Category: Best Practices

Observability means more than just monitoring. At AWS, we consider observability to be an integral component of healthy and secure operations. Two of the newest features of Amazon CloudWatch that enhance observability into your application’s health and operations are Amazon CloudWatch RUM and Amazon CloudWatch Evidently. In this post, we will take you through a […]

The updated version (June 2022) that follows is based on working backward from a customer need to understand Service Level Objectives (“SLOs”) and the benefits from monitoring SLOs. This post was originally written in Nov 2021 by Natalia Sikora-Zimna, Product Owner at Nobl9. A service can be provided by infrastructure, a platform, software, or people. […]

In this blog post, I share my observations as an AMS Solutions Architect on how achieving operational excellence can help organizations realize their cloud business objectives while migrating to AWS. I dive deep into the five design principles that AWS Managed Services (AMS) uses to achieve operational excellence. Amazon is guided by four principles: customer […]

This is the third post in our series about multi-account management. In the first post, Governance, risk, and compliance when establishing your cloud presence, we focus on design considerations for managing in a cloud environment. Our second post, Best Practices for Organizational Units with AWS Organizations, provides guidance for a production-ready organizational unit (OU) structure when creating […]

The first post in this series, Reinventing automated operations (Part I), covered the importance of operations in the cloud and how deferring the creation of an operations plan can slow down your migration. In this post, I’ll share the primary mechanism of iterative improvement (aka flywheel) that AWS Managed Services (AMS) uses to increase operational […]

You can use AWS Organizations to centrally manage and govern multiple accounts within your AWS organization. The service includes a management account, which has permissions to create accounts and manage and govern underlying infrastructure. The management account has wide permissions and access to accounts within the organization, so it should only be used for absolutely […]

September 8, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. AWS CloudTrail gives you a history of AWS calls for your account, including API calls made through the AWS Management Console, AWS SDKs, and command line tools. As a result, you can identify: Which users and accounts called AWS APIs […]

This is the first in a two-part series that covers lessons learned at AWS Managed Services (AMS) as we help customers and partners achieve operational excellence on AWS. To create a secure and consistent cloud operating model, you need both operational experience and AWS skills. In my conversations with customers, it is common for experienced […]

Organizations use multiple environments, each with different security and compliance controls, as part of their deployment pipeline. Following the principle of least privilege, production environments have the most restrictive security and compliance controls. They tightly limit who can access the environment and which actions each user (or principal) can perform. Development and test environments also […]

If you’re an organization with multiple AWS accounts and independent teams, cloud governance can seem a daunting task. The complexities of balancing developer velocity with centralized governance risks can slow down the innovation you’re trying to speed up. Fortunately, AWS Service Catalog, and AWS Backup help to implement a well-architected approach to self-service while meeting […]