AWS Cloud Operations & Migrations Blog

Category: AWS CloudFormation

Illustration of the flow of actions between accounts for the Security Hub account association handshake.

Automating AWS Security Hub Alerts with AWS Control Tower lifecycle events

Important Update: As of 23 Nov 2020 the Security Hub service was updated to support direct integration with AWS Organizations. Please see the announcement here regarding a simplified Organization-wide integration for Security Hub and your Control Tower environment. AWS Control Tower is an AWS managed service that automates the creation of a well-architected multi-account AWS […]

Read More

Control developer account costs with AWS CloudFormation and AWS Budgets

Often when working with customers, we guide them by using AWS Budgets and related tools in the AWS platform in order to create cost and utilization guardrails. These tools can be used to conduct advanced, automated, and hands-free actions within your AWS environment – even across multiple accounts. This post will walk you through a […]

Read More

Automating account provisioning with CloudCheckr integration for Cloud Financial Management

AWS Organizations helps you centrally manage and govern your environment as you grow and scale your AWS resources. AWS Organizations lets you programmatically create new AWS accounts to allocate resources, group accounts to organize your workflows, apply policies to accounts or groups for governance, and simplify billing by utilizing a single payment method for every […]

Read More

Policy-as-Code for Securing AWS and Third-Party Resource Types

This post was written by Scott Alexander and Kevin Formsma from Mphasis Stelligent. Every day, more developers are having lightbulb moments as they realize they can design and manage their infrastructure. It’s our responsibility, as practitioners of the DevOps mindset, to build systems that allow developers to move quickly and speed up the feedback loop […]

Read More

Building a cloud CMDB on AWS for consistent resource configuration in hybrid environments

In this post, we will show you how you can design and implement a configuration management database (CMDB) strategy as part of your cloud operating model. We are going to review some common needs when building a CMDB and the relevant AWS services that will help you build a comprehensive solution. We will talk about […]

Read More
SNMP monitoring using Amazon CloudWatch and Elastic Logstash

SNMP monitoring using Amazon CloudWatch and Elastic Logstash

Customers want a single pane of glass for their systems operations where they can visualize the health and performance of applications running in several AWS Regions and in their on-premises environment. Simple Network Management Protocol (SNMP) is an internet standard protocol for collecting and organizing information about managed devices on IP networks and for modifying […]

Read More
Accelerate application development with AWS CloudFormation by preventing stack rollback

Accelerate application development with AWS CloudFormation by preventing stack rollback

AWS CloudFormation helps minimize downtime when you are deploying application and infrastructure resources. By default, it supports a deployment safety approach (that is, one in which it rolls back to the last known good state whenever an error is encountered during the deployment of stack resources). This works well for production systems, but might not […]

Read More
Using AWS CloudTrail to propagate tags across related AWS resources - Part 2

Using AWS CloudTrail to propagate tags across related AWS resources – Part 2

AWS allows customers to assign metadata to their AWS resources in the form of tags. Each tag consists of a customer-defined key and an optional value. Tags can make it easier to manage, search for, and filter resources by purpose, owner, environment, or other criteria. AWS tags can be used for many purposes like organizing […]

Read More
Using OPA to create AWS Config rules

Using OPA to create AWS Config rules

In this blog post, we will show how you can use AWS Config custom rules with Open Policy Agent (OPA) to evaluate the compliance of your AWS resources. AWS Config enables you to assess, audit, and evaluate the configuration of your AWS resources. The service continuously monitors and records your AWS resource configurations and allows […]

Read More
Automate configuration compliance at scale in AWS

Automate configuration compliance at scale in AWS

AWS Config continuously monitors and records your AWS resource configurations. You can use the service to automate the evaluation and remediation of recorded configurations against desired configurations. You also can review changes in configurations and relationships between AWS resources and dive into the history of a resource configuration. The basis of a well-architected multi-account AWS […]

Read More