AWS Cloud Operations Blog

Category: AWS Config

Implementing automated and centralized tagging controls with AWS Config and AWS Organizations

Introduction This blog post is for customers who want to implement automated tagging controls and strategy for cost allocation. Customers want to centralize and maintain consistency for tags across AWS Organizations so they are available outside their AWS environment (e.g. in build scripts, etc.) or enforce centralized conditional tagging on existing and new AWS resources […]

How to use AWS Config proactive rules and AWS CloudFormation Hooks to prevent creation of noncompliant cloud resources

Balancing developer freedom and governance controls is a key challenge faced by organizations that are adopting cloud. On one hand, developers need the freedom to innovate and develop new applications and services quickly and on the other, organizations need to maintain control over the resources used and the data processed in order to ensure compliance […]

How to record resource configuration changes periodically with AWS Config

AWS Config is a service that tracks configuration changes of AWS resources in your AWS account or across your AWS Organizations. AWS Config uses the configuration recorder to detect changes of your resources and track them as configuration items (CIs). Given the increasing complexity of cloud infrastructure, the number of resource configuration changes being made […]

Audit and visualize ephemeral EC2 instances using AWS CloudTrail Lake as a zero-ETL data source in Amazon Athena

Today, we are happy to announce that AWS CloudTrail Lake data is now available for zero-ETL analysis in Amazon Athena. AWS CloudTrail Lake is a managed data lake for capturing, storing, accessing, and analyzing user and API activity on AWS for audit, security, and compliance purposes. CloudTrail Lake allows you to easily aggregate activity logs […]

Continuously optimize your operational excellence posture through AWS Trusted Advisor

AWS Trusted Advisor continuously evaluates your AWS environment using best practice checks in the categories of cost optimization, performance, resilience, security, service limits, and operational excellence and recommends actions to remediate any deviations from AWS best practices in the AWS Well-Architected Framework. AWS Well-Architected Framework is a collection of architectural best practices and guidance to […]

Identify AWS Systems Manager Patch Compliance Status with AWS CloudTrail Lake

Security and compliance is a shared responsibility between AWS and the customer. The shared responsibility model outlines responsibilities for Security of the Cloud versus Security in the Cloud. Customers are responsible for Security in the Cloud, which includes patching Amazon EC2 instances. For the customers running workloads on EC2 instances, during security audits, they may be […]

Centralized Dashboard for AWS Config and AWS Security Hub

Back in July 2022, we announced AWS config compliance scores for conformance packs which helps you quantify your compliance posture as an Amazon CloudWatch metric. It’s a quantitative measure of compliance status. While customers can have hundreds of AWS accounts where AWS Config is enabled and each account and each AWS Region have a different compliance score. While […]

Automated Evidence Collection for Life Sciences continuous compliance solutions using AWS Audit Manager

In the first post of this two-part series, we highlighted how Life Sciences customers can implement a controlled change management process using AWS Systems Manager Change Manager and AWS Config. The solution in our first post, highlighted how a you can follow your Standard Operating Procedures (SOP’s) by implementing approval steps in order to make […]

Automating organizational policies with custom AWS Config Rules and evidence collection in AWS Audit Manager

AWS Config is a service that allows you to evaluate your AWS resources against a desired configuration state using AWS Config Rules. Two types of rules exist, managed rules which are meant to be used out-of-the-box and custom rules for which you define your desired configuration state via code.  AWS Audit Manager can help you […]

Evaluate custom configurations using AWS Config Custom Policy rules and the open source sample repository

Does your organization have custom configuration requirements for your resources? Do you find it challenging to compare actual resource configuration settings against your configuration requirements? Today, you can leverage a new public repository of sample AWS Config custom rules using AWS CloudFormation Guard to help you address these challenges. AWS Config allows you to evaluate actual […]