AWS Management & Governance Blog

Category: AWS Config

Illustration of the flow of actions between accounts for the Security Hub account association handshake.

Automating AWS Security Hub Alerts with AWS Control Tower lifecycle events

AWS Control Tower is an AWS managed service that automates the creation of a well-architected multi-account AWS environment. Control Tower simplifies new account provisioning for your AWS Organization. Control Tower also centralizes logging from AWS CloudTrail and AWS Config, and provides preventative and detective guardrails. AWS Security Hub can be used to provide a comprehensive […]

Read More

Deploy Conformance Packs across an Organization with Automatic Remediation

AWS Config conformance packs help you manage configuration compliance of your AWS resources at scale – from policy definition to auditing and aggregated reporting using a common framework and packaging model. Many enterprises have multiple AWS accounts to manage their AWS infrastructure and demand an easy way to manage compliance policy definitions across their organization. […]

Read More

Introducing AWS Config Multi-Account, Multi-Region support for Advanced Query

I’m excited to introduce you to our latest feature addition, AWS Config Advanced Query. Advanced query, launched last year, makes it easy to query the resource configuration properties of your AWS resources for audit, compliance, or operational troubleshooting using simple SQL-like queries. With our latest release, you can now use Advanced query with configuration aggregators, enabling you […]

Read More
MyFirstConformancePack

Introducing AWS Config Conformance Packs

I am very excited to introduce the latest addition to the AWS Config service: conformance packs. Conformance packs help you manage configuration compliance of your AWS resources at scale – from policy definition to auditing and aggregated reporting, using a common framework and packaging model. What are conformance packs? Conformance packs enable you to create […]

Read More

Enabling experimentation and innovation in the cloud at SulAmérica Seguros

SulAmérica Seguros is Brazil’s largest independent insurer. The company offers one-stop shopping with a diversified business offering (healthcare; auto insurance; life insurance; pension plans; savings bonds; and asset management). Founded in 1895, SulAmérica is Brazil’s: Third largest insurer in the healthcare and dental market Fifth largest in the auto insurance market Ninth largest in the […]

Read More

How to Detect and Mitigate Guardrail Violation with AWS Control Tower

Many companies that I work with would like to innovate fast in the cloud by adopting a self-service infrastructure provisioning model in a multi-account environment. However, maintaining security and governance in such a model is an organizational challenge. Without structured guardrails and baseline configuration enforcement, troubleshooting and mitigating risk can be cumbersome. AWS Control Tower […]

Read More

Amazon S3 bucket compliance using AWS Config Auto Remediation feature

AWS Config keeps track of the configuration of your AWS resources and their relationships to your other resources. It can also evaluate those AWS resources for compliance. This service uses rules that can be configured to evaluate AWS resources against desired configurations. For example, there are AWS Config rules that check whether or not your […]

Read More

Auto-populate instance details by integrating AWS Config with your ServiceNow CMDB

Introduction Many AWS customers either integrate ServiceNow into their existing AWS services or set up both ServiceNow and AWS services for simultaneous use. One challenge in this use case is the need to update your configuration management database (CMDB) when a new spin-up instance appears in AWS. This post demonstrates how to integrate AWS Config […]

Read More

How Moody’s uses AWS Systems Manager to patch servers across multiple cloud providers

Introduction Enterprises today continue to face challenges maintaining an inventory of all of their infrastructure. They need to ensure timely patching of their servers spread across their on-premises and cloud environments using the same set of tools. In this guest blog post, Divya Elaty, VP, Cloud Engineering at Moody’s, and Sarat Guttikonda, Global Solutions Architect […]

Read More

Query your resource configuration state using the advanced query feature of AWS Config

On March 19, AWS Config announced a new capability called advanced query. Advanced query makes it easy to query the resource configuration properties of your AWS resources for audit, compliance, or operational troubleshooting. Advanced query is available in all AWS public Regions and in AWS GovCloud (US) at no additional charge for AWS Config customers. […]

Read More