AWS Cloud Operations & Migrations Blog

Category: Configuration, compliance, and auditing

Mapping Microsoft SCCM compliance checks to AWS Config

Microsoft SCCM (System Center Configuration Manager) enables the management, deployment, and security of devices and applications. Compliance settings in Configuration Manager lets you manage configuration and compliance in your organization. As customers migrate their traditional workloads, they’re also looking for an AWS native solution that provides the flexibility to manage compliance and configuration management on […]

Read More

DevOps automation for backup compliance in AWS using AWS Backup Audit Manager

Backup compliance in AWS includes defining and enforcing backup policies to encrypt your backups, protect them from manual deletion, prevent changes to your backup lifecycle settings, and audit and report on backup activity from a centralized console. AWS Backup Audit Manager, a feature within the AWS Backup service, provides built-in compliance controls for these areas. […]

Read More

Maintain compliance using Service Control Policies and ensure they are always applied

Many of our customers manage multiple AWS accounts in AWS Organizations and utilize Service Control Policies (SCPs) to centrally manage permissions in their organization. SCPs offer central control over the maximum available permissions for every account in your organization and can be applied to an account, organization units (OUs), or the organization as a whole […]

Read More

Announcing AWS CloudTrail Lake – a managed audit and security Lake

Organizations managing cloud infrastructure in AWS need effective mechanisms to audit operations in their AWS accounts for security and compliance. In November 2013, we announced AWS CloudTrail as the auditing platform for AWS. Since then, millions of customers have adopted this service. We believe CloudTrail is so important to AWS customers’ success that every new […]

Read More

How Projects Can be Tracked on AWS to Increase Accountability and Reduce Cost

This post was co-authored by Amy McVey and Jarrod Lewis from AER As AWS usage within a business increases over time, it can become difficult to track the AWS resources that have been created (e.g. EC2 instances, S3 buckets) and who is responsible for them. This can lead to unnecessary costs from resources that are […]

Read More

Policy-as-Code for Securing AWS and Third-Party Resource Types

This post was written by Scott Alexander and Kevin Formsma from Mphasis Stelligent. Every day, more developers are having lightbulb moments as they realize they can design and manage their infrastructure. It’s our responsibility, as practitioners of the DevOps mindset, to build systems that allow developers to move quickly and speed up the feedback loop […]

Read More
How to Deploy AWS Config Conformance Packs Using Terraform

How to Deploy AWS Config Conformance Packs Using Terraform

This post demonstrates how to enable AWS Config and deploy a sample AWS Config Conformance pack using HashiCorp’s Terraform. AWS Config provides configuration, compliance, and auditing features required for governing your resources and providing security posture assessment at scale. This service lets you create managed rules, which are predefined, customizable rules that AWS Config uses […]

Read More

Build an AWS Config Custom Rule to Optimize Amazon EBS Volume Types

This blog provides step-by-step instructions for building an AWS Config custom rule and a custom Config Remediation so that you can optimize your EBS Volume types with Amazon EBS gp3 volumes. AWS Config is a service that lets you assess, audit, and evaluate your AWS resource configurations. AWS Config provides AWS Managed Rules, which are […]

Read More

Using CloudTrail data events with Athena and CloudWatch to create an audit trail for DynamoDB tables events

Highly regulated industries must maintain an audit trail of events at various levels to meet regulatory and industry compliance requirements. Data events provide visibility into the resource operations performed on or in a resource, including object-level API activities such as delete, update, and put items. You can use AWS CloudTrail to create an audit trail […]

Read More
Featured Image for the Blog

Govern your applications centrally using AppRegistry and Application Manager

The customers I work with often handle multiple applications in their cloud environments. In general, an application includes multiple AWS resources deployed via AWS CloudFormation stacks, APIs, or other infrastructure as code tools. My customers often ask me about efficient mechanisms for managing the resources and governing the security policies of their resources in an Application […]

Read More