AWS Management & Governance Blog

Category: Technical How-to

Automate preapproved operations with AWS Service Catalog service actions

Most of my enterprise customers have the need to allow their users to execute self-service operational tasks while restricting access to a minimum set of services. With AWS Service Catalog, you can provision pre-approved products, when combined with AWS Service Catalog service actions, you can provide simple predefined actions associated with the AWS Service Catalog […]

Read More
How to create a change template using AWS Systems Manager Change Manager

How to create a change template using AWS Systems Manager Change Manager

AWS Systems Manager Change Manager, a capability of AWS Systems Manager, is an enterprise change management framework for requesting, approving, implementing, and reporting on operational changes to your application configuration and infrastructure. With Change Manager, you can use preapproved change templates to help automate change processes for your resources and help avoid unintentional results when […]

Read More
Use AWS License Manager API operations to manage your Oracle licenses based on Oracle cloud policy

Use AWS License Manager API operations to manage your Oracle licenses based on Oracle cloud policy

Learn with Shree on how to use AWS License Manager API operations to manage your Oracle licenses (for databases running on Amazon RDS for Oracle, Amazon EC2 and on-premises servers) based on Oracle cloud policy. Additionally, learn how to use the built-in integration of License Manager API operations with AWS CloudTrail to prepare for vendor audit.

Read More
Featured Image for Blog Post with title 'Use AWS CloudWatch Contributor Insights to monitor AWS Foundations Benchmark Controls"

Use AWS CloudWatch Contributor Insights to monitor CIS AWS Foundations Benchmark controls

Contributor Insights is a feature of AWS CloudWatch that can be used to analyze log data to create time series that displays contributor data. This will help you understand who or what is impacting your system and application performance by identifying top talkers, pinpointing outliers, finding the heaviest traffic patterns, and ranking the top system […]

Read More
Automating shared VPC deployments with AWS CloudFormation

Automating shared VPC deployments with AWS CloudFormation

VPC sharing allows customers to share subnets from a central AWS account with other AWS accounts in the same organization created in AWS Organizations. Centralized control of your virtual private cloud (VPC) structure allows you to maintain separation of duties through AWS account boundaries. A best practice for creating VPCs and other resources in the AWS […]

Read More
How to manage cost overruns in your AWS multi-account environment – Part I

How to manage cost overruns in your AWS multi-account environment – Part 1

AWS provides a flexible and secure environment where you can experiment, innovate, and scale more quickly. As you build and deploy your workloads, you need mechanisms to isolate your resources (for example, a resource container). You can use multiple AWS accounts for this purpose. An AWS account provides natural security, access, and billing boundaries for […]

Read More
How to manage cost overruns in your AWS multi-account environment – Part II

How to manage cost overruns in your AWS multi-account environment – Part 2

In the first post of this two-part series, we showed you two approaches for preventing cost overruns in a centralized budget management pattern: Applying a restrictive service control policy (SCP) to an organizational unit (OU). Moving the account to another OU with restrictive SCPs. In this post, we share how you can prevent cost overruns […]

Read More

Using an AWS Service Catalog service action to allow end users to update resources after deployment

Enterprise customers with multiple users want to manage policies on cloud resources like AWS Key Management Service (AWS KMS) and Amazon Simple Storage Service (Amazon S3) to grant access to additional users after the product has been deployed through, for example, AWS CloudFormation templates. In addition, customers want to accomplish this task in a self-service […]

Read More

Diagnose and remediate AWS Security Hub findings with AWS Systems Manager OpsCenter and Explorer

In this post, we will show you how to configure AWS Systems Manager OpsCenter to aggregate security findings from AWS Security Hub into OpsCenter as operational issues. OpsCenter helps operations engineers and IT professionals reduce issue resolution time by providing a central place to view, investigate, and resolve security issues.  AWS Systems Manager Explorer provides […]

Read More

Using AWS CodePipeline to deploy AWS Config conformance packs created with the Rule Development Kit

As consultants, we often help customers manage AWS services using infrastructure as code (IaC). We follow DevOps practices for building, versioning, testing, and deploying services. We also use AWS Config custom and managed rules to evaluate the configuration settings of AWS resources. AWS Config continuously tracks the configuration changes that occur among AWS resources and […]

Read More