Category: Thought Leadership

The first post in this series, Reinventing automated operations (Part I), covered the importance of operations in the cloud and how deferring the creation of an operations plan can slow down your migration. In this post, I’ll share the primary mechanism of iterative improvement (aka flywheel) that AWS Managed Services (AMS) uses to increase operational […]

AWS provides a flexible and secure environment where you can experiment, innovate, and scale more quickly. As you build and deploy your workloads, you need mechanisms to isolate your resources (for example, a resource container). You can use multiple AWS accounts for this purpose. An AWS account provides natural security, access, and billing boundaries for […]

In the first post of this two-part series, we showed you two approaches for preventing cost overruns in a centralized budget management pattern: Applying a restrictive service control policy (SCP) to an organizational unit (OU). Moving the account to another OU with restrictive SCPs. In this post, we share how you can prevent cost overruns […]

The Three Lines Model developed by the Institute of Internal Auditors (IIA) helps organizations identify structures and processes to facilitate strong governance and risk management. In that model, the first-line function manages risk, the second-line function oversees risk and the third-line function provides objective and independent assurance of risk management. According to a Deloitte analysis […]

You can use AWS Organizations to centrally manage and govern multiple accounts within your AWS organization. The service includes a management account, which has permissions to create accounts and manage and govern underlying infrastructure. The management account has wide permissions and access to accounts within the organization, so it should only be used for absolutely […]

This is the first in a two-part series that covers lessons learned at AWS Managed Services (AMS) as we help customers and partners achieve operational excellence on AWS. To create a secure and consistent cloud operating model, you need both operational experience and AWS skills. In my conversations with customers, it is common for experienced […]

In this blog post, we show you how to separate configuration from code, explain the differences between dynamic and static configuration, and help you determine which values to use in your dynamic configuration. We also share processes to keep bloat down in your application configuration. Finally, we introduce you to AWS AppConfig, which allows you […]

This blog post was contributed by Kanishk Mahajan, AWS and Maya Neelakandhan, CloudKnox As you migrate your workloads to the cloud or operate your existing workloads in the cloud it would be ideal if every application was deployed with the exact permissions that it required. In practice, however, the effort required to determine the precise […]

Organizations use multiple environments, each with different security and compliance controls, as part of their deployment pipeline. Following the principle of least privilege, production environments have the most restrictive security and compliance controls. They tightly limit who can access the environment and which actions each user (or principal) can perform. Development and test environments also […]

If you’ve used AWS Service Catalog, you probably know how it helps organizations increase standardization, encourage compliance, and improve speed and agility. This is done by enabling central administrators to publish and manage a standard set of compliant products that users can consume in a self-service manner. Customers often start by creating an AWS CloudFormation-based product in […]