AWS Cloud Operations Blog
Category: Enterprise governance and control
Build a resilience reporting dashboard with AWS Resilience Hub and Amazon QuickSight
You might have heard the phrase “10,000 foot view” at some point during your career. This typically refers to having a broad, high-level understanding of a system or organization’s technology infrastructure and how all its components fit together. It is a way of looking at the big picture without getting bogged down in the details. […]
License management using Delegated Administrator feature of AWS License Manager
Learn with Shree on how to offload license management activities using Delegated Administrator feature of AWS License Manager.
Customize AWS Config resource tracking in AWS Control Tower environment
[Update on Sep/21/2024] AWS Config recorder has recently provided support for periodic recording, this captures the latest configuration changes of your resources once every 24 hours, reducing the number of changes delivered. This blog has been updated to incorporate that. [Update on May/14/2024] Minor update to the services that depend on AWS Config recorder and […]
Resizing volumes and instances using ServiceNow and AWS
The AWS Service Management Connector for ServiceNow enables ServiceNow end users to provision, manage, and operate AWS resources natively through ServiceNow. This lets our customers connect a technical operation with a business workflow, perhaps requiring approvals from management or other teams. The key in all of this is empowering and enabling end-users, thereby removing manual […]
Integrating existing AWS CloudTrail configurations when launching AWS Control Tower
The customers that we work with often use multiple AWS accounts to meet their business needs. These multi-account environments are built based on the guidelines that AWS published. Customers have created custom mechanisms using AWS Organizations, AWS CloudTrail, and other AWS services to implement the guidelines. AWS Created the AWS Control Tower service as a […]
AWS Organizations now provides a simple, scalable and more secure way to close your member accounts
Today, you can centrally close member accounts in your AWS organization enabling easier and more efficient account management of your AWS environment. This means you’re able to close member accounts from your organization’s management account without needing to login to each member account individually with root credentials. You can also ensure that only authorized IAM […]
Supporting Data Residency Requirements by Extending AWS Control Tower Governance to Non-supported Regions
In today’s complex computing environment, organizations continually have new requirements for maintaining data. In essence, data residency is established on multiple levels, and AWS offers different features and services to support it. This post focuses on utilizing the AWS Control Tower governance model to support data residency requirements in regions where AWS Control Tower isn’t […]
Chaos engineering leveraging AWS Fault Injection Simulator in a multi-account AWS environment
Large-scale distributed software systems in the cloud are composed of several individual sub-systems—such as CDNs, load balancers, web servers, application servers and databases—as well as their interactions. The interactions sometimes have unpredictable outcomes caused by unforeseen events (for example, a network failure, instance failure, etc.). These events can lead to system-wide failures of your critical […]
Codify your best practices using service control policies: Part 2
I introduced the fundamental concepts of service control policies (SCPs) in the previous post. We discussed what SCPs are, why you should create SCPs, the two approaches you can use to implement SCPs, and how to iterate and improve SCPs as your workload and business needs change. In this post, I will discuss how you […]
Codify your best practices using service control policies: Part 1
Each AWS account enables cellular design – it provides a natural isolation of AWS resources, security, partitions access, and establishes billing boundaries. Separation of concern through multi-account setup is a key design principle that customers use to experiment, innovate, and scale quickly on AWS. The basis of a multi-account AWS environment is AWS Organizations, which […]