AWS Management & Governance Blog

Category: Thought Leadership

Maximize cloud investment value through operational excellence using AWS Managed Services

Maximize cloud investment value through operational excellence using AWS Managed Services

In this blog post, I share my observations as an AMS Solutions Architect on how achieving operational excellence can help organizations realize their cloud business objectives while migrating to AWS. I dive deep into the five design principles that AWS Managed Services (AMS) uses to achieve operational excellence. Amazon is guided by four principles: customer […]

Read More
AWS AppConfig: The Amazon service that helps you scale for large events like Prime Day

AWS AppConfig: The Amazon service that helps you scale for large events like Prime Day

Amazon uses a number of AWS services to help meet increased traffic and demand during Prime Day events. As Jeff Barr has mentioned in his previous blog posts, some key services used in Prime Day include: Amazon DynamoDB handles the trillions of Prime Day requests. Amazon Interactive Video Service (Amazon IVS) enables shoppers to shop […]

Read More
automated operations cloud operating model

Reinventing automated operations (Part II)

The first post in this series, Reinventing automated operations (Part I), covered the importance of operations in the cloud and how deferring the creation of an operations plan can slow down your migration. In this post, I’ll share the primary mechanism of iterative improvement (aka flywheel) that AWS Managed Services (AMS) uses to increase operational […]

Read More
How to manage cost overruns in your AWS multi-account environment – Part I

How to manage cost overruns in your AWS multi-account environment – Part 1

AWS provides a flexible and secure environment where you can experiment, innovate, and scale more quickly. As you build and deploy your workloads, you need mechanisms to isolate your resources (for example, a resource container). You can use multiple AWS accounts for this purpose. An AWS account provides natural security, access, and billing boundaries for […]

Read More
How to manage cost overruns in your AWS multi-account environment – Part II

How to manage cost overruns in your AWS multi-account environment – Part 2

In the first post of this two-part series, we showed you two approaches for preventing cost overruns in a centralized budget management pattern: Applying a restrictive service control policy (SCP) to an organizational unit (OU). Moving the account to another OU with restrictive SCPs. In this post, we share how you can prevent cost overruns […]

Read More

Integrate across the Three Lines Model (Part 1): Build a custom automation of AWS Audit Manager with AWS Security Hub

The Three Lines Model developed by the Institute of Internal Auditors (IIA) helps organizations identify structures and processes to facilitate strong governance and risk management. In that model, the first-line function manages risk, the second-line function oversees risk and the third-line function provides objective and independent assurance of risk management. According to a Deloitte analysis […]

Read More
Using delegated admin for AWS Config operations and aggregation - AWS management and Governance blog

Using delegated admin for AWS Config operations and aggregation

You can use AWS Organizations to centrally manage and govern multiple accounts within your AWS organization. The service includes a management account, which has permissions to create accounts and manage and govern underlying infrastructure. The management account has wide permissions and access to accounts within the organization, so it should only be used for absolutely […]

Read More
automated operations cloud operating model

Reinventing automated operations (Part I)

This is the first in a two-part series that covers lessons learned at AWS Managed Services (AMS) as we help customers and partners achieve operational excellence on AWS. To create a secure and consistent cloud operating model, you need both operational experience and AWS skills. In my conversations with customers, it is common for experienced […]

Read More
Decision-making framework for configuration with AWS AppConfig

Decision-making framework for configuration with AWS AppConfig

In this blog post, we show you how to separate configuration from code, explain the differences between dynamic and static configuration, and help you determine which values to use in your dynamic configuration. We also share processes to keep bloat down in your application configuration. Finally, we introduce you to AWS AppConfig, which allows you […]

Read More

Continuous permissions rightsizing to ensure least privileges in AWS using CloudKnox and AWS Config

This blog post was contributed by Kanishk Mahajan, AWS and Maya Neelakandhan, CloudKnox As you migrate your workloads to the cloud or operate your existing workloads in the cloud it would be ideal if every application was deployed with the exact permissions that it required. In practice, however, the effort required to determine the precise […]

Read More