Category: Technical How-to

Amazon CloudWatch provides you with data and actionable insights to monitor the health and performance of your infrastructure and applications hosted on AWS and on-premises servers. CloudWatch dashboards and alarms enable you to to rapidly detect performance issues that affect end user experience. CloudWatch has added the ability to share dashboards with users outside of […]

As a solutions architect with AWS, I work with customers to right-size their Amazon Elastic Compute Cloud (EC2) instances to achieve a balance between performance and cost. Optimization is an iterative task that involves several cycles of making changes, analyzing results, and repeating until you reach a satisfactory state. You need to understand the details […]

In keeping with the principle that identity is the new perimeter, AWS Systems Manager Session Manager provides a mechanism for authenticated and authorized AWS Identity and Access Management (IAM) principals to gain data-plane shell access to Amazon EC2 instances, without setting up a traditional SSH pathway for access. It has become an indispensable tool for […]

In this post, I show how you can use AWS Organizations, AWS Config, and HashiCorp’s Terraform to deploy guardrails at scale. AWS Config provides configuration, compliance, and auditing features that are required for governing your resources and providing security posture assessment at scale. With its recent support for AWS Organizations, AWS Config makes it possible […]

We often use AWS CloudFormation StackSets to automatically deploy infrastructure into many different accounts. Whether they are managed by AWS Control Tower or AWS Organizations, StackSets provide a simple and automated way to handle the creation of resources and infrastructure right after provisioning a new account. You can automatically deploy StackSets to accounts that belong […]

Today AWS X-Ray launches support for notifications to its insights. This means that on an X-Ray group where insights are enabled, you can now configure notifications to be sent to Amazon EventBridge. Through the use of anomaly detection, AWS X-Ray helps you analyze and debug distributed applications. AWS X-Ray Insights uses anomaly detection to create actionable insights […]

Learn with Shree on how to use AWS License Manager public API operations to manage your software licenses in the cloud.

At AWS, we feel strongly that separating application configuration from application code is a best practice. Being able to deploy configuration independently from code makes it possible to build services like Service Quotas and launch new services and features right as we announce them. If we didn’t separate these, even a simple configuration change would […]

My customers have asked how to monitor their AWS environments for potential malicious activity. Many have standardized on using AWS Control Tower to implement a multi-account framework that is governed and based on known AWS best practices. They are also interested in enabling Amazon GuardDuty to supplement this with effective monitoring capabilities. This post shows […]

As many customers adopt AWS Control Tower, they have asked Raphael and me how to add additional governance policies such as the NIST Cybersecurity Framework (CSF) to their environments on top of the guardrails that AWS Control Tower provides. Customers want to enable these additional policies on the AWS Regions where AWS Control Tower is […]