Category: Best Practices

Organizations use multiple environments, each with different security and compliance controls, as part of their deployment pipeline. Following the principle of least privilege, production environments have the most restrictive security and compliance controls. They tightly limit who can access the environment and which actions each user (or principal) can perform. Development and test environments also […]

If you’re an organization with multiple AWS accounts and independent teams, cloud governance can seem a daunting task. The complexities of balancing developer velocity with centralized governance risks can slow down the innovation you’re trying to speed up. Fortunately, AWS Service Catalog, and AWS Backup help to implement a well-architected approach to self-service while meeting […]

Organizations often decide to move their applications from on-premises environments to the cloud with little to no architecture changes. This migration strategy is advantageous for large-scale applications to satisfy specific business goals, such as launching a product in an accelerated timeline or exiting an on-premises data center. Using a rehost migration strategy lets customers achieve […]

When you run an application on multiple Amazon Elastic Compute Cloud (Amazon EC2) instances, you want to avoid differences between the instances because they can cause unpredictable behavior and make it hard to troubleshoot and solve issues. The best way to prevent differences is to replace your instances whenever you want to make a change—to […]

UPDATE (15 Dec 22): AWS AppConfig released an Agent for containers (EKS, ECS, Docker, Kubernetes) in December 2022, which makes calling AppConfig much simpler from containerized applications. We recommend using the AppConfig Agent for containers instead of the method below. Read the Agent documentation.   AWS AppConfig is a capability of AWS Systems Manager that you […]

Since 2014, AWS Trusted Advisor has been providing customers with visibility into an individual AWS account and providing recommendations based on known AWS best practices. Trusted Advisor makes recommendations to help customers achieve a better security posture, control their costs, optimize application performance, design better fault tolerance, and maintain control over their AWS service limits […]

Application workloads being built for the cloud are getting easier to deploy with tools like Amazon Elastic Kubernetes Service (Amazon EKS) and Amazon Elastic Container Service (Amazon ECS and AWS Fargate), infrastructure as code (IaC), and full-scale DevSecOps pipelines. But there’s more to migrating workloads than ease of development and deployment: application workloads still need […]

Continuous delivery pipelines, combined with infrastructure as code tools like AWS CloudFormation, allow our customers to manage applications in a safe and predictable way. CloudFormation helps customers model and provision their AWS and third-party application resources, with features such as rollback to provide automation and safety. Together with tools such as AWS CodeBuild, AWS CodePipeline, […]

AWS customers look to move quickly and securely when launching new business innovations. The multi-account environment provides guidance to help customers plan their AWS environment. This framework is designed to meet security needs, while maintaining the ability to scale and adapt their environments with changing business demands. The basis of a well-architected multi-account AWS environment […]

Note: This is a June 2020 update to the blog post How to set up a multi-region, multi-account catalog of company standard AWS Service Catalog products. Overview I have seen interest in the native infrastructure template sharing capabilities offered by AWS Service Catalog. For example, my customers share AWS Service Catalog portfolios directly to AWS […]