Category: Best Practices

UPDATE (15 Dec 22): AWS AppConfig released an Agent for containers (EKS, ECS, Docker, Kubernetes) in December 2022, which makes calling AppConfig much simpler from containerized applications. We recommend using the AppConfig Agent for containers instead of the method below. Read the Agent documentation.   AWS AppConfig is a capability of AWS Systems Manager that you […]

Since 2014, AWS Trusted Advisor has been providing customers with visibility into an individual AWS account and providing recommendations based on known AWS best practices. Trusted Advisor makes recommendations to help customers achieve a better security posture, control their costs, optimize application performance, design better fault tolerance, and maintain control over their AWS service limits […]

Application workloads being built for the cloud are getting easier to deploy with tools like Amazon Elastic Kubernetes Service (Amazon EKS) and Amazon Elastic Container Service (Amazon ECS and AWS Fargate), infrastructure as code (IaC), and full-scale DevSecOps pipelines. But there’s more to migrating workloads than ease of development and deployment: application workloads still need […]

Continuous delivery pipelines, combined with infrastructure as code tools like AWS CloudFormation, allow our customers to manage applications in a safe and predictable way. CloudFormation helps customers model and provision their AWS and third-party application resources, with features such as rollback to provide automation and safety. Together with tools such as AWS CodeBuild, AWS CodePipeline, […]

AWS customers look to move quickly and securely when launching new business innovations. The multi-account environment provides guidance to help customers plan their AWS environment. This framework is designed to meet security needs, while maintaining the ability to scale and adapt their environments with changing business demands. The basis of a well-architected multi-account AWS environment […]

Note: This is a June 2020 update to the blog post How to set up a multi-region, multi-account catalog of company standard AWS Service Catalog products. Overview I have seen interest in the native infrastructure template sharing capabilities offered by AWS Service Catalog. For example, my customers share AWS Service Catalog portfolios directly to AWS […]

Introduction Many of the customers that we have worked with are using advanced network architectures in AWS for multi-VPC and multi-account architectures. Placing workloads into separate Amazon Virtual Private Clouds (VPCs) has several advantages, chief among them isolating sensitive workloads and allowing teams to innovate without fear of impacting other systems. Many companies are taking […]

Public and private sector customers are now often working to automate their account creation and operations into the AWS GovCloud (US) Regions. These customers use the AWS GovCloud (US) Regions to access FedRamp certified services and ITAR-governed datasets for multiple accounts. Managing this type of multi-account enterprise footprint with AWS Organizations helps reduce operational costs […]

Introduction If you have deployed Amazon Elastic Compute Cloud (EC2) instances via AWS CloudFormation, you most likely want to install software or configure the operating system of the instance. To accomplish this, you may have used cfn-init, one of the CloudFormation helper scripts available to AWS customers since February 2012. However, since that time AWS […]

As my colleague Ilya Epshteyn introduced in his blog titled “How financial institutions can approve AWS services for highly confidential data,” common across the financial services industry is a formal assessment process for cloud services. These assessment processes vary in depth and breadth, striving to determine which cloud services will be best suited to fulfill […]