AWS Management & Governance Blog

Category: AWS CloudFormation

AWS CloudFormation support for AWS Service Catalog products

This blog post was updated on 7/21/2020 to reflect recent changes to how AWS Service Catalog obtains outputs from provisioned products. For more information see Provisioned product outputs are now available in AWS Service Catalog. You can use AWS Service Catalog to create preconfigured products that your developers can launch. In a large organization, it’s […]

Read More
Automatic drift remediation solution architecture

Implement automatic drift remediation for AWS CloudFormation using Amazon CloudWatch and AWS Lambda

“Stack drift” is a common occurrence for organizations using AWS CloudFormation, and remediating stack drift represents a persistent and tedious challenge for organizations managing critical infrastructure with CloudFormation stacks. Stack drift occurs when the actual configuration of an infrastructure resource differs from its expected configuration. Typically, this is caused by users editing resources directly by […]

Read More
Solution architecture for Batch account creation using AWS Control Tower

How to automate the creation of multiple accounts in AWS Control Tower

Many customers that we work with are creating and provisioning new accounts using AWS Control Tower. AWS Control Tower is an AWS managed service that automates the creation of a well-architected multi-account AWS environment. AWS Control Tower’s Account Factory is currently a single-threaded process, and customers must allow for the current account creation process to […]

Read More
AWS IAM Access Analyzer and AWS Control Tower Featured Image

Enabling AWS IAM Access Analyzer on AWS Control Tower accounts

Many of the customers we work with look for ways to manage compliance and gain additional insights across their AWS multi-account organization from a central location. We often begin the discussion with AWS Control Tower, as it offers the easiest way to set up and govern a multi-account AWS environment. AWS Control Tower is an […]

Read More

Automate account creation and resource provisioning for AWS GovCloud(US), using AWS Service Catalog, AWS Organizations, and AWS Lambda

Public and private sector customers are now often working to automate their account creation and operations into the AWS GovCloud (US) Regions. These customers use the AWS GovCloud (US) Regions to access FedRamp certified services and ITAR-governed datasets for multiple accounts. Managing this type of multi-account enterprise footprint with AWS Organizations helps reduce operational costs […]

Read More

Managing AWS Organizations accounts using AWS Config and AWS CloudFormation StackSets

AWS Organizations enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage. Organizations includes consolidated billing and account management capabilities that enable you to better meet your business’s budgetary, security, and compliance needs. As an administrator of an organization, you can create member accounts in your organization and invite […]

Read More

Using State Manager over cfn-init in CloudFormation and its benefits

Introduction If you have deployed Amazon Elastic Cloud Compute (EC2) instances via AWS CloudFormation, you most likely want to install software or configure the operating system of the instance. To accomplish this, you may have used cfn-init, one of the CloudFormation helper scripts available to AWS customers since February 2012. However, since that time AWS […]

Read More

Managing resources using AWS CloudFormation Resource Types

Introduction Both custom resources and resource types are used to create an AWS CloudFormation resource that allow you to manage third-party resources. For example, during the creation of a simple website you may want to provision a third-party website monitor, which has a public API. In this case, you would develop and use a resource […]

Read More

Setting up custom AWS Config rule that checks the OS CIS compliance

AWS announced that AWS Systems Manager’s Run Command now offers Chef InSpec audits through the AWS-RunInspecChecks document. This is a significant win for Systems Manager enthusiasts and other users who prefer an OS-based compliance check solution rather than using a whole new cloud service. This blog post is not about how to keep an OS […]

Read More

Manage custom AWS Config rules with remediations using conformance packs

Different organizations have different compliance and security requirements for their resources and accounts. AWS Config makes it easier for customers to implement these controls. While AWS Config offers customers a wide selection of managed AWS Config rules that help them comply with their requirements, there are customers who require more customized control and can take […]

Read More