AWS Cloud Operations Blog
Category: AWS Config
Streamline compliance management with AWS Config custom rules and conformance packs
In this blog post, we will show you how to manage your compliance controls with AWS Config custom rules (custom rules) written in AWS CloudFormation Guard (cfn-guard) domain-specific language (DSL) with use of conformance packs. AWS CloudFormation Guard, the language used to write custom policy rules is an open-source domain-specific language (DSL) and command line […]
Simplifying remediation using AWS Systems Manager with Amazon Q Developer
In this blog post, we will build a custom automation document for resolving the non-compliant resource status through AWS Systems Manager Automation. Building an AWS Systems Manager (SSM) document using Amazon Q Developer involves creating a JSON or YAML document that defines the desired state of your managed instances in AWS. SSM documents are used […]
Ten Ways to Improve Your AWS Operations
Introduction When I take my car in for service for a simple oil change, the technician often reads off a litany of other services my car needs that I had put off since the previous service (and maybe the service before that, too). I tend to wait for the “check engine” light to come on […]
Identify AWS resources at risk across your multi-account environment with AWS Organizations integrations
With numerous AWS accounts in an organization, receiving an external security finding like a vulnerability assessment or pen test report impacting multiple resources can be challenging. Without a centralized resource viewing and search capability, identifying the affected resources require switching and inspecting each account individually, which is time-consuming and inefficient. Security vulnerabilities are time-sensitive, and […]
Simplify compliance management of multicloud or hybrid resources with AWS Config
Organizations of all sizes operate in a compliance landscape that is complex, dynamic, and evolving rapidly, facing internal requirements as well as industry or government regulations. A multicloud strategy creates additional challenges to maintain compliance policies across cloud providers. With AWS, you can implement compliance processes faster and more easily with automation, ready-to-use templates, and […]
Create AWS Config rules efficiently with Generative AI
AWS Config enables businesses to assess, audit, and evaluate the configurations of their AWS resources by leveraging AWS Config rules that represent your ideal configuration settings. For example a Security Group that allows ingress on port 22 should be marked as noncompliant. AWS Config provides predefined rules called managed rules to help you quickly get […]
How BMW Group uses automation to achieve end-to-end compliance at scale on AWS
This post is co-written with Dr. Jens Kohl, Daniel Engelhardt, and Sascha Kallin from BMW Group. The BMW Group – headquartered in Munich, Germany – is a vehicle manufacturer with 149,000 employees worldwide and manufactures in over 30 production and assembly facilities across 15 countries. Today, the BMW Group (BMW) is the world’s leading manufacturer […]
Leveraging custom AWS Config rules to optimize cost saving on AWS
AWS Config assesses, audits, and evaluates the configurations and relationships of your resources in your AWS account. Why might we want to use this service for cost optimization? Well consider a scenario where we can be alerted if a specific Amazon Relational Database Service (Amazon RDS) instance is deployed in the account. If a larger […]
Implementing automated and centralized tagging controls with AWS Config and AWS Organizations
Introduction This blog post is for customers who want to implement automated tagging controls and strategy for cost allocation. Customers want to centralize and maintain consistency for tags across AWS Organizations so they are available outside their AWS environment (e.g. in build scripts, etc.) or enforce centralized conditional tagging on existing and new AWS resources […]
How to use AWS Config proactive rules and AWS CloudFormation Hooks to prevent creation of noncompliant cloud resources
Balancing developer freedom and governance controls is a key challenge faced by organizations that are adopting cloud. On one hand, developers need the freedom to innovate and develop new applications and services quickly and on the other, organizations need to maintain control over the resources used and the data processed in order to ensure compliance […]