Category: Technical How-to

Amazon CloudWatch lets customers collect monitoring and operational data in the form of logs, metrics, and alarms. This allows for easy visualization and notifications regarding their workload health. Amazon CloudWatch dashboards are customizable home pages in the CloudWatch console that you can use to monitor your resources in a single view, even those resources that […]

AWS Identity offers a set of features that let customers apply preventive controls to their AWS environment. This includes AWS Organizations service control policies (SCPs). For you to achieve common preventive controls, SCPs provide preventative enforcement by offering central control over the maximum available permissions for all accounts in your organization. SCPs affect all users and roles […]

The updated version (June 2022) that follows is based on working backward from a customer need to understand Service Level Objectives (“SLOs”) and the benefits from monitoring SLOs. This post was originally written in Nov 2021 by Natalia Sikora-Zimna, Product Owner at Nobl9. A service can be provided by infrastructure, a platform, software, or people. […]

Important Update: As of 23 Nov 2020 the Security Hub service was updated to support direct integration with AWS Organizations. Lifecycle events are no longer the recommended way to enable Security Hub. Please utilize Security Hub’s native integration with AWS Organizations. You can also refer to this blog, which walks through how to enable GuardDuty […]

This post demonstrates how to enable AWS Config and deploy a sample AWS Config Conformance pack using HashiCorp’s Terraform. AWS Config provides configuration, compliance, and auditing features required for governing your resources and providing security posture assessment at scale. This service lets you create managed rules, which are predefined, customizable rules that AWS Config uses […]

Amazon Managed Service for Prometheus is a serverless Prometheus-compatible monitoring service for metrics to securely monitor container environments at scale. Amazon Managed Service for Prometheus lets you utilize open source Prometheus query language (PromQL) to monitor containerized workload performance without having to manage the underlying infrastructure required for the ingestion, storage, alerting, and querying of […]

The customers I work with often handle multiple applications in their cloud environments. In general, an application includes multiple AWS resources deployed via AWS CloudFormation stacks, APIs, or other infrastructure as code tools. My customers often ask me about efficient mechanisms for managing the resources and governing the security policies of their resources in an Application […]

Software as a service (SaaS) companies have many options when they implement multi-tenancy in their applications. The AWS SaaS Factory Program provides recommendations for different deployment patterns depending on factors such as cost, compliance, and end-customer requirements. You might find that silo methods like VPC-per-tenant are not sufficient. Your application might be in a highly […]

Learn with Shree on how to simplify your canary by batching multiple URLs in Amazon CloudWatch Synthetics.

Since its launch in 2009, Amazon CloudWatch has become the cloud-native choice for a monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers. CloudWatch provides you with data and actionable insights to monitor your applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view […]