AWS Cloud Operations & Migrations Blog
Category: *Post Types
Enabling AWS IAM Access Analyzer on AWS Control Tower accounts
Many of the customers we work with look for ways to manage compliance and gain additional insights across their AWS multi-account organization from a central location. We often begin the discussion with AWS Control Tower, as it offers the easiest way to set up and govern a multi-account AWS environment. AWS Control Tower is an […]
Automating the discovery of licensed software using AWS License Manager
Software license management often comes with the challenges of staying compliant, controlling overages, and managing vendor audits. Significant time and manual effort go into making sure that software license inventories are updated and ready for auditing. Bringing cloud infrastructure into the picture, with the ability to spin up virtual servers in minutes, means that managing […]
Implementing Serverless Transit Network Orchestrator (STNO) in AWS Control Tower
Introduction Many of the customers that we have worked with are using advanced network architectures in AWS for multi-VPC and multi-account architectures. Placing workloads into separate Amazon Virtual Private Clouds (VPCs) has several advantages, chief among them isolating sensitive workloads and allowing teams to innovate without fear of impacting other systems. Many companies are taking […]
Deploy AWS Config Rules and Conformance Packs using a delegated admin
AWS Config Rules allow customers to evaluate the configuration of resources against best practices and perform remediation when specified configuration policies are not being followed. Using AWS Config Conformance Packs, customers can create a collection of AWS Config rules and remediation actions in a single pack that can be deployed across AWS Organizations. This provides […]
Automate account creation and resource provisioning for AWS GovCloud(US), using AWS Service Catalog, AWS Organizations, and AWS Lambda
Public and private sector customers are now often working to automate their account creation and operations into the AWS GovCloud (US) Regions. These customers use the AWS GovCloud (US) Regions to access FedRamp certified services and ITAR-governed datasets for multiple accounts. Managing this type of multi-account enterprise footprint with AWS Organizations helps reduce operational costs […]
Managing AWS Organizations accounts using AWS Config and AWS CloudFormation StackSets
AWS Organizations enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage. Organizations includes consolidated billing and account management capabilities that enable you to better meet your business’s budgetary, security, and compliance needs. As an administrator of an organization, you can create member accounts in your organization and invite […]
Using State Manager over cfn-init in CloudFormation and its benefits
Introduction If you have deployed Amazon Elastic Cloud Compute (EC2) instances via AWS CloudFormation, you most likely want to install software or configure the operating system of the instance. To accomplish this, you may have used cfn-init, one of the CloudFormation helper scripts available to AWS customers since February 2012. However, since that time AWS […]
Manage your Oracle JDK licenses with AWS License Manager
You can use AWS License Manager to track Oracle Java/JDK usage on Amazon Elastic Compute Cloud (Amazon EC2) instances and on-premises servers. If you’re already running Amazon Corretto (Amazon’s distribution of the OpenJDK), then you can probably stop reading now. This blog explains how License Manager can track license usage of other applications in your […]
How to optimize assessment of cloud services
As my colleague Ilya Epshteyn introduced in his blog titled “How financial institutions can approve AWS services for highly confidential data,” common across the financial services industry is a formal assessment process for cloud services. These assessment processes vary in depth and breadth, striving to determine which cloud services will be best suited to fulfill […]
Improve monitoring efficiency using Amazon CloudWatch Composite Alarms
OVERVIEW Amazon CloudWatch alarms help customers improve infrastructure monitoring efficiency by reducing the time to detect, triage, and diagnose issues that impact workload performance. CloudWatch alarms can be used extensively as a means to alert customers when application and infrastructure metrics exceed static or dynamically set thresholds. On March 4, 2020 AWS released CloudWatch composite alarms to extend existing […]