AWS Cloud Operations Blog
Category: Expert (400)
Monitor Istio on EKS using Amazon Managed Prometheus and Amazon Managed Grafana
Service Meshes are an integral part of the Kubernetes environment that enables secure, reliable, and observable communication. Istio is an open-source service mesh that provides advanced network features without requiring any changes to the application code. These capabilities include service-to-service authentication, monitoring, and more. Istio generates detailed telemetry for all service communications within a mesh. This telemetry […]
DevOps automation for backup compliance in AWS using AWS Backup Audit Manager
Backup compliance in AWS includes defining and enforcing backup policies to encrypt your backups, protect them from manual deletion, prevent changes to your backup lifecycle settings, and audit and report on backup activity from a centralized console. AWS Backup Audit Manager, a feature within the AWS Backup service, provides built-in compliance controls for these areas. […]
Managing cross-Region reports for AWS Marketplace and AWS Service Catalog resources
Organizations have many business reasons to track resource usage across their AWS environments. For example, management and administrative teams want to track operation expenditure, license governance, and asset tracking for their AWS Marketplace solutions across Regions currently in use. A centralized reporting dashboard allows the teams to access this information quickly and efficiently. This post […]
Supporting Data Residency Requirements by Extending AWS Control Tower Governance to Non-supported Regions
In today’s complex computing environment, organizations continually have new requirements for maintaining data. In essence, data residency is established on multiple levels, and AWS offers different features and services to support it. This post focuses on utilizing the AWS Control Tower governance model to support data residency requirements in regions where AWS Control Tower isn’t […]
Migrate AWS Landing Zone solution to AWS Control Tower
Customers who wanted to quickly set up a secure, compliant, multi-account AWS environment had adopted AWS Landing Zone solution (ALZ). To reduce the burden of managing this ALZ, AWS has announced a managed service – AWS Control Tower (Control Tower). AWS Control Tower creates your landing zone using AWS Organizations, thereby bringing together ongoing account […]
Monitor Private VPC Endpoint Health in Hybrid DNS Environments Using CloudWatch Synthetics
We start by paying homage to the Amazon CloudWatch Synthetics canary naming convention, which nods to the original use of canaries to detect carbon monoxide in coal mines. The bird’s small size, high metabolism, and intensified breathing led to their early demise when exposed to the poisonous gas, thereby allowing miners to take corrective action […]
Extending your Control Tower Network security with Amazon Route 53 DNS Firewall
In our previous post, “Securely scale multi-account architecture with AWS Network Firewall and AWS Control Tower”, we described how AWS Network Firewall can be implemented in an AWS Control Tower environment. AWS Network Firewall provides a stateful, managed firewall with rules to filter and block network and application layer traffic coming to your applications. Centralized […]
Monitoring AWS Elastic Beanstalk .NET applications with Amazon CloudWatch and Amazon Managed Grafana
AWS Elastic Beanstalk simplifies deployments by handling many of the architectural complexities involved with managing highly available applications. Elastic Beanstalk provides a monitoring console that displays your environment’s status and application health. However, in large deployments with complex application servers, this often requires supplemental, finer grained monitoring and dynamic dashboards in order to achieve the […]
Migrating accounts between AWS Organizations with consolidated billing to all features
Customers start their cloud journey with one AWS account, and over time they deploy many resources within it before utilizing more accounts. Prior to the launch of AWS Organizations in 2017, customers received a consolidated bill for all of these accounts. The launch of AWS Organizations meant these customers were provided with an organization that […]
Centralized software package distribution across multiple regions and accounts in an AWS Organization using AWS Systems Manager Distributor
Security remains a top priority for most organizations, and, in order to stay secure and compliant, they leverage agent-based vulnerability management tools, such as CrowdStrike, TrendMicro, and Tenable. AWS Systems Manager Distributor automates the process of packaging and publishing software to managed Windows and Linux instances across the cloud landscape, as well as to on-premises […]