AWS Management & Governance Blog

Category: AWS Config

AWS Organizations, AWS Config, and Terraform

In this post, I show how you can use AWS Organizations, AWS Config, and HashiCorp’s Terraform to deploy guardrails at scale. AWS Config provides configuration, compliance, and auditing features that are required for governing your resources and providing security posture assessment at scale. With its recent support for AWS Organizations, AWS Config makes it possible […]

Read More

How BBVA USA delivered security and governance at scale using management tools

As BBVA USA began its digital transformation journey, the security operations team had to improve its processes around provisioning and baselining of AWS accounts. The demand for new AWS accounts continued to increase from multiple application teams within the bank. In an effort to standardize new accounts within the enterprise, BBVA USA built an automated […]

Read More

Extend AWS Control Tower governance using AWS Config Conformance Packs

As many customers adopt AWS Control Tower, they have asked Raphael and me how to add additional governance policies such as the NIST Cybersecurity Framework (CSF) to their environments on top of the guardrails that AWS Control Tower provides. Customers want to enable these additional policies on the AWS Regions where AWS Control Tower is […]

Read More

Identifying resources with the most configuration changes using AWS Config

AWS Config tracks changes made to supported resources and records them as configuration items (CIs), which are JSON files delivered to an Amazon S3 bucket. These are delivered in 6-hour intervals, as configuration history files. Each file contains details about the resources that changed in that 6-hour period, for the respective resource types, such as […]

Read More
This diagram shows how AWS Config continuously tracks the state of resources in your account. When changes are detected, AWS Config tracks records those changes and maintains a history. Those changes and history are delivered to an s3 bucket and can be later accessed via the console or the API. If a rule is deployed to evaluate the resource, it can be triggered automatically. The evaluation results can be displayed on the console or accessed via the AWS Config API.

Using AWS Config for security analysis and resource administration

This blog post is a collaboration between Snehal Nahar, Technical Account Manager at AWS and Howard Zeemer, Manager of Operational Tools and Automation at LendingTree In this post, we will discuss how Lending Tree is using AWS Config for resource administration and security analysis. LendingTree empowers consumers to shop for financial services, comparing multiple offers […]

Read More

Keep up on the latest from AWS Organizations- Summer 2020

This is our second installment of the latest news from AWS Organizations, which allows you to centrally manage and govern your AWS environment across accounts. We have had some exciting launches over the past few months, including new service integrations and Region expansions. Here’s the latest since April 2020: Create a backup policy that applies […]

Read More

Harness the power of control automation to reduce operational risk and improve compliance

As Financial Service Industry (FSI) customers plan their migration to AWS, a common question is whether there is an easy approach for automating common technology controls to support nearly continuous compliance monitoring. The good news is that AWS provides a number of flexible and powerful capabilities to not only address compliance automation, but to also […]

Read More

AWS Config for resource housekeeping and cost optimization

This guest blog post is contributed by Bradley Segobiano, a Lead Software engineer at Genesys. Bradley works with the DevOps team and helps developer teams build and run a stable and highly available application platform. The elasticity Cloud Computing provides is a powerful enabler of innovation. But as new infrastructure is deployed, it is important […]

Read More
Overview of architecture: Multiple target accounts send info to master account

Managing aged access keys through AWS Config remediations

One of the security best practices that is time-consuming to manage is enforcing IAM access key rotation for IAM users. Access keys give IAM users the ability to connect to Amazon EC2 instances. Therefore rotating these regularly (for example, every 90 days) is one of the key steps in protecting your resources from unauthorized access. […]

Read More

Deploy AWS Config Rules and Conformance Packs using a delegated admin

AWS Config Rules allow customers to evaluate the configuration of resources against best practices and perform remediation when specified configuration policies are not being followed. Using AWS Config Conformance Packs, customers can create a collection of AWS Config rules and remediation actions in a single pack that can be deployed across AWS Organizations. This provides […]

Read More