AWS Management & Governance Blog

Category: Technical How-to

How to manage cost overruns in your AWS multi-account environment – Part II

How to manage cost overruns in your AWS multi-account environment – Part 2

In the first post of this two-part series, we showed you two approaches for preventing cost overruns in a centralized budget management pattern: Applying a restrictive service control policy (SCP) to an organizational unit (OU). Moving the account to another OU with restrictive SCPs. In this post, we share how you can prevent cost overruns […]

Read More

Using an AWS Service Catalog service action to allow end users to update resources after deployment

Enterprise customers with multiple users want to manage policies on cloud resources like AWS Key Management Service (AWS KMS) and Amazon Simple Storage Service (Amazon S3) to grant access to additional users after the product has been deployed through, for example, AWS CloudFormation templates. In addition, customers want to accomplish this task in a self-service […]

Read More

Diagnose and remediate AWS Security Hub findings with AWS Systems Manager OpsCenter and Explorer

In this post, we will show you how to configure AWS Systems Manager OpsCenter to aggregate security findings from AWS Security Hub into OpsCenter as operational issues. OpsCenter helps operations engineers and IT professionals reduce issue resolution time by providing a central place to view, investigate, and resolve security issues.  AWS Systems Manager Explorer provides […]

Read More

Using AWS CodePipeline to deploy AWS Config conformance packs created with the Rule Development Kit

As consultants, we often help customers manage AWS services using infrastructure as code (IaC). We follow DevOps practices for building, versioning, testing, and deploying services. We also use AWS Config custom and managed rules to evaluate the configuration settings of AWS resources. AWS Config continuously tracks the configuration changes that occur among AWS resources and […]

Read More
AWS Network Firewall logs are ingested into CloudWatch and analyzed through Contributor Insights and CloudWatch Logs Insights.

Use Contributor Insights to analyze AWS Network Firewall

AWS recently launched AWS Network Firewall, a stateful, managed network firewall that provides intrusion detection and prevention for Virtual Private Cloud (Amazon VPC). In a large-scale enterprise environment, it can be difficult and time-consuming to inspect multiple log groups and log streams. Investigating a security incident across a Network Firewall fleet that spans different VPCs […]

Read More

Introducing TypeScript support for building AWS CloudFormation resource types

If you’ve authored private resource types to extend the AWS CloudFormation registry, you might have used Java, Python, or Go, which, until now, were our officially supported languages. In this blog post, we will show you how to create a private resource type using TypeScript, the latest addition to our growing list of officially supported […]

Read More

Multi-step API monitoring using Amazon CloudWatch Synthetics

As customers add more applications, the number of APIs and webpages increase exponentially. The new multi-step HTTP monitoring in Amazon CloudWatch Synthetics offers visibility and helps you proactively solve problems. It helps engineering teams monitor their APIs 24/7 using flexible scripts so that they can maintain SLA compliance. In this post, we show you how […]

Read More
Use AWS License Manager and AWS Systems Manager to discover SQL Server BYOL instances

Use AWS License Manager and AWS Systems Manager to discover SQL Server BYOL instances

Most enterprises find it hard to maintain control of the commercial licensing of Microsoft, SAP, Oracle, and IBM products due to limited visibility. They wind up over-provisioning licenses to avoid the headache with third party license providers or under-provisioning licenses, only to be faced with steep penalties. If your enterprise uses AWS, you can address this […]

Read More

Using Amazon CloudWatch Synthetics to find broken links on your website

Most businesses and professionals build and maintain websites to bring visibility and credibility to their work. These websites often act as a medium for messaging. They shape the online perception of the business. When links on a website are broken, users get frustrated. If they cannot access the information they need, they might take their […]

Read More

AWS Control Tower Detective Guardrails as an AWS Config Conformance Pack

Many of the customers I work with would like to be able to apply AWS Control Tower’s detective guardrails to an existing AWS account before moving them to Control Tower governance. Now that you can launch AWS Control Tower in an existing AWS Organization, customers want to evaluate their existing accounts for compliance with AWS […]

Read More