AWS Management & Governance Blog

Category: AWS CloudFormation

AWS CloudFormation StackSet Orchestration: Automated deployment using AWS Step Functions

We often use AWS CloudFormation StackSets to automatically deploy infrastructure into many different accounts. Whether they are managed by AWS Control Tower or AWS Organizations, StackSets provide a simple and automated way to handle the creation of resources and infrastructure right after provisioning a new account. You can automatically deploy StackSets to accounts that belong […]

Read More
Automated configuration of Session Manager without an internet gateway

Automated configuration of Session Manager without an internet gateway

Session Manager is a fully managed AWS Systems Manager capability that you can use to manage your Amazon Elastic Compute Cloud (Amazon EC2) instances, on-premises instances, and virtual machines (VMs) through an interactive one-click browser-based shell or through the AWS CLI. Session Manager also provides secure and auditable instance management without the need to open […]

Read More

How BBVA USA delivered security and governance at scale using management tools

As BBVA USA began its digital transformation journey, the security operations team had to improve its processes around provisioning and baselining of AWS accounts. The demand for new AWS accounts continued to increase from multiple application teams within the bank. In an effort to standardize new accounts within the enterprise, BBVA USA built an automated […]

Read More

Identifying resources with the most configuration changes using AWS Config

AWS Config tracks changes made to supported resources and records them as configuration items (CIs), which are JSON files delivered to an Amazon S3 bucket. These are delivered in 6-hour intervals, as configuration history files. Each file contains details about the resources that changed in that 6-hour period, for the respective resource types, such as […]

Read More

Instantly monitor serverless applications with AWS Resource Groups

Serverless computing allows you to build and run applications without thinking about servers. Building serverless applications means that your developers can focus on their core product instead of worrying about managing and operating servers. This reduced overhead lets developers reclaim time and energy that can be spent on developing great products that scale and are reliable. […]

Read More

Automating Service Limit Increases and Enterprise Support with AWS Control Tower

In this post, we show how you can use Account Factory in AWS Control Tower to provision new accounts that are ready for your teams to use. We demonstrate how you can use AWS Control Tower lifecycle events to automatically request regional service quota limit increases and enrollment in AWS Enterprise Support using the respective […]

Read More

Harness the power of control automation to reduce operational risk and improve compliance

As Financial Service Industry (FSI) customers plan their migration to AWS, a common question is whether there is an easy approach for automating common technology controls to support nearly continuous compliance monitoring. The good news is that AWS provides a number of flexible and powerful capabilities to not only address compliance automation, but to also […]

Read More

Write preventive compliance rules for AWS CloudFormation templates the cfn-guard way

Continuous delivery pipelines, combined with infrastructure as code tools like AWS CloudFormation, allow our customers to manage applications in a safe and predictable way. CloudFormation helps customers model and provision their AWS and third-party application resources, with features such as rollback to provide automation and safety. Together with tools such as AWS CodeBuild, AWS CodePipeline, […]

Read More

AWS CloudFormation support for AWS Service Catalog products

This blog post was updated on 7/21/2020 to reflect recent changes to how AWS Service Catalog obtains outputs from provisioned products. For more information see Provisioned product outputs are now available in AWS Service Catalog. You can use AWS Service Catalog to create preconfigured products that your developers can launch. In a large organization, it’s […]

Read More
Automatic drift remediation solution architecture

Implement automatic drift remediation for AWS CloudFormation using Amazon CloudWatch and AWS Lambda

“Stack drift” is a common occurrence for organizations using AWS CloudFormation, and remediating stack drift represents a persistent and tedious challenge for organizations managing critical infrastructure with CloudFormation stacks. Stack drift occurs when the actual configuration of an infrastructure resource differs from its expected configuration. Typically, this is caused by users editing resources directly by […]

Read More