AWS Management & Governance Blog

Category: Technical How-to

Figure 1: CloudTrail Process Flow

How to optimize AWS CloudTrail costs by using advanced event selectors

AWS CloudTrail can be used for security, monitoring restricted API calls, notification of threshold breaches, operational issues, filtering mechanisms for isolating data, faster root cause identification, and speedy resolution. CloudTrail can also be used for various compliance and governance controls, by helping you achieve compliance by logging API calls and changes to resources. Event selectors […]

Read More

Standardize with speed using AWS Service Catalog stack import

If you’ve used AWS Service Catalog, you probably know how it helps organizations increase standardization, encourage compliance, and improve speed and agility. This is done by enabling central administrators to publish and manage a standard set of compliant products that users can consume in a self-service manner. Customers often start by creating an AWS CloudFormation-based product in […]

Read More

Manage Amazon CloudWatch agent deployment at scale using the AWS Cloud Development Kit to optimize AWS usage

In this blog post, we will show you how you can programmatically deploy the Amazon CloudWatch agent using the AWS Cloud Development Kit (AWS CDK) as you create your Amazon Elastic Compute Cloud (Amazon EC2) instances. You can use the command line, AWS Systems Manager, and AWS CloudFormation to install the CloudWatch agent on your EC2 instances. We also recently announced that the […]

Read More

Four ways to retrieve any AWS service property using AWS CloudFormation (Part 3 of 3)

This post is the last in a series on how to build customizations using AWS CloudFormation. In part 1, we introduced you to cfn-response and crhelper and discussed the scenarios they are best suited for. In part 2, we addressed a coverage gap in our public roadmap and showed you how to build an AWS […]

Read More

Four ways to retrieve any AWS service property using AWS CloudFormation (Part 2 of 3)

This post is the second in a series on how to build customizations using AWS CloudFormation. In part 1, we showed you how to develop customizations using cfn-response and crhelper and shared the scenarios they are best suited for. In this post, we’ll use AWS CloudFormation macros to address some of the coverage gaps identified […]

Read More

Monitor and scale your Amazon ECS on AWS Fargate application using Prometheus metrics

If you’ve ever run a containerized workload, you know that it can be tricky to check what’s happening in your container. In this blog post, I show how you can monitor and scale your Amazon Elastic Container Service (Amazon ECS) on AWS Fargate application using Prometheus metrics. Although there is more information about Prometheus already […]

Read More

Visualizing AWS Config data using Amazon Athena and Amazon QuickSight

In this guest post, Henrik André Olsen, Solutions Architect, discusses how he visualized AWS Config data in Amazon QuickSight dashboards with a high value for the Danish insurance company Topdanmark.  If you are an AWS Config user, you are probably already familiar with how to use the AWS Config console to access data, but it’s […]

Read More

Building secure Amazon SageMaker access URLs with AWS Service Catalog

Many customers need a secure method to access Amazon SageMaker notebooks within their private network without logging in to the AWS console, or using the AWS CLI/SDKs. This may be desired for enhanced security or to provide an easier self-service path for data scientists. In this blog post, we show you a how to connect […]

Read More

Automate AWS Backups with AWS Service Catalog

If you’re an organization with multiple AWS accounts and independent teams, cloud governance can seem a daunting task. The complexities of balancing developer velocity with centralized governance risks can slow down the innovation you’re trying to speed up. Fortunately, AWS Service Catalog, and AWS Backup help to implement a well-architected approach to self-service while meeting […]

Read More
ReadOnly SCP Post Featured Image

How to implement a read-only service control policy (SCP) for accounts in AWS Organizations

Customers who manage multiple AWS accounts in AWS Organizations can use service control policies (SCPs) to centrally manage permissions in their environment. SCPs can be applied to an organization unit (OU), account, or entire organization to restrict the maximum permissions that can be applied in the scoped AWS accounts. In this post, we are going to explore the use of SCPs to restrict an AWS account to read-only access.

Read More