AWS Cloud Operations & Migrations Blog
Category: Management Tools
Example Scenarios for AWS Config Continuous Monitoring of Amazon S3 Bucket Access Controls
Recently, AWS Config announced two new managed rules to detect Amazon S3 buckets that have overly permissive controls. You can now check your S3 buckets continuously for unrestricted public write access or unrestricted public read access. In addition, you can view compliance of all your S3 buckets against these rules, and receive notifications via Amazon […]
Secure, Scalable, and Efficient Instance Management Using Amazon EC2 Run Command
This post was written by Miguel João, Cloud Software Engineer at OutSystems. The OutSystems low-code development platform allows users to create and deliver high-quality web and mobile apps a lot faster, leveraging all the advantages of visual programming with few of the drawbacks. Of course, providing this high productivity, enterprise-grade Platform-as-a-Service (PaaS) solution can be […]
Supercharge Multi-Account Management with AWS CloudFormation
As your use of Amazon Web Services evolves, you will probably outgrow your first account, and need to move into a multi-account model. There are plenty of benefits to using more than one AWS account: An administrative boundary: I can choose how permissive or restrictive my policies are based on the account type. Separating user […]
Combating Configuration Drift Using Amazon EC2 Systems Manager and Windows PowerShell DSC
Configuration drift occurs when a system “drifts” or changes from its intended configuration. It is caused by having inconsistent configuration items (CIs) across environments. Amazon EC2 Systems Manager is a management service that helps you automatically collect a software inventory, apply OS patches, create system images, and configure Windows and Linux operating systems. These capabilities […]
Organize Parameters by Hierarchy, Tags, or Amazon CloudWatch Events with Amazon EC2 Systems Manager Parameter Store
This post was written by Lusha Zhang, Software Development Engineer with Amazon Web Services. Parameter Store, part of Amazon EC2 Systems Manager, provides a centralized, encrypted store to manage your configuration data, whether plaintext data (database strings) or secrets (passwords, API keys for example). Because Parameter Store is available through the AWS CLI, APIs, and […]
Windows AMI Patching and Maintenance with Amazon EC2 Systems Manager
The Automation service, which is part of Amazon EC2 Systems Manager, helps you save time and the effort associated with routine management operations. Automation workflows are streamlined, repeatable, and auditable. For example, you can easily automate manual tasks such as golden image creation, baking applications into Amazon Machine Images (AMIs), or patching and updating agents. […]
Amazon EC2 Systems Manager Documents: Support for Cross-platform Documents and Multiple Steps of the Same Type
This post was written by Babul Mehta, Software Development Engineer with Amazon Web Services. Amazon EC2 Systems Manager documents define the actions that Systems Manager services perform on your managed instances. Documents are essentially a series of steps executed in sequence, and can be versioned and shared across accounts (and even publicly). Systems Manager includes […]
How to track configuration changes to CloudFormation stacks using AWS Config
Recently, AWS Config announced support for AWS CloudFormation stacks. You can now start tracking the current and historical configuration of your CloudFormation stacks, and get notified via Amazon SNS when your stack configuration changes. You can also use a managed AWS Config rule to check whether your CloudFormation stacks are sending event notifications to an […]
Running Salt States Using Amazon EC2 Systems Manager
Like Ansible, Salt is a popular tool for configuration management. As with other tools in the same category, one of the key challenges is efficiently managing the deployment and execution of the automation directives. Amazon EC2 Systems Manager is a powerful configuration management platform. One of its key benefits is that it allows customers to […]
Monitor and Notify on AWS Account Root User Activity
Are you aware when someone uses your AWS account credentials to perform some activity? Are you notified in time? When you first create an AWS account, you begin only with a single sign-in identity that has complete access to all AWS services and resources in the account. This identity is called the root user and […]