AWS Cloud Operations & Migrations Blog

Category: Amazon VPC

Target-a-group-of-Amazon-EC2-On-Demand-Capacity-Reservations

Target a group of Amazon EC2 On-Demand Capacity Reservations

On-Demand Capacity Reservations enable you to reserve capacity for Amazon Elastic Compute Cloud(Amazon EC2) instances in an Availability Zone for any duration. You can use AWS Resource Groups to organize AWS resources into logical collections of applications, projects or environments. Last year, we introduced the ability to target EC2 capacity reservations in a resource group by using […]

Read More

Self-service VPCs in AWS Control Tower using AWS Service Catalog

One of the first tasks my customers do when creating a new AWS account is to create the right network integration for their enterprise. Typically, this means implementing an Amazon Virtual Private Cloud (VPC) across a multi-account framework that was provisioned with AWS Control Tower. When these are provisioned in a self-service model, we see […]

Read More
Feature Image for blog titled Using AWS Cost and Usage Reports and Cost Allocation Tags to understand VPC Flow Logs data ingestion costs in Amazon S3

Using AWS Cost and Usage Reports and Cost Allocation Tags to understand VPC Flow Logs data ingestion costs in Amazon S3

AWS customers enable the VPC Flow Logs feature in their accounts for security, governance, and auditing. They often have several teams who create VPC flow log subscriptions for their workloads and publish the data  to the same Amazon Simple Storage Service (Amazon S3) bucket as part of a centralized logging architecture. Customers need a way […]

Read More

Improve security by analyzing VPC flow logs with Amazon CloudWatch Contributor Insights

You can use rules in Amazon CloudWatch Contributor Insights to gain security visibility into your VPC flow logs. The rules analyze flow logs in targeted groups in Amazon CloudWatch Logs and display the Top-N contributors for a given log field or combination of log fields. In this post, I’ll show you how to set up CloudWatch Contributor Insight rules for VPC flow logs. I’ll demonstrate how to:

Map the VPC flow log format to rules in Contributor Insights.
Explain how a single rule can be used to monitor many VPC flow logs.
Walk through some sample rules and show them in a CloudWatch dashboard.

Read More
Automated configuration of Session Manager without an internet gateway

Automated configuration of Session Manager without an internet gateway

Session Manager is a fully managed AWS Systems Manager capability that you can use to manage your Amazon Elastic Compute Cloud (Amazon EC2) instances, on-premises instances, and virtual machines (VMs) through an interactive one-click browser-based shell or through the AWS CLI. Session Manager also provides secure and auditable instance management without the need to open […]

Read More

Amazon EC2 instance port forwarding with AWS Systems Manager

Port forwarding is a useful way to redirect network traffic from one IP address and port number combination to another. With port forwarding, you can access an EC2 instance located in a private subnet from your workstation. In this post, we walk through a use case where customers have a strict security requirement for their […]

Read More

Implementing Serverless Transit Network Orchestrator (STNO) in AWS Control Tower

Introduction Many of the customers that we have worked with are using advanced network architectures in AWS for multi-VPC and multi-account architectures. Placing workloads into separate Amazon Virtual Private Clouds (VPCs) has several advantages, chief among them isolating sensitive workloads and allowing teams to innovate without fear of impacting other systems. Many companies are taking […]

Read More