AWS Management & Governance Blog

Category: Networking & Content Delivery

Using Prometheus Adapter to autoscale applications running on Amazon EKS

Automated scaling is an approach to scaling up or down workloads automatically based on resource usage. In Kubernetes, the Horizontal Pod Autoscaler (HPA) can scale pods based on observed CPU utilization and memory usage. In more complex scenarios, we would account for other metrics before deciding the scaling. For example, most web and mobile backends […]

Read More
Infosys implements AWS Control Tower to enforce multi-account governance

Infosys implements AWS Control Tower to enforce multi-account governance

Today, most enterprises adopt a multi-account strategy on AWS as their workloads scale and become more complex. Because the number of AWS accounts can grow quickly when you use a multi-account strategy, you need mechanisms to govern these accounts and standard guardrails to enforce controls across them. In this blog post, we are going to […]

Read More
Sending Standard CloudFront Access Logs to CloudWatch Logs for Analysis

Sending CloudFront standard logs to CloudWatch Logs for analysis

Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment. CloudFront standard logs (also known as access logs) give you visibility into requests that are made to a CloudFront distribution. The logs can […]

Read More
Target-a-group-of-Amazon-EC2-On-Demand-Capacity-Reservations

Target a group of Amazon EC2 On-Demand Capacity Reservations

On-Demand Capacity Reservations enable you to reserve capacity for Amazon Elastic Compute Cloud(Amazon EC2) instances in an Availability Zone for any duration. You can use AWS Resource Groups to organize AWS resources into logical collections of applications, projects or environments. Last year, we introduced the ability to target EC2 capacity reservations in a resource group by using […]

Read More

Self-service VPCs in AWS Control Tower using AWS Service Catalog

One of the first tasks my customers do when creating a new AWS account is to create the right network integration for their enterprise. Typically, this means implementing an Amazon Virtual Private Cloud (VPC) across a multi-account framework that was provisioned with AWS Control Tower. When these are provisioned in a self-service model, we see […]

Read More
Feature Image for blog titled Using AWS Cost and Usage Reports and Cost Allocation Tags to understand VPC Flow Logs data ingestion costs in Amazon S3

Using AWS Cost and Usage Reports and Cost Allocation Tags to understand VPC Flow Logs data ingestion costs in Amazon S3

AWS customers enable the VPC Flow Logs feature in their accounts for security, governance, and auditing. They often have several teams who create VPC flow log subscriptions for their workloads and publish the data  to the same Amazon Simple Storage Service (Amazon S3) bucket as part of a centralized logging architecture. Customers need a way […]

Read More

Improve security by analyzing VPC flow logs with Amazon CloudWatch Contributor Insights

You can use rules in Amazon CloudWatch Contributor Insights to gain security visibility into your VPC flow logs. The rules analyze flow logs in targeted groups in Amazon CloudWatch Logs and display the Top-N contributors for a given log field or combination of log fields. In this post, I’ll show you how to set up CloudWatch Contributor Insight rules for VPC flow logs. I’ll demonstrate how to:

Map the VPC flow log format to rules in Contributor Insights.
Explain how a single rule can be used to monitor many VPC flow logs.
Walk through some sample rules and show them in a CloudWatch dashboard.

Read More
cisco csr vpn

Monitoring Cisco CSR 1000v VPN tunnel and BGP status using Amazon CloudWatch

Many organizations get access to their AWS resources using a Direct Connect connection or a Site-to-Site VPN. AWS Site-to-Site VPN creates a secure connection between your data center or branch office and your AWS cloud resources.  In this post, we will see how to monitor your Cisco CSR VPN tunnel and BGP (Border Gateway Protocol) […]

Read More
Automated configuration of Session Manager without an internet gateway

Automated configuration of Session Manager without an internet gateway

Session Manager is a fully managed AWS Systems Manager capability that you can use to manage your Amazon Elastic Compute Cloud (Amazon EC2) instances, on-premises instances, and virtual machines (VMs) through an interactive one-click browser-based shell or through the AWS CLI. Session Manager also provides secure and auditable instance management without the need to open […]

Read More

Amazon EC2 instance port forwarding with AWS Systems Manager

Port forwarding is a useful way to redirect network traffic from one IP address and port number combination to another. With port forwarding, you can access an EC2 instance located in a private subnet from your workstation. In this post, we walk through a use case where customers have a strict security requirement for their […]

Read More