AWS Cloud Operations Blog
Category: Configuration, compliance, and auditing
Leveraging custom AWS Config rules to optimize cost saving on AWS
AWS Config assesses, audits, and evaluates the configurations and relationships of your resources in your AWS account. Why might we want to use this service for cost optimization? Well consider a scenario where we can be alerted if a specific Amazon Relational Database Service (Amazon RDS) instance is deployed in the account. If a larger […]
How to use AWS Config proactive rules and AWS CloudFormation Hooks to prevent creation of noncompliant cloud resources
Balancing developer freedom and governance controls is a key challenge faced by organizations that are adopting cloud. On one hand, developers need the freedom to innovate and develop new applications and services quickly and on the other, organizations need to maintain control over the resources used and the data processed in order to ensure compliance […]
AWS Audit Manager launches AWS Best Practices Framework for Generative AI
The rapid growth of generative AI brings promising new innovation, and at the same time raises new challenges. At AWS, we are committed to developing AI responsibly while enabling customers to provide assurance regarding the security of their environment to regulators and auditors. AWS Audit Manager announces the first version of AWS best practices framework for generative AI […]
How to record resource configuration changes periodically with AWS Config
AWS Config is a service that tracks configuration changes of AWS resources in your AWS account or across your AWS Organizations. AWS Config uses the configuration recorder to detect changes of your resources and track them as configuration items (CIs). Given the increasing complexity of cloud infrastructure, the number of resource configuration changes being made […]
Audit and visualize ephemeral EC2 instances using AWS CloudTrail Lake as a zero-ETL data source in Amazon Athena
Today, we are happy to announce that AWS CloudTrail Lake data is now available for zero-ETL analysis in Amazon Athena. AWS CloudTrail Lake is a managed data lake for capturing, storing, accessing, and analyzing user and API activity on AWS for audit, security, and compliance purposes. CloudTrail Lake allows you to easily aggregate activity logs […]
Improving Mergers & Acquisitions Due Diligence with AWS Audit Manager
The purpose of this narrative is to provide guidance for Mergers & Acquisitions (M&A) Due Diligence stakeholders on how to leverage AWS Audit Manager to support compliance and risk assessments during technical due diligence. The target audience of this guidance includes practitioners that support diligence, integration, corporate development (CorpDev), technology/IT, auditing, and advisory activities during […]
Announcing AWS CloudTrail Lake one-year extendable retention pricing option
In 2022 Amazon Web Services (AWS) released AWS CloudTrail Lake, a managed audit and security lake that allows you to aggregate, immutably store, visualize, and query your activity logs for auditing, security investigation, and operational troubleshooting. Working backwards from our customers we have added capabilities to CloudTrail Lake such as the ability to copy CloudTrail events into […]
Identify AWS Systems Manager Patch Compliance Status with AWS CloudTrail Lake
Security and compliance is a shared responsibility between AWS and the customer. The shared responsibility model outlines responsibilities for Security of the Cloud versus Security in the Cloud. Customers are responsible for Security in the Cloud, which includes patching Amazon EC2 instances. For the customers running workloads on EC2 instances, during security audits, they may be […]
Automated Evidence Collection for Life Sciences continuous compliance solutions using AWS Audit Manager
In the first post of this two-part series, we highlighted how Life Sciences customers can implement a controlled change management process using AWS Systems Manager Change Manager and AWS Config. The solution in our first post, highlighted how a you can follow your Standard Operating Procedures (SOP’s) by implementing approval steps in order to make […]
Automating organizational policies with custom AWS Config Rules and evidence collection in AWS Audit Manager
AWS Config is a service that allows you to evaluate your AWS resources against a desired configuration state using AWS Config Rules. Two types of rules exist, managed rules which are meant to be used out-of-the-box and custom rules for which you define your desired configuration state via code. AWS Audit Manager can help you […]