AWS Management & Governance Blog

Category: Technical How-to

Viewing permission issues with service-linked roles

Each AWS service requires explicit access to resources, endpoints, and objects that reside in the domain of another service. This is referred to as the permission boundary. Services like AWS Config, Amazon Macie, and AWS GuardDuty require an AWS Identity and Access Management (IAM) role that grants access to resources outside of its control. Understanding […]

Read More
Analyzing Amazon Lex conversation log data with Grafana

Analyzing Amazon Lex conversation log data with Grafana

To support business and internal processes, organizations are increasing their use of conversational interfaces. They offer opportunities for more availability, improved service levels, and reduced costs. As these conversational services become more important, so, too, does the need to monitor performance and effectiveness of these interfaces with analytics and dashboards. This analysis, in turn, is […]

Read More

Open sesame: Granting privileged access to EC2 instances with Session Manager

In this guest blog post, Herman Lee (Cloud Solution Architect, VP) and Nauman Noor (Managing Director) from the public cloud engineering team at State Street discuss their use of AWS Systems Manager Session Manager for privileged access management of Amazon EC2 instances. State Street Corporation is a financial services company responsible for the management, custody, […]

Read More
Manage AWS Managed Microsoft AD resources with Session Manager port forwarding

Manage AWS Managed Microsoft AD resources with Session Manager port forwarding

Active Directory administrators are accustomed to managing domain resources using Remote Server Administrators Tools (RSAT) installed on either their workstations or a member server in the domain.  When it comes to managing resources on a managed Active Directory service, such as the case with AWS Managed Microsoft AD, these tools must be available for administrators […]

Read More
cisco csr vpn

Monitoring Cisco CSR 1000v VPN tunnel and BGP status using Amazon CloudWatch

Many organizations get access to their AWS resources using a Direct Connect connection or a Site-to-Site VPN. AWS Site-to-Site VPN creates a secure connection between your data center or branch office and your AWS cloud resources.  In this post, we will see how to monitor your Cisco CSR VPN tunnel and BGP (Border Gateway Protocol) […]

Read More
Service Catalog AppRegistry graphic

Increase application visibility and governance using AWS Service Catalog AppRegistry

Many customers deploy applications with a multitude of resources using AWS CloudFormation templates.  As customers begin to scale, these templates are often re-used across multiple applications.  At this point, important tasks like identifying deployed applications and understanding which CloudFormation stacks are associated with an application become more difficult. Visibility is an important component of a […]

Read More
Amazon DevOps Guru sends insights to Amazon SNS and Amazon SNS forwards the insights to PagerDuty

Deliver ML-powered operational insights to your on-call teams via PagerDuty with Amazon DevOps Guru

Amazon DevOps Guru, now in preview, is an ML-powered cloud operations service that assists you in improving application availability. It’s easy to set up and use, and leverages machine learning models informed by years of operational expertise in building, scaling, and maintaining highly available applications at Amazon.com. DevOps Guru continuously analyzes streams of disparate data […]

Read More

Manage your Amazon EC2 macOS instances with AWS Systems Manager

Are you using macOS for developing, building, testing, and signing applications for Apple devices? To all the thriving community of millions of developers worldwide building applications on Apple platforms, we at AWS bring you the first ever macOS based compute environments in the public cloud. Yes, you read that right! You can now run macOS […]

Read More

How to aggregate and visualize AWS Health events using AWS Organizations and Amazon Elasticsearch Service

September 8, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. In this post, I show you how to aggregate AWS Health events centrally from all accounts in your organization using AWS Organizations, AWS Lambda, and AWS Health API, and then build automation to ingest and visualize the operations data using […]

Read More

Launch a standardized DevOps pipeline to deploy containerized applications using AWS Service Catalog

As companies implement DevOps practices, they find that standardizing the deployment of the continuous integration and continuous deployment (CI/CD) pipelines is increasingly important. Many end users and developers do not have the ability or time to create their own CI/CD pipelines and processes from scratch for each new project. By using AWS Service Catalog, organizations […]

Read More