AWS Management & Governance Blog

Category: Management Tools

AWS Organizations, AWS Config, and Terraform

In this post, I show how you can use AWS Organizations, AWS Config, and HashiCorp’s Terraform to deploy guardrails at scale. AWS Config provides configuration, compliance, and auditing features that are required for governing your resources and providing security posture assessment at scale. With its recent support for AWS Organizations, AWS Config makes it possible […]

Read More

AWS CloudFormation StackSet Orchestration: Automated deployment using AWS Step Functions

We often use AWS CloudFormation StackSets to automatically deploy infrastructure into many different accounts. Whether they are managed by AWS Control Tower or AWS Organizations, StackSets provide a simple and automated way to handle the creation of resources and infrastructure right after provisioning a new account. You can automatically deploy StackSets to accounts that belong […]

Read More
Real-time alerts on X-Ray Insights

Send real-time alerts about application anomalies using AWS X-Ray insights

Today AWS X-Ray launches support for notifications to its insights. This means that on an X-Ray group where insights are enabled, you can now configure notifications to be sent to Amazon EventBridge. Through the use of anomaly detection, AWS X-Ray helps you analyze and debug distributed applications. AWS X-Ray Insights uses anomaly detection to create actionable insights […]

Read More
Gain visibility into your Kubernetes spend with CloudZero and Amazon CloudWatch Container Insights

Gain visibility into your Kubernetes spend with CloudZero and Amazon CloudWatch Container Insights

Container adoption has been increasing rapidly in the past few years. Customers are deploying workloads of all sizes on Amazon Elastic Kubernetes Service (Amazon EKS). Typically, cluster administrators deploy several business applications and workloads on a cluster to achieve more efficient deployment density. On large clusters in a shared infrastructure where workloads of different sizes […]

Read More
AWS AppConfig Lambda Extension

Deploying application configuration to serverless: introducing the AWS AppConfig Lambda extension

At AWS, we feel strongly that separating application configuration from application code is a best practice. Being able to deploy configuration independently from code makes it possible to build services like Service Quotas and launch new services and features right as we announce them. If we didn’t separate these, even a simple configuration change would […]

Read More

Enabling Amazon GuardDuty in AWS Control Tower using Delegated Administrator

My customers have asked how to monitor their AWS environments for potential malicious activity. Many have standardized on AWS Control Tower to implement a governed AWS environment based on known AWS best practices, and are interested in enabling Amazon GuardDuty to accomplish this task. This post shows you how to monitor your AWS Control Tower […]

Read More
Automated configuration of Session Manager without an internet gateway

Automated configuration of Session Manager without an internet gateway

Session Manager is a fully managed AWS Systems Manager capability that you can use to manage your Amazon Elastic Compute Cloud (Amazon EC2) instances, on-premises instances, and virtual machines (VMs) through an interactive one-click browser-based shell or through the AWS CLI. Session Manager also provides secure and auditable instance management without the need to open […]

Read More
Analyze and debug applications using AWS X-Ray trace data with Grafana

Analyze and debug applications using AWS X-Ray trace data with Grafana

Today, AWS and Grafana Labs are making available a free and open-source AWS X-Ray data source plugin. You can use the latest release of Grafana (version 7.2.0 or later) to visualize AWS X-Ray traces directly in your Grafana dashboards in order to triage performance issues in applications instrumented with X-Ray. This enables you to build a single […]

Read More

How BBVA USA delivered security and governance at scale using management tools

As BBVA USA began its digital transformation journey, the security operations team had to improve its processes around provisioning and baselining of AWS accounts. The demand for new AWS accounts continued to increase from multiple application teams within the bank. In an effort to standardize new accounts within the enterprise, BBVA USA built an automated […]

Read More