AWS Cloud Operations & Migrations Blog

Category: Centralized operations management

How Capgemini used AWS Systems Manager and other AWS services to provide cloud-native, self-service patch management and automation

This post was written in collaboration with David Wansell, an Enterprise Cloud Architect at Capgemini with over 20 years of experience across multiple enterprise domains. He designs and builds automation and solutions that enable customers to deliver on their desired outcomes in their cloud adoption journey. Customers need a way to do patch management in […]

Automate vulnerability management and remediation in AWS using Amazon Inspector and AWS Systems Manager – Part 2

This post is the second part of the Automate vulnerability management and remediation series using Amazon Inspector and AWS Systems Manager. This series provides methods for remediating Amazon Inspector findings on-demand using AWS Systems Manager Automation runbooks. In Part 1 of this series, you learned how to remediate Inspector findings for a specific vulnerability affecting […]

Automate vulnerability management and remediation in AWS using Amazon Inspector and AWS Systems Manager – Part 1

AWS recently launched the new Amazon Inspector for performing continuous vulnerability scans on Amazon Elastic Compute Cloud (Amazon EC2) instances and container images stored in Amazon Elastic Container Registry (Amazon ECR). These scans assess software vulnerabilities and unintended network exposure. The new Amazon Inspector uses the Systems Manager (SSM) agent to collect software application inventory […]

DevOps automation for backup compliance in AWS using AWS Backup Audit Manager

Backup compliance in AWS includes defining and enforcing backup policies to encrypt your backups, protect them from manual deletion, prevent changes to your backup lifecycle settings, and audit and report on backup activity from a centralized console. AWS Backup Audit Manager, a feature within the AWS Backup service, provides built-in compliance controls for these areas. […]

Using AWS AppConfig Feature Flags

AWS recently launched AWS AppConfig Feature Flags. Feature flagging is a powerful tool that allows engineers to safely push out new features to customers, but doing so in a measured and usually gradual way. In this blog post, you will learn about what feature flags are, what are the benefits to using them, and what […]

Enforce best practices in AWS Systems Manager documents leveraging CFN Guard

Many of us use AWS Systems Manager (SSM) documents to help automate various tasks. As we author documents and move them toward deployment, we’ll likely enforce certain standards and best practices. The AWS CloudFormation team released a general-purpose tool called AWS CloudFormation Guard that we can use to help enforce these best practices. In this […]

Customize Well-Architected Reviews using Custom Lenses and the AWS Well-Architected Tool

The AWS Well-Architected Tool (AWS WA Tool) lets you learn best practices for architecting workloads on the cloud, measure workloads against these best practices, and improve the workload by implementing best practices. These best practices have been curated under the AWS Well-Architected Framework (AWS WA Framework) and Lenses based on our tens of thousands of […]

Why you should develop a correction of error (COE)

Application reliability is critical. Service interruptions result in a negative customer experience, thereby reducing customer trust and business value. One best practice that we have learned at Amazon, is to have a standard mechanism for post-incident analysis. This lets us analyze a system after an incident in order to avoid reoccurrences in the future. These […]

Cross-account configuration with AWS AppConfig

Customers will often start using various AWS services through a single AWS account. As customers continue their AWS journey, they increase the number and diversity of workloads operating on AWS. Furthermore, as the number of users grows, managing this account becomes difficult and time consuming. Then, customers create more accounts for multiple users. This helps […]

Avoid zero-day vulnerabilities with same-day security patching using AWS Systems Manager

This post was co-authored by Jordan Koch at Veradigm. Applying operating systems patches is one of the easiest ways to secure a system from ever-changing cybersecurity threats. However, for many organizations it is one of the most difficult and time-consuming tasks. Many organizations deploy operating system patches through their various environments, first applying to Development, […]