AWS Cloud Operations & Migrations Blog

Category: Technical How-to

Illustration of the flow of actions between accounts for the Security Hub account association handshake.

Automating AWS Security Hub Alerts with AWS Control Tower lifecycle events

Important Update: As of 23 Nov 2020 the Security Hub service was updated to support direct integration with AWS Organizations. Please see the announcement here regarding a simplified Organization-wide integration for Security Hub and your Control Tower environment. AWS Control Tower is an AWS managed service that automates the creation of a well-architected multi-account AWS […]

Read More
How to Deploy AWS Config Conformance Packs Using Terraform

How to Deploy AWS Config Conformance Packs Using Terraform

This post demonstrates how to enable AWS Config and deploy a sample AWS Config Conformance pack using HashiCorp’s Terraform. AWS Config provides configuration, compliance, and auditing features required for governing your resources and providing security posture assessment at scale. This service lets you create managed rules, which are predefined, customizable rules that AWS Config uses […]

Read More

How to integrate Amazon Managed Service for Prometheus with Slack

Amazon Managed Service for Prometheus is a serverless Prometheus-compatible monitoring service for metrics to securely monitor container environments at scale. Amazon Managed Service for Prometheus lets you utilize open source Prometheus query language (PromQL) to monitor containerized workload performance without having to manage the underlying infrastructure required for the ingestion, storage, alerting, and querying of […]

Read More
Featured Image for the Blog

Govern your applications centrally using AppRegistry and Application Manager

The customers I work with often handle multiple applications in their cloud environments. In general, an application includes multiple AWS resources deployed via AWS CloudFormation stacks, APIs, or other infrastructure as code tools. My customers often ask me about efficient mechanisms for managing the resources and governing the security policies of their resources in an Application […]

Read More
Use Amazon EventBridge rules to run AWS Systems Manager automation in response to CloudWatch Alarms

Use Amazon EventBridge rules to run AWS Systems Manager automation in response to CloudWatch alarms

Since its launch in 2009, Amazon CloudWatch has become the cloud-native choice for a monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers. CloudWatch provides you with data and actionable insights to monitor your applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view […]

Read More

Using AWS Control Tower and AWS Service Catalog to automate Control Tower lifecycle events

Many enterprise customers who use AWS Control Tower to create accounts want a way to extend the account creation process. They want this process to cover common business use cases including the creation of networks, security profiles, governance, and compliance. A manual process manually is cumbersome and makes it difficult for the organization to respond […]

Read More
Operational insights in Systems Manager OpsCenter help you identify duplicate issues and noisy event sources

Operational insights in Systems Manager OpsCenter help you identify duplicate issues and noisy event sources

If you use AWS Systems Manager OpsCenter, you might be familiar with the challenges of large numbers of OpsItems. When the same problem causes the creation of a significant number of OpsItems, it can be hard to see that these OpsItems are in fact the result of a single issue. It can also be difficult […]

Read More
Monitor network throughput of interface VPC endpoints using Amazon Cloudwatch

Monitor network throughput of interface VPC endpoints using Amazon CloudWatch

Security, cost and performance are always a top priority for AWS customers when they design their network. AWS PrivateLink is becoming increasingly popular because it provides secured private connectivity between Amazon Virtual Private Cloud (Amazon VPC), AWS services and your on-premises networks, without exposing your traffic to the public internet. In this blog post, we show you […]

Read More

Automate preapproved operations with AWS Service Catalog service actions

Most of my enterprise customers have the need to allow their users to execute self-service operational tasks while restricting access to a minimum set of services. With AWS Service Catalog, you can provision pre-approved products, when combined with AWS Service Catalog service actions, you can provide simple predefined actions associated with the AWS Service Catalog […]

Read More