AWS Management & Governance Blog

Category: Configuration, compliance, and auditing

Use the power of script steps in your Systems Manager Automation runbooks

Use the power of script steps in your Systems Manager Automation runbooks

Customers have been using AWS Systems Manager Automation documents for years to define to define a sequence of actions to take on their AWS infrastructure such as invoking an AWS Lambda function or copying an Amazon Machine Image (AMI). These documents, now referred to as runbooks, are simple to use, yet powerful. The aws:executeScript action […]

Read More
¬Field Notes: Cross-account deployments in an AWS Control Tower environment

Field Notes: Cross-account deployments in an AWS Control Tower environment

AWS Control Tower helps customers put an orchestration layer on top of a multi-account strategy. When customers build applications, they often use separate accounts as part of a deployment pipeline so that they can validate changes before production. This best practice helps reduce blast radius should there be any issues with newer iterations. With AWS […]

Read More

Using an AWS Service Catalog service action to allow end users to update resources after deployment

Enterprise customers with multiple users want to manage policies on cloud resources like AWS Key Management Service (AWS KMS) and Amazon Simple Storage Service (Amazon S3) to grant access to additional users after the product has been deployed through, for example, AWS CloudFormation templates. In addition, customers want to accomplish this task in a self-service […]

Read More

Integrate across the Three Lines Model (Part 1): Build a custom automation of AWS Audit Manager with AWS Security Hub

The Three Lines Model developed by the Institute of Internal Auditors (IIA) helps organizations identify structures and processes to facilitate strong governance and risk management. In that model, the first-line function manages risk, the second-line function oversees risk and the third-line function provides objective and independent assurance of risk management. According to a Deloitte analysis […]

Read More
Target-a-group-of-Amazon-EC2-On-Demand-Capacity-Reservations

Target a group of Amazon EC2 On-Demand Capacity Reservations

On-Demand Capacity Reservations enable you to reserve capacity for Amazon Elastic Compute Cloud(Amazon EC2) instances in an Availability Zone for any duration. You can use AWS Resource Groups to organize AWS resources into logical collections of applications, projects or environments. Last year, we introduced the ability to target EC2 capacity reservations in a resource group by using […]

Read More

Using AWS CodePipeline to deploy AWS Config conformance packs created with the Rule Development Kit

As consultants, we often help customers manage AWS services using infrastructure as code (IaC). We follow DevOps practices for building, versioning, testing, and deploying services. We also use AWS Config custom and managed rules to evaluate the configuration settings of AWS resources. AWS Config continuously tracks the configuration changes that occur among AWS resources and […]

Read More
Cost Optimization with nOps and CloudTrail

Cost optimization with nOps and CloudTrail

This post is co-authored by JT Giri, CEO and Founder at nOps, and Tomo Sakatoku, Principal Partner Solutions Architect at AWS Cost optimization is always critical to everyone. Customers make lots of effort to make sure their AWS Platform operates cost-effectively. AWS provides tools to help customers optimize and visualize costs. AWS Cost Explorer provides […]

Read More

AWS CloudTrail Best Practices

AWS CloudTrail gives you a history of AWS calls for your account, including API calls made through the AWS Management Console, AWS SDKs, and command line tools. As a result, you can identify: Which users and accounts called AWS APIs for services that support CloudTrail. The source IP address the calls were made from. When […]

Read More
Image for - Prepare for Oracle license audits in AWS using AWS Audit Manager and AWS License Manager

Prepare for Oracle license audits in AWS using AWS Audit Manager and AWS License Manager

Many of our customers who run Oracle databases need help with managing their Oracle licenses on AWS and ensuring that they have not fallen out of compliance with Oracle’s licensing rules. They must be prepared to provide relevant evidence in an auditor-friendly format during an Oracle license audit. Gathering evidence in a timely manner to […]

Read More

Manage Microsoft’s 90-day license assignment rules with AWS License Manager

AWS License Manager makes it easier to manage your software licenses across AWS and on-premises environments. AWS License Manager lets administrators create customized licensing rules that emulate the terms of their licensing agreements, apply these rules to keep track of licenses used, and control whether an Amazon Elastic Compute Cloud (Amazon EC2) instance should be […]

Read More