AWS Cloud Operations Blog
Category: Expert (400)
Use AWS Systems Manager Automation runbooks to resolve operational tasks
OpsCenter provides a central location where operations engineers and IT professionals can view, investigate, and resolve operational work items (OpsItems) related to AWS resources. AWS Systems Manager Automation simplifies common maintenance and deployment tasks for Amazon Elastic Compute Cloud (Amazon EC2) instances and other AWS resources. You can use this capability to build automations to […]
Monitoring hybrid environments using Amazon Managed Grafana
Setting up observability for workloads is critical to tracking application performance, reliability, and health. It’s even more important when you’re dealing with workloads that are deployed in hybrid environments. A proliferation of monitoring tools can result in data silos or multiple single panes of glass. When an organization loses its consolidated view, whether it be across […]
Using AWS Control Tower, AWS Service Catalog, and AWS Marketplace to deploy AWS Marketplace license subscriptions
Enterprise customers with multiple AWS accounts want to subscribe once to an AWS Marketplace product and have all accounts in the organization deploy AWS Marketplace solutions without needing each account to subscribe first. AWS Control Tower helps customers create accounts and manage many account configurations and best practices. AWS Service Catalog helps customers deploy AWS […]
Integrate across the Three Lines Model (Part 2): Transform AWS Config conformance packs into AWS Audit Manager assessments
The Three Lines Model developed by the Institute of Internal Auditors (IIA) helps organizations identify structures and processes to facilitate strong governance and risk management. In that model, the first-line function manages risk. The second-line function oversees risk. The third-line function provides objective and independent assurance of risk management. According to Deloitte analysis, modernizing the […]
Automated just-in-time storage for SQL Server backup using AWS Systems Manager Automation
There are times when you need fairly large storage volumes for use cases that are infrequent but needed recurrently. For example, one AWS customer needed to have multiple terabytes of Amazon Elastic Block Store (Amazon EBS) volumes available for taking MSSQL full backups. The backup job was scheduled as a weekly task but the customer […]
Use the power of script steps in your Systems Manager Automation runbooks
Customers have been using AWS Systems Manager Automation documents for years to define to define a sequence of actions to take on their AWS infrastructure such as invoking an AWS Lambda function or copying an Amazon Machine Image (AMI). These documents, now referred to as runbooks, are simple to use, yet powerful. The aws:executeScript action […]
How to manage cost overruns in your AWS multi-account environment – Part 1
AWS provides a flexible and secure environment where you can experiment, innovate, and scale more quickly. As you build and deploy your workloads, you need mechanisms to isolate your resources (for example, a resource container). You can use multiple AWS accounts for this purpose. An AWS account provides natural security, access, and billing boundaries for […]
How to manage cost overruns in your AWS multi-account environment – Part 2
In the first post of this two-part series, we showed you two approaches for preventing cost overruns in a centralized budget management pattern: Applying a restrictive service control policy (SCP) to an organizational unit (OU). Moving the account to another OU with restrictive SCPs. In this post, we share how you can prevent cost overruns […]
Field Notes: Cross-account deployments in an AWS Control Tower environment
AWS Control Tower helps customers put an orchestration layer on top of a multi-account strategy. When customers build applications, they often use separate accounts as part of a deployment pipeline so that they can validate changes before production. This best practice helps reduce blast radius should there be any issues with newer iterations. With AWS […]
Using an AWS Service Catalog service action to allow end users to update resources after deployment
Enterprise customers with multiple users want to manage policies on cloud resources like AWS Key Management Service (AWS KMS) and Amazon Simple Storage Service (Amazon S3) to grant access to additional users after the product has been deployed through, for example, AWS CloudFormation templates. In addition, customers want to accomplish this task in a self-service […]