AWS Cloud Operations & Migrations Blog

Category: Learning Levels

Authorize different sets of interactive session commands for users using SSM documents

Limit interactive session commands by groups of users using AWS Systems Manager

Customers are looking for a way to limit the types of commands that can be run on their Amazon Elastic Compute Cloud (Amazon EC2) instances when using AWS Systems Manager Session Manager interactive sessions. Allowed commands vary by group, meaning you need to allow different sets of commands based on the group of users. For […]

Read More

Viewing permission issues with service-linked roles

Each AWS service requires explicit access to resources, endpoints, and objects that reside in the domain of another service. This is referred to as the permission boundary. Services like AWS Config, Amazon Macie, and AWS GuardDuty require an AWS Identity and Access Management (IAM) role that grants access to resources outside of its control. Understanding […]

Read More

DevSecOps for auto healing PCI DSS 3.2.1 violations in AWS using custom AWS Config conformance packs, AWS Systems Manager and AWS CodePipeline

If you migrate your workloads to the cloud to modernize your applications or secure infrastructure and operations, you’ll find these migrations are increasingly performed with a DevOps methodology that incorporates continuous development, integration, and testing. It is always a best practice to incorporate security as code in your DevOps workflows to uncover security issues when […]

Read More

Migrating to Amazon API Gateway: A Datalex success story

Datalex is an industry leader of omni-channel retail solutions for airlines around the world. The Datalex product portfolio supports end-to-end retail capabilities that include pricing, shopping, and order management. This year, Datalex’s multi-year deal with their API provider was up for renewal. As part of a best practice review, they considered other options. When the […]

Read More

Automate FedRAMP controls in your AWS environment using AWS Config conformance packs

AWS Config has released a new sample conformance pack template to help customers meet the operational best practices for Federal Risk and Authorization Management Program (FedRAMP). FedRAMP is a U.S. government-wide program that delivers a standard approach to the security assessment, authorization, and continuous monitoring for cloud products and services. Conformance packs are a collection […]

Read More
Analyzing Amazon Lex conversation log data with Grafana

Analyzing Amazon Lex conversation log data with Grafana

To support business and internal processes, organizations are increasing their use of conversational interfaces. They offer opportunities for more availability, improved service levels, and reduced costs. As these conversational services become more important, so, too, does the need to monitor performance and effectiveness of these interfaces with analytics and dashboards. This analysis, in turn, is […]

Read More

Open sesame: Granting privileged access to EC2 instances with Session Manager

In this guest blog post, Herman Lee (Cloud Solution Architect, VP) and Nauman Noor (Managing Director) from the public cloud engineering team at State Street discuss their use of AWS Systems Manager Session Manager for privileged access management of Amazon EC2 instances. State Street Corporation is a financial services company responsible for the management, custody, […]

Read More
Manage AWS Managed Microsoft AD resources with Session Manager port forwarding

Manage AWS Managed Microsoft AD resources with Session Manager port forwarding

Active Directory administrators are accustomed to managing domain resources using Remote Server Administrators Tools (RSAT) installed on either their workstations or a member server in the domain.  When it comes to managing resources on a managed Active Directory service, such as the case with AWS Managed Microsoft AD, these tools must be available for administrators […]

Read More
cisco csr vpn

Monitoring Cisco CSR 1000v VPN tunnel and BGP status using Amazon CloudWatch

Many organizations get access to their AWS resources using a Direct Connect connection or a Site-to-Site VPN. AWS Site-to-Site VPN creates a secure connection between your data center or branch office and your AWS cloud resources.  In this post, we will see how to monitor your Cisco CSR VPN tunnel and BGP (Border Gateway Protocol) […]

Read More

How Line of Business Leaders Can Jump-Start Cloud Innovation

Cloud transformation is imperative Line of business (LOB) leaders and application owners within a business recognize that they urgently need to pivot their model to cloud—and not just to save cost or to get out of a data center. They own the apps that drive revenue for the business and modernizing them is critical to […]

Read More