AWS Management & Governance Blog

Category: Technical How-to

Improve governance and business agility using AWS Management and Governance videos – part 2

This blog post highlights newly published videos on the AWS Management and Governance YouTube channel that help you enable, provision, and operate your AWS environments effectively. The first part of this blog series was published last spring. The objective of these video-based, hands-on solutions is to enable you to innovate faster while maintaining control over […]

Read More
Customizing account configuration with AWS Control Tower lifecycle events

Customizing account configuration with AWS Control Tower lifecycle events

In this blog post, we show how to customize the networking configuration in an AWS account. For example by deleting the default VPCs in all AWS Regions, using AWS Resource Access Manager to share the appropriate VPC subnets and using AWS Firewall Manager to apply security groups to VPCs in the account.

Read More

Using AWS Systems Manager OpsCenter and AWS Config for compliance monitoring

In this post, I show how AWS Systems Manager OpsCenter can be used to centrally record and mitigate alerts from AWS Config.  When AWS Config detects a resource that is out of compliance, an OpsItem is created.  This OpsItem is used to track details of the noncompliant resource, record investigative actions, and provide access to […]

Read More

Distributed Tracing using AWS Distro for OpenTelemetry

More and more applications are being developed using serverless architectures with multiple microservices. Customers use managed AWS services including AWS Lambda, Amazon ECS and Amazon EKS running on Amazon Elastic Cloud Compute (EC2) and AWS Fargate for running their code along with services like Amazon API Gateway, Amazon SNS, Amazon SQS, Amazon DynamoDB, Amazon S3, and others. Developers use multiple […]

Read More

Communicate monitoring information by sharing Amazon CloudWatch dashboards

Amazon CloudWatch provides you with data and actionable insights to monitor the health and performance of your infrastructure and applications hosted on AWS and on-premises servers. CloudWatch dashboards and alarms enable you to to rapidly detect performance issues that affect end user experience. CloudWatch has added the ability to share dashboards with users outside of […]

Read More

Use AWS Systems Manager Explorer to optimize your compute resources across your AWS Organizations

As a solutions architect with AWS, I work with customers to right-size their Amazon Elastic Cloud Compute instances to achieve a balance between performance and cost. Optimization is an iterative task that involves several cycles of making changes, analyzing results, and repeating until you reach a satisfactory state. You need to understand the details of […]

Read More

AWS Organizations, AWS Config, and Terraform

In this post, I show how you can use AWS Organizations, AWS Config, and HashiCorp’s Terraform to deploy guardrails at scale. AWS Config provides configuration, compliance, and auditing features that are required for governing your resources and providing security posture assessment at scale. With its recent support for AWS Organizations, AWS Config makes it possible […]

Read More

AWS CloudFormation StackSet Orchestration: Automated deployment using AWS Step Functions

We often use AWS CloudFormation StackSets to automatically deploy infrastructure into many different accounts. Whether they are managed by AWS Control Tower or AWS Organizations, StackSets provide a simple and automated way to handle the creation of resources and infrastructure right after provisioning a new account. You can automatically deploy StackSets to accounts that belong […]

Read More
AWS AppConfig Lambda Extension

Deploying application configuration to serverless: introducing the AWS AppConfig Lambda extension

At AWS, we feel strongly that separating application configuration from application code is a best practice. Being able to deploy configuration independently from code makes it possible to build services like Service Quotas and launch new services and features right as we announce them. If we didn’t separate these, even a simple configuration change would […]

Read More