AWS Management & Governance Blog

Category: Expert (400)

AWS Config

Using AWS Config custom resources to track any resource on AWS

AWS Config is a powerful service you can use to track infrastructure resources and simplify compliance. AWS Config continuously monitors and records your resource configurations. It also allows you to use AWS Config rules to automate the evaluation of recorded configurations against desired state. You can use its remediation actions to address noncompliant resources and […]

Read More

Customize Amazon CloudWatch alarm notifications to your local time zone – Part 2

In part 1 of this series, I cover how to customize Amazon CloudWatch alarm notifications using CloudWatch Events rule. For more information, see the Customize Amazon CloudWatch alarm notifications to your local time zone – Part 1 blog post. In this part, I walk through the process of using Amazon Simple Notification Service (Amazon SNS) […]

Read More

Customize Amazon CloudWatch alarm notifications to your local time zone – Part 1

This two-part series discusses how to customize Amazon CloudWatch alarm notifications to your local time zone. Part 1 covers customizing using CloudWatch Events rule. Part 2 covers customizing using Amazon SNS. You can use Amazon CloudWatch to set alarms and automate actions based on predefined thresholds or machine learning algorithms that identify anomalous behavior in […]

Read More

Continuous permissions rightsizing to ensure least privileges in AWS using CloudKnox and AWS Config

This blog post was contributed by Kanishk Mahajan, AWS and Maya Neelakandhan, CloudKnox As you migrate your workloads to the cloud or operate your existing workloads in the cloud it would be ideal if every application was deployed with the exact permissions that it required. In practice, however, the effort required to determine the precise […]

Read More

DevSecOps for auto healing PCI DSS 3.2.1 violations in AWS using custom AWS Config conformance packs, AWS Systems Manager and AWS CodePipeline

If you migrate your workloads to the cloud to modernize your applications or secure infrastructure and operations, you’ll find these migrations are increasingly performed with a DevOps methodology that incorporates continuous development, integration, and testing. It is always a best practice to incorporate security as code in your DevOps workflows to uncover security issues when […]

Read More

Four ways to retrieve any AWS service property using AWS CloudFormation (Part 1 of 3)

Many of you have experience using AWS CloudFormation to automate your application deployments. As you probably know, the service supports around 600 types of resources. When you optimize your templates, you might have discovered that each of those resource types encapsulates native AWS SDK API calls to create or update each resource’s state or configuration. You […]

Read More
Handling Region parity with infrastructure as code

Handling Region parity with infrastructure as code

AWS CloudFormation allows you to create and manage resources with templates. AWS provides a number of Regions where its services and features are available. Although it can be beneficial to deploy the same AWS CloudFormation template in multiple Regions, customers who operate in multiple Regions face challenges due to parity differences among services and their […]

Read More

Bring your own CLI to Session Manager with configurable shell profiles

In keeping with the principle that identity is the new perimeter, AWS Systems Manager Session Manager provides a mechanism for authenticated and authorized AWS Identity and Access Management (IAM) principals to gain data-plane shell access to Amazon EC2 instances, without setting up a traditional SSH pathway for access. It has become an indispensable tool for […]

Read More
Automated configuration of Session Manager without an internet gateway

Automated configuration of Session Manager without an internet gateway

Session Manager is a fully managed AWS Systems Manager capability that you can use to manage your Amazon Elastic Compute Cloud (Amazon EC2) instances, on-premises instances, and virtual machines (VMs) through an interactive one-click browser-based shell or through the AWS CLI. Session Manager also provides secure and auditable instance management without the need to open […]

Read More

Use Systems Manager Automation documents to manage instances and cut costs off-hours

Cut costs by minimizing infrastructure when it’s not under heavy use, for example turning off EC2 and RDS instances nights and weekends. In this post you will learn how to do this using Systems Manager Automation Documents, State Manager, and CloudWatch Events.

Read More