AWS Management & Governance Blog

Category: AWS CloudTrail

Viewing permission issues with service-linked roles

Each AWS service requires explicit access to resources, endpoints, and objects that reside in the domain of another service. This is referred to as the permission boundary. Services like AWS Config, Amazon Macie, and AWS GuardDuty require an AWS Identity and Access Management (IAM) role that grants access to resources outside of its control. Understanding […]

Read More

AWS Management and Governance at Re:Invent 2020

AWS re:Invent is always an exciting time of the year to engage with our customers to learn, and share information about our services and features. Due to the current pandemic, re:Invent is pivoting to a free and virtual format presented across 3 weeks from November 30 to December 18 this year. Yes, you read that […]

Read More

How BBVA automated responses through event management at scale

In this blog post, we describe how BBVA USA, a financial institution that ranks among the top 25 largest commercial banks, used AWS services to implement event management at scale and centralize its event response. Generally speaking, security compliance in a monolithic environment is easier to monitor and enforce when a small number of hands […]

Read More

Improve governance and business agility using AWS Management and Governance videos – part 2

This blog post highlights newly published videos on the AWS Management and Governance YouTube channel that help you enable, provision, and operate your AWS environments effectively. The first part of this blog series was published last spring. The objective of these video-based, hands-on solutions is to enable you to innovate faster while maintaining control over […]

Read More

How BBVA USA delivered security and governance at scale using management tools

As BBVA USA began its digital transformation journey, the security operations team had to improve its processes around provisioning and baselining of AWS accounts. The demand for new AWS accounts continued to increase from multiple application teams within the bank. In an effort to standardize new accounts within the enterprise, BBVA USA built an automated […]

Read More

Harness the power of control automation to reduce operational risk and improve compliance

As Financial Service Industry (FSI) customers plan their migration to AWS, a common question is whether there is an easy approach for automating common technology controls to support nearly continuous compliance monitoring. The good news is that AWS provides a number of flexible and powerful capabilities to not only address compliance automation, but to also […]

Read More

Visualizing AWS CloudTrail Events using Kibana

In this blog post you learn how to visualize AWS CloudTrail events, near real time, using Kibana. This solution is useful if you use an ELK (Elasticsearch, Logstash, Kibana) stack to aggregate logs from all your systems and applications, analyze these logs, and create visualizations for application and infrastructure monitoring. This solution is also useful […]

Read More

Analyzing AWS CloudTrail in Amazon CloudWatch

In this blog post, we learn how to ingest AWS CloudTrail log data into Amazon CloudWatch to monitor and identify your AWS account activity against security threats, and create a governance framework for security best practices. We will analyze log trail event data in CloudWatch using features such as Logs Insight, Contributor Insights, Metric filters […]

Read More

How to optimize assessment of cloud services

As my colleague Ilya Epshteyn introduced in his blog titled “How financial institutions can approve AWS services for highly confidential data,” common across the financial services industry is a formal assessment process for cloud services. These assessment processes vary in depth and breadth, striving to determine which cloud services will be best suited to fulfill […]

Read More