Category: Learning Levels

In January 2022, AWS announced general availability of AWS CloudTrail Lake, a managed audit and security lake that allows you to aggregate, immutably store and query activity logs for auditing, security investigation and operational troubleshooting. Since launch, thousands of customers have adopted this feature. We are excited to announce that CloudTrail Lake dashboards are now […]

AWS Config is a service that tracks configuration changes of AWS resources in your AWS account. AWS Config uses the configuration recorder to detect these changes and then captures them as configuration items. The configuration recorder is created and started in each Region where you set up AWS Config. By default, the configuration recorder records […]

Amazon CloudWatch Synthetics offers an automated approach to monitoring the performance and availability of your application endpoints, REST APIs, and website content, allowing you to discover issues before your customers do. As your applications and suite of accompanying canaries grows over time, it becomes more challenging and time consuming to manage them at scale. This […]

AWS Systems Manager Session Manager provides a more secure way to manage your Amazon Elastic Compute Cloud (EC2) instances without the need to open inbound ports, maintain bastion hosts, or manage SSH keys. Furthermore, you can use it with a combination of AWS services to give access to external third-parties. Due to business requirements, you […]

A full conference pass is $1,099. Register today with the code secure150off to receive a limited time $150 discount, while supplies last. AWS re:Inforce is just around the corner and this post covers sessions on cloud governance, risk management, and compliance that you should add to your agenda. AWS re:Inforce is a security learning conference […]

Until recently, customers had to navigate to the AWS Marketplace Console and search for a compatible Amazon Machine Image (AMI) product for your image pipeline. They also had to write their own custom components to harden the operating systems to meet Center for Internet Security (CIS) Benchmark guidelines. This required subscriptions to the CIS Benchmark […]

AWS Config is a service that tracks configuration changes of AWS resources in your AWS account.  AWS Config uses the configuration recorder to create a configuration item whenever it detects a change to a resource type that it is recording. For example, if AWS Config is recording Amazon S3 buckets, AWS Config creates a configuration […]

AWS Service Catalog allows organizations to create and manage catalog of IT services that are approved for use on AWS. These IT services can include everything from virtual machine images, servers, software, and databases to complete multi-tier application architectures. In addition, organizations can centrally manage deployed IT services, applications, resources, and metadata. This helps you […]

Do you have thousands of Amazon CloudWatch alarms across AWS Regions and want to quickly identify which ones are low-value alarms or misconfigured alarms across regions? Are you looking for ways to identify alarms which are in ‘ALARM’ or ‘IN_SUFFICIENT’ state for several days and need to be revisited? Do you need a cleanup mechanism […]

February 27, 2025: This post was republished to update the AWS Firewall Manager guidance. In part one, we identified different features of AWS Organizations requiring guidance and consideration when you move an account from one organization in Organizations to another. We focused on Organizations Polices, AWS Resource Access Manager (AWS RAM) shares, and AWS global condition context […]