AWS Cloud Operations & Migrations Blog

Category: Learning Levels

Delegated Administrator for AWS Service Catalog

Simplify sharing your AWS Service Catalog portfolios in an AWS Organizations setup

Note: This is a June 2020 update to the blog post How to set up a multi-region, multi-account catalog of company standard AWS Service Catalog products. Overview I have seen interest in the native infrastructure template sharing capabilities offered by AWS Service Catalog. For example, my customers share AWS Service Catalog portfolios directly to AWS […]

AWS Chatbot on Slack Architecture

7 AWSome ways to use AWS Chatbot

AWS Chatbot is an interactive agent that makes it easy to monitor and interact with your AWS resources in your Slack channels and Amazon Chime chat rooms. With AWS Chatbot you can receive alerts, run commands to return diagnostic information, invoke AWS Lambda functions, and create AWS Support cases. There are many different ways to […]

Solution architecture for Batch account creation using AWS Control Tower

How to automate the creation of multiple accounts in AWS Control Tower

Last updated 24 Feb 2022 to support submission of 300+ account entries per each deployment. Last updated 17 Nov 2021 to handle the changes to Account Factory inputs parameters with Nested OU support. Last updated 25 JUL 2021 to pass account details from local S3 bucket. Many customers that we work with are creating and […]

AWS Systems Manager patch compliance data to AWS Security Hub

Multi-Account patch compliance with Patch Manager and Security Hub

Update 10/2020 – Viewing patch compliance findings across AWS accounts in AWS Security Hub is supported natively. For more information please see What’s new announcement here. Introduction In this blog post, I discuss how to import critical patch compliance findings into Security Hub. Security Hub is a service that provides customers with a comprehensive view […]

AWS IAM Access Analyzer and AWS Control Tower Featured Image

Enabling AWS IAM Access Analyzer on AWS Control Tower accounts

Many of the customers we work with look for ways to manage compliance and gain additional insights across their AWS multi-account organization from a central location. We often begin the discussion with AWS Control Tower, as it offers the easiest way to set up and govern a multi-account AWS environment. AWS Control Tower is an […]

Automating the discovery of licensed software using AWS License Manager

Software license management often comes with the challenges of staying compliant, controlling overages, and managing vendor audits. Significant time and manual effort go into making sure that software license inventories are updated and ready for auditing. Bringing cloud infrastructure into the picture, with the ability to spin up virtual servers in minutes, means that managing […]

Implementing Serverless Transit Network Orchestrator (STNO) in AWS Control Tower

Introduction Many of the customers that we have worked with are using advanced network architectures in AWS for multi-VPC and multi-account architectures. Placing workloads into separate Amazon Virtual Private Clouds (VPCs) has several advantages, chief among them isolating sensitive workloads and allowing teams to innovate without fear of impacting other systems. Many companies are taking […]

Deploy AWS Config Rules and Conformance Packs using a delegated admin

AWS Config Rules allow customers to evaluate the configuration of resources against best practices and perform remediation when specified configuration policies are not being followed. Using AWS Config Conformance Packs, customers can create a collection of AWS Config rules and remediation actions in a single pack that can be deployed across AWS Organizations. This provides […]

Automate account creation and resource provisioning for AWS GovCloud(US), using AWS Service Catalog, AWS Organizations, and AWS Lambda

Public and private sector customers are now often working to automate their account creation and operations into the AWS GovCloud (US) Regions. These customers use the AWS GovCloud (US) Regions to access FedRamp certified services and ITAR-governed datasets for multiple accounts. Managing this type of multi-account enterprise footprint with AWS Organizations helps reduce operational costs […]

Managing AWS Organizations accounts using AWS Config and AWS CloudFormation StackSets

AWS Organizations enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage. Organizations includes consolidated billing and account management capabilities that enable you to better meet your business’s budgetary, security, and compliance needs. As an administrator of an organization, you can create member accounts in your organization and invite […]