Category: AWS Config

Overview A key benefit of using the Amazon Web Services (AWS) cloud is the ability to pay only for the services you consume. This granular control and elastic model enables you to achieve substantial savings compared to on-premise infrastructure. The practice of ensuring you are getting the most value for your investment, and a foundational pillar […]

At AWS, we are committed to running our business in the most environmentally friendly way possible. We also work to enable our customers to use the benefits of the cloud to better monitor and optimize their IT infrastructure. As reported in The Carbon Reduction Opportunity of Moving to Amazon Web Services, our infrastructure is 3.6 […]

Introduction AWS Organizations provides the capability to centrally manage and govern your AWS environment. As an organization, you can delegate administration of specific AWS services integrated with AWS Organizations to authorized individuals or teams. Implementing effective controls for these delegated administrators is essential to ensuring the security, compliance, and operational efficiency of your AWS environment. […]

Today, we are excited to announce a significant enhancement to AWS Resource Explorer that delivers a unified view of centralized resource insights and properties from AWS services. With the enhanced Resource Explorer experience, relevant data and insights from multiple AWS services is centralized for supported resource types. Customers use keyword-based search to return a list […]

AWS Config is a fully managed service that provides customers with resource inventory, configuration monitoring, and configuration change notifications to support security, governance, and compliance for workloads in AWS. An AWS Config rule represents desired configurations for a resource and evaluates changes in near real-time and records the compliance history in AWS Config. Using AWS […]

This post is co-written with Jacob Rickerd, Principal Security Engineer at Attentive. The post walks through an example dashboard that Attentive, an AI-powered mobile marketing platform, uses for resource inventory, serving as a starting point for you to build comprehensive dashboards tailored to your environment and tag policies. Attentive is the AI-powered SMS and email […]

In this blog post, we will show you how to manage your compliance controls with AWS Config custom rules (custom rules) written in AWS CloudFormation Guard (cfn-guard) domain-specific language (DSL) with use of conformance packs. AWS CloudFormation Guard, the language used to write custom policy rules is an open-source domain-specific language (DSL) and command line […]

In this blog post, we will build a custom automation document for resolving the non-compliant resource status through  AWS Systems Manager Automation. Building an AWS Systems Manager (SSM) document using Amazon Q Developer involves creating a JSON or YAML document that defines the desired state of your managed instances in AWS. SSM documents are used […]

Introduction When I take my car in for service for a simple oil change, the technician often reads off a litany of other services my car needs that I had put off since the previous service (and maybe the service before that, too). I tend to wait for the “check engine” light to come on […]

With numerous AWS accounts in an organization, receiving an external security finding like a vulnerability assessment or pen test report impacting multiple resources can be challenging. Without a centralized resource viewing and search capability, identifying the affected resources require switching and inspecting each account individually, which is time-consuming and inefficient. Security vulnerabilities are time-sensitive, and […]