AWS Cloud Operations Blog
Category: AWS Config
Building a cloud CMDB on AWS for consistent resource configuration in hybrid environments
In this post, we will show you how you can design and implement a configuration management database (CMDB) strategy as part of your cloud operating model. We are going to review some common needs when building a CMDB and the relevant AWS services that will help you build a comprehensive solution. We will talk about […]
Infosys implements AWS Control Tower to enforce multi-account governance
Today, most enterprises adopt a multi-account strategy on AWS as their workloads scale and become more complex. Because the number of AWS accounts can grow quickly when you use a multi-account strategy, you need mechanisms to govern these accounts and standard guardrails to enforce controls across them. In this blog post, we are going to […]
Using OPA to create AWS Config rules
In this blog post, we will show how you can use AWS Config custom rules with Open Policy Agent (OPA) to evaluate the compliance of your AWS resources. AWS Config enables you to assess, audit, and evaluate the configuration of your AWS resources. The service continuously monitors and records your AWS resource configurations and allows […]
Implement AWS Config rule remediation with Systems Manager Change Manager
AWS Config enables you to assess, audit, and evaluate the configurations of your AWS resources. AWS Config rules are evaluated when changes are made in the AWS environment. By analyzing changes as they occur, you can catch compliance violations quickly and minimize the exposure to your organization. When you apply a remediation action to an […]
Improve monitoring of AWS Systems Manager Agent
The ability to present a single pane of glass simplifies the process of tracking and controlling IT systems. Enterprises that run workloads on AWS use AWS Systems Manager because of its security, ease of management, and centralized reporting. When an agent loses connection to the management platform, you can lose visibility into system behavior and […]
Automate configuration compliance at scale in AWS
AWS Config continuously monitors and records your AWS resource configurations. You can use the service to automate the evaluation and remediation of recorded configurations against desired configurations. You also can review changes in configurations and relationships between AWS resources and dive into the history of a resource configuration. The basis of a well-architected multi-account AWS […]
Using AWS Control Tower and AWS Service Catalog to automate Control Tower lifecycle events
Many enterprise customers who use AWS Control Tower to create accounts want a way to extend the account creation process. They want this process to cover common business use cases including the creation of networks, security profiles, governance, and compliance. A manual process manually is cumbersome and makes it difficult for the organization to respond […]
Use Amazon Athena and AWS CloudTrail to estimate billing for AWS Config rule evaluations
AWS Config is a service that enables you to audit your AWS resources for compliance to a desired configuration state. You are billed based on the number of Configuration Items (a point-in-time snapshot of an AWS resource) recorded and the number of AWS Config rules (a function that reports resource compliancy) evaluated per resource per […]
AWS AppConfig: The Amazon service that helps you scale for large events like Prime Day
Amazon uses a number of AWS services to help meet increased traffic and demand during Prime Day events. As Jeff Barr has mentioned in his previous blog posts, some key services used in Prime Day include: Amazon DynamoDB handles the trillions of Prime Day requests. Amazon Interactive Video Service (Amazon IVS) enables shoppers to shop […]
Managing the multi-account environment using AWS Organizations and AWS Control Tower
This is the third post in our series about multi-account management. In the first post, Governance, risk, and compliance when establishing your cloud presence, we focus on design considerations for managing in a cloud environment. Our second post, Best Practices for Organizational Units with AWS Organizations, provides guidance for a production-ready organizational unit (OU) structure when creating […]