs), or the organization as a whole […]

Migrate from mainframe CA7 job schedules to Apache Airflow in AWS

When you migrate mainframe applications to the cloud, you will usually have to migrate mainframe job schedules too. In this post, I’ll show you how to migrate mainframe CA7 job schedules to a cloud native job scheduler in AWS, how to trigger off event-based jobs, how to run streaming jobs, how to migrate CA7 database, […]

Proactively keep resources secure and compliant with AWS CloudFormation Hooks

Organizations want their developers to provision resources that they need to build applications while maintaining compliance with security, operational, and cost optimization best practices. Most solutions today inform customers about noncompliant resources only after those resources have been provisioned. These noncompliant resources exist until they are deleted or modified and increase security risk, operational overhead, […]

Automate time series network visualizations for AWS PrivateLink using Amazon CloudWatch Contributor Insights

AWS PrivateLink is a highly available, scalable technology that lets you connect your Amazon Virtual Private Cloud (VPC) to supported AWS services without requiring public internet traversal. It also lets you privately connect to services hosted by other AWS accounts (VPC endpoint services) and supported AWS Marketplace partner services. Amazon CloudWatch Contributor Insights is a […]

Use AWS Systems Manager Automation to automate Snowflake storage integrations with Amazon S3

AWS Systems Manager lets you safely automate common and repetitive IT operations and management tasks. Furthermore, Systems Manager Automation lets you use predefined playbooks, or you can build, run, and share wiki-style automated playbooks to enable AWS resource management across multiple accounts and AWS Regions. Snowflake, the Data Cloud, is an APN Partner that provides […]

Use AWS Systems Manager custom Inventory to locate Log4j files on managed nodes

In this post we will provide guidance to assist customers responding to the recently disclosed Log4j vulnerability by detailing how to use AWS Systems Manager Inventory to locate Log4j JAR files on Linux and Windows Amazon Elastic Compute Cloud (EC2) instances and hybrid managed nodes. A hybrid managed node includes on-premises servers, edge devices, and virtual […]

Manage AWS account alternate contacts with Terraform

Managing AWS billing, support and service team notifications, and potential security events are critical for customers to ensure security, cost optimization and operational monitoring for their AWS deployments. Alternate contacts allow us to contact another person about issues with your account at the right time, even if you’re unavailable. AWS will send you operational notifications such […]

Monitoring underlying hardware failures for EC2 instances by logging them with Amazon OpenSearch Service

With Amazon Elastic Compute Cloud (Amazon EC2) you can spin up a virtual server or instance of various sizes that run on system composed of server, storage, and network hardware. AWS uses status checks to monitor the system on which an EC2 instance runs and detects underlying problems with your instance. These checks are performed […]