Category: Technical How-to

In this blog post you learn how to visualize AWS CloudTrail events, near real time, using Kibana. This solution is useful if you use an ELK (Elasticsearch, Logstash, Kibana) stack to aggregate logs from all your systems and applications, analyze these logs, and create visualizations for application and infrastructure monitoring. This solution is also useful […]

Application workloads being built for the cloud are getting easier to deploy with tools like Amazon Elastic Kubernetes Service (Amazon EKS) and Amazon Elastic Container Service (Amazon ECS and AWS Fargate), infrastructure as code (IaC), and full-scale DevSecOps pipelines. But there’s more to migrating workloads than ease of development and deployment: application workloads still need […]

Many AWS customers I speak with want to manage their AWS services using infrastructure as code (IaC) and DevOps practices for managing, versioning, and deploying products and portfolios. A best practice is deploying infrastructure templates from a continuous delivery (CD) pipeline with validation. In so doing, you can provide the AWS services your users need […]

Continuous delivery pipelines, combined with infrastructure as code tools like AWS CloudFormation, allow our customers to manage applications in a safe and predictable way. CloudFormation helps customers model and provision their AWS and third-party application resources, with features such as rollback to provide automation and safety. Together with tools such as AWS CodeBuild, AWS CodePipeline, […]

Port forwarding is a useful way to redirect network traffic from one IP address and port number combination to another. With port forwarding, you can access an EC2 instance located in a private subnet from your workstation. In this post, we walk through a use case where customers have a strict security requirement for their […]

This blog post was updated on 7/21/2020 to reflect recent changes to how AWS Service Catalog obtains outputs from provisioned products. For more information see Provisioned product outputs are now available in AWS Service Catalog. You can use AWS Service Catalog to create preconfigured products that your developers can launch. In a large organization, it’s […]

Are you an operations administrator trying to enable common configurations such as agent updates or patch scanning across your company? AWS Systems Manager Quick Setup now supports AWS Organizations. With this feature, Organization master accounts can now easily define configurations for Systems Manager to engage on your behalf across accounts in your Organization. You can […]

As organizations migrate their traditional data centers and applications into the AWS cloud, they also want to modernize their patching mechanisms in order to reap the benefits of operating in the cloud. We find that many customers are looking to move away from Microsoft System Center Configuration Manager (SCCM) for patching, and move towards an […]

In this blog post, we learn how to ingest AWS CloudTrail log data into Amazon CloudWatch to monitor and identify your AWS account activity against security threats, and create a governance framework for security best practices. We will analyze log trail event data in CloudWatch using features such as Logs Insight, Contributor Insights, Metric filters […]

In this blog post, we show you how to configure Attribute-Based Access Control (ABAC) permissions to federate users into AWS Systems Manager Session Manager. We demonstrate how you can use attributes defined in external identity systems as part of the ABAC decisions within AWS, with SAML session tags. For example, you can grant access to […]