AWS Cloud Operations & Migrations Blog

Category: Networking & Content Delivery

Building a central Amazon CloudWatch Dashboard to monitor Lambda@Edge logs and metrics

Introduction Lambda@Edge is a powerful feature of Amazon CloudFront that allows you to execute serverless code closer to your application users, resulting in improved performance and reduced latency. By distributing Lambda@Edge functions to edge locations worldwide, AWS ensures that the code executes closer to end users, providing faster response times. Moreover, the serverless nature of […]

How to grant least privilege access to third-parties on your private EC2 instances with AWS Systems Manager

AWS Systems Manager Session Manager provides a more secure way to manage your Amazon Elastic Compute Cloud (EC2) instances without the need to open inbound ports, maintain bastion hosts, or manage SSH keys. Furthermore, you can use it with a combination of AWS services to give access to external third-parties. Due to business requirements, you […]

Announcing inbound network access control in Amazon Managed Grafana

Many customers that use Amazon Managed Grafana have a need to restrict the Grafana workspace public access and enable fine-grained control to allow which traffic sources can reach the Grafana workspace. Today, we are announcing Amazon Managed Grafana’s new feature that supports inbound network access control. This enables you to secure Grafana workspaces using VPC […]

How Thomson Reuters used Amazon CloudWatch to improve availability and operational efficiency of Directory Services

Thomson Reuters Corporation (TR) is a Canadian multinational media company that provides critical online and print information, know-how, decision making tools, software, and services for the legal industry. TR’s Tax and Accounting business serves law firms, tax and accounting firms, global trade organizations, educational institutions, and more. Thomson Reuters operates in more than 100 countries […]

Amazon Managed Service for Prometheus now offers VPC endpoint policy support

Today, Amazon Managed Service for Prometheus announces support for Amazon Virtual Private Cloud (Amazon VPC) endpoint policies. With VPC endpoint policy support, customers can now further control access to Amazon Managed Service for Prometheus through restricting user access or allowable actions. Amazon Managed Service for Prometheus is a fully managed Prometheus-compatible monitoring service that monitors and alarms on […]

How to enable VPC Flow Logs automatically using AWS Config rules

This post discusses an automated process for enabling Amazon Virtual Private Cloud (Amazon VPC) Flow Logs using AWS Config rule remediation. Customers use Amazon VPC Flow logs to capture information about the IP traffic going to and from network interfaces in an Amazon VPC. You can deploy this solution with the help of AWS Control […]

Automate time series network visualizations for AWS PrivateLink using Amazon CloudWatch Contributor Insights

AWS PrivateLink is a highly available, scalable technology that lets you connect your Amazon Virtual Private Cloud (VPC) to supported AWS services without requiring public internet traversal. It also lets you privately connect to services hosted by other AWS accounts (VPC endpoint services) and supported AWS Marketplace partner services. Amazon CloudWatch Contributor Insights is a […]

Use Amazon Cloud Watch math expressions and composite alarms for detailed monitoring of AWS Elastic Load Balancers

AWS Elastic Load Balancing encompasses the following load balancers in AWS: Application Load Balancers, Network Load Balancers, Gateway Load Balancers, and Classic Load Balancers. The load balancer serves as a single contact point for clients and it distributes incoming traffic across multiple targets such as EC2 instances as well as it is crucial to monitor […]

How to fix SSH issues on EC2 Linux instances using AWS Systems Manager

In a previous blog post, we provided a walkthrough of how to fix unreachable Amazon EC2 Windows instances using the EC2Rescue for Windows tool. In this blog post, I will walk you through how to utilize EC2Rescue for Linux to fix unreachable Linux instances. This Knowledge Center Article describes how EC2Rescue for Linux can be used to […]

Monitor Private VPC Endpoint Health in Hybrid DNS Environments Using CloudWatch Synthetics

We start by paying homage to the Amazon CloudWatch Synthetics canary naming convention, which nods to the original use of canaries to detect carbon monoxide in coal mines. The bird’s small size, high metabolism, and intensified breathing led to their early demise when exposed to the poisonous gas, thereby allowing miners to take corrective action […]