AWS Cloud Operations & Migrations Blog

Category: Advanced (300)

Automate configuration compliance at scale in AWS

Automate configuration compliance at scale in AWS

AWS Config continuously monitors and records your AWS resource configurations. You can use the service to automate the evaluation and remediation of recorded configurations against desired configurations. You also can review changes in configurations and relationships between AWS resources and dive into the history of a resource configuration. The basis of a well-architected multi-account AWS […]

Read More
Developing, versioning, testing, and deploying landing zone changes using CfCT across multiple landing zones

Developing, versioning, testing, and deploying landing zone changes using CfCT across multiple landing zones

Enterprise customers often ask how they can minimize risk when they’re developing and testing a landing zone configuration. They also want to know how they can promote code between multiple landing zones. ­AWS Control Tower provides the easiest way to set up and govern a secure, multi-account AWS environment, called a landing zone. Customers who […]

Read More
Cost optimization in AWS using Amazon CloudWatch metric streams, AWS Cost and Usage Reports and Amazon Athena

Cost optimization in AWS using Amazon CloudWatch metric streams, AWS Cost and Usage Reports and Amazon Athena

You can use metric streams to create continuous, near-real-time streams of Amazon CloudWatch metrics to a destination of your choice. Metric streams make it easier to send CloudWatch metrics to popular third-party service providers using an Amazon Kinesis Data Firehose HTTP endpoint. You can create a continuous, scalable stream that includes the most up-to-date CloudWatch […]

Read More
Manage your AWS CloudFormation templates and stacks using AWS Systems Manager

Manage your AWS CloudFormation templates and stacks using AWS Systems Manager

With AWS CloudFormation, you get a powerful way to automate and manage infrastructure as code. Until now, customers relied on Amazon Simple Storage Service (Amazon S3) or a version-control system to store, share, and manage CloudFormation templates as code artifacts. In addition, many customers use AWS Service Catalog for advanced use cases related to governance of […]

Read More
Ensure license compliance in AWS for ISVs using ISV seller-issued licenses

Ensure license compliance in AWS for ISVs using ISV seller-issued licenses

AWS License Manager helps reduce the risk of noncompliance by providing independent software vendors (ISVs) with a centralized AWS account and built-in controls to ensure only approved users and workloads can consume licenses. ISVs can use License Manager to manage and distribute software licenses to end users with and without AWS accounts. As an issuer, […]

Read More

Save costs and deploy highly available Microsoft Exchange on AWS using Dedicated Hosts and License Manager

In a previous blog, “How to run Microsoft Exchange on AWS using Amazon EC2”, you learn how you can run Microsoft Exchange on AWS. However, did you also know that you could save costs by bringing both your Windows Server and Exchange licensing to Dedicated Hosts? In this post, I will show you how Amazon […]

Read More
Setting up secure, well-governed machine learning environments on AWS.

Setting up secure, well-governed machine learning environments on AWS

When customers begin their machine learning (ML) journey, it’s common for individual teams in a line of business (LoB) to set up their own ML environments. This provides teams with flexibility in their tooling choices, so they can move fast to meet business objectives. However, a key difference between ML projects and other IT projects is […]

Read More
Use Amazon Athena and AWS CloudTrail to estimate billing for AWS Config rule evaluations

Use Amazon Athena and AWS CloudTrail to estimate billing for AWS Config rule evaluations

AWS Config is a service that enables you to audit your AWS resources for compliance to a desired configuration state. You are billed based on the number of Configuration Items (a point-in-time snapshot of an AWS resource) recorded and the number of AWS Config rules (a function that reports resource compliancy) evaluated per resource per […]

Read More

Automate preapproved operations with AWS Service Catalog service actions

Most of my enterprise customers have the need to allow their users to execute self-service operational tasks while restricting access to a minimum set of services. With AWS Service Catalog, you can provision pre-approved products, when combined with AWS Service Catalog service actions, you can provide simple predefined actions associated with the AWS Service Catalog […]

Read More
Restrict Access by Member Account to a Centralized CloudTrail Logging Bucket

Restrict Access by member account to a centralized CloudTrail logging bucket

Logging and monitoring are critical components of a governance, risk, and compliance strategy. When you use AWS CloudTrail with AWS Organizations, you get an eagle-eye view of account activity across your AWS infrastructure. However, as your enterprise scales workloads in the cloud and accelerates cloud use, the logs can increase exponentially. Over time, you can […]

Read More