AWS Management & Governance Blog

Category: Advanced (300)

CloudWatch Alarm with SNS and Lambda trigger

Alarms, incident management, and remediation in the cloud with Amazon CloudWatch

Application workloads being built for the cloud are getting easier to deploy with tools like Amazon Elastic Kubernetes Service (Amazon EKS) and Amazon Elastic Container Service (Amazon ECS and AWS Fargate), infrastructure as code (IaC), and full-scale DevSecOps pipelines. But there’s more to migrating workloads than ease of development and deployment: application workloads still need […]

Read More
New architecture used by FireEye using EMF log format

Lowering costs and focusing on our customers with Amazon CloudWatch embedded custom metrics

This post was authored by Martin Holste, CTO for Cloud at FireEye. Amazon CloudWatch provides a mechanism to publish metrics through logs using a format called Embedded Metric Format (EMF). You can use this to ingest complex application metric data to CloudWatch along with other log data. Although you can use this feature in all […]

Read More

AWS CloudFormation support for AWS Service Catalog products

This blog post was updated on 7/21/2020 to reflect recent changes to how AWS Service Catalog obtains outputs from provisioned products. For more information see Provisioned product outputs are now available in AWS Service Catalog. You can use AWS Service Catalog to create preconfigured products that your developers can launch. In a large organization, it’s […]

Read More
Systems Manager Quick Setup Organization feature

Manage instances using AWS Systems Manager Quick Setup across AWS Organization

Are you an operations administrator trying to enable common configurations such as agent updates or patch scanning across your company? AWS Systems Manager Quick Setup now supports AWS Organizations. With this feature, Organization master accounts can now easily define configurations for Systems Manager to engage on your behalf across accounts in your Organization. You can […]

Read More

Microsoft SCCM admins: Get started with AWS Systems Manager Patch Manager

As organizations migrate their traditional data centers and applications into the AWS cloud, they also want to modernize their patching mechanisms in order to reap the benefits of operating in the cloud. We find that many customers are looking to move away from Microsoft System Center Configuration Manager (SCCM) for patching, and move towards an […]

Read More

Analyzing AWS CloudTrail in Amazon CloudWatch

In this blog post, we learn how to ingest AWS CloudTrail log data into Amazon CloudWatch to monitor and identify your AWS account activity against security threats, and create a governance framework for security best practices. We will analyze log trail event data in CloudWatch using features such as Logs Insight, Contributor Insights, Metric filters […]

Read More
Automatic drift remediation solution architecture

Implement automatic drift remediation for AWS CloudFormation using Amazon CloudWatch and AWS Lambda

“Stack drift” is a common occurrence for organizations using AWS CloudFormation, and remediating stack drift represents a persistent and tedious challenge for organizations managing critical infrastructure with CloudFormation stacks. Stack drift occurs when the actual configuration of an infrastructure resource differs from its expected configuration. Typically, this is caused by users editing resources directly by […]

Read More

Configure Session Manager access for federated users using SAML session tags

In this blog post, we show you how to configure Attribute-Based Access Control (ABAC) permissions to federate users into AWS Systems Manager Session Manager. We demonstrate how you can use attributes defined in external identity systems as part of the ABAC decisions within AWS, with SAML session tags. For example, you can grant access to […]

Read More

Keeping Ansible effortless with AWS Systems Manager

Ansible is a powerful tool because it lets you handle many complicated tasks with minimal effort. Some time ago, I published running Ansible playbooks using Systems Manager blog when the first version of the AWS Systems Manager (SSM) document was released, which enabled support for Ansible. In that blog, I discussed the tight integration of […]

Read More