AWS Cloud Operations & Migrations Blog
Category: AWS Config
Mapping Microsoft SCCM compliance checks to AWS Config
Microsoft SCCM (System Center Configuration Manager) enables the management, deployment, and security of devices and applications. Compliance settings in Configuration Manager lets you manage configuration and compliance in your organization. As customers migrate their traditional workloads, they’re also looking for an AWS native solution that provides the flexibility to manage compliance and configuration management on […]
DevOps automation for backup compliance in AWS using AWS Backup Audit Manager
Backup compliance in AWS includes defining and enforcing backup policies to encrypt your backups, protect them from manual deletion, prevent changes to your backup lifecycle settings, and audit and report on backup activity from a centralized console. AWS Backup Audit Manager, a feature within the AWS Backup service, provides built-in compliance controls for these areas. […]
Automate enrollment of accounts with existing AWS Config resources into AWS Control Tower
Customers who deployed AWS Control Tower in their existing organization will begin enrolling existing member accounts located under Organization Units (OU) to bring those accounts under the governance of Control Tower. In most cases, the customer has already enabled AWS Config to record, and evaluate AWS resource configurations in existing accounts. Previously, customers who would want […]
Cross-account configuration with AWS AppConfig
Customers will often start using various AWS services through a single AWS account. As customers continue their AWS journey, they increase the number and diversity of workloads operating on AWS. Furthermore, as the number of users grows, managing this account becomes difficult and time consuming. Then, customers create more accounts for multiple users. This helps […]
Proactively keep resources secure and compliant with AWS CloudFormation Hooks
Organizations want their developers to provision resources that they need to build applications while maintaining compliance with security, operational, and cost optimization best practices. Most solutions today inform customers about noncompliant resources only after those resources have been provisioned. These noncompliant resources exist until they are deleted or modified and increase security risk, operational overhead, […]
Automate AWS Config data visualization with AWS Systems Manager
Earlier this year we published a blog, Visualizing AWS Config data using Amazon Athena and Amazon QuickSight. It outlines the steps for setting up AWS Config with Amazon Athena and Amazon QuickSight. We received great feedback from that post. To further help our customers adopt these tools we are happy to announce the availability of […]
Managing configuration compliance across your organization with AWS Systems Manager Quick Setup
When running your applications on AWS, the number of resources you use increases as the demand of your applications keeps growing. Eventually, keeping track of your AWS resources and the relationships between them becomes challenging from a governance perspective. AWS Config lets you more easily assess, audit, and evaluate the configurations of your AWS resources. […]
Migrate AWS Landing Zone solution to AWS Control Tower
Customers who wanted to quickly set up a secure, compliant, multi-account AWS environment had adopted AWS Landing Zone solution (ALZ). To reduce the burden of managing this ALZ, AWS has announced a managed service – AWS Control Tower (Control Tower). AWS Control Tower creates your landing zone using AWS Organizations, thereby bringing together ongoing account […]
How Projects Can be Tracked on AWS to Increase Accountability and Reduce Cost
This post was co-authored by Amy McVey and Jarrod Lewis from AER As AWS usage within a business increases over time, it can become difficult to track the AWS resources that have been created (e.g. EC2 instances, S3 buckets) and who is responsible for them. This can lead to unnecessary costs from resources that are […]
Automating AWS Security Hub Alerts with AWS Control Tower lifecycle events
Important Update: As of 23 Nov 2020 the Security Hub service was updated to support direct integration with AWS Organizations. Lifecycle events are no longer the recommended way to enable Security Hub. Please utilize Security Hub’s native integration with AWS Organizations. You can also refer to this blog, which walks through how to enable GuardDuty […]