AWS Cloud Operations & Migrations Blog

Category: Security, Identity, & Compliance

Delegate AWS Organizations policy management in a multi-account environment

AWS Organizations helps you centrally manage and govern multiple AWS accounts within AWS. You can manage organization structure, add and remove accounts, define configuration using policies, handle consolidated billing, and control multi-account features of integrated AWS services. As your environment grows, your administrators have to manage more accounts and policies which often requires coordination between […]

Consolidate and query AWS CloudTrail data across accounts and regions using AWS CloudTrail Lake

AWS CloudTrail allows tracking of user and API activities across your AWS infrastructure. AWS CloudTrail best practices recommend AWS customers set up separate trails for different use cases such as operational troubleshooting, auditing, security monitoring, etc. Once the use case is accomplished, customers might permanently delete some of the trails but choose to retain their […]

Build Cloud Operations Skills Using the New Getting Started with AWS Audit Manager Training

Are you responsible for your organization’s compliance? Do you want to simplify and automate audit activities? Do you want to make sure your organization is compliant with internal control frameworks and industry standards? If you need to simplify your risk and compliance assessments while automating evidence collection in your AWS cloud environment, then getting started […]

Using AWS Distro for OpenTelemetry and IAM Roles Anywhere on-premises to ingest metrics into Amazon Managed Service for Prometheus

Customers using Prometheus in self-hosted environments face challenges in managing a highly-available, scalable and secure Prometheus server environment, infrastructure for long-term storage, and access control. Amazon Managed Service for Prometheus, a Prometheus-compatible monitoring service for infrastructure and application metrics, solves these problems by providing a fully-managed environment which is tightly integrated with AWS Identity and […]

Use AWS Lambda with AWS Control Tower Audit account to inspect your multi-account setup

When you are building workloads on AWS, you are encouraged to follow a multi-account strategy to isolate workloads into multiple AWS accounts. You can do this to separate your accounts based on different business units, different stages of the software development lifecycle (SDLC) or another manner that is suitable for your organization’s needs. Whichever approach […]

Moving from a single account AWS Config deployment to an Organization wide deployment

As customers become more mature in the cloud, they will start to investigate how they can utilize additional AWS services in order to meet their goals. In many cases the initial phase will involve some research and testing of the service before deploying it across their cloud environment. For customers that may need to maintain […]

Top 10 AWS Cloud Operations and Migrations Blog posts of 2022

With 2022 behind us, we want to take the opportunity to highlight our readers and the top blog posts from 2022. A big thank you to all our readers but also our authors who continue to work on delighting our customers with their blog posts. #1 Announcing AWS CloudTrail Lake – a managed audit and […]

Deploying Custom AWS Config Rules in an AWS Organization Environment

In this post, we will show how you can deploy AWS Config custom rules across accounts in your organization, leveraging the Rules Development Kit (RDK), an open source development kit designed to support intuitive and efficient “Compliance-as-Code” workflows. With AWS Config custom rules, you can define custom logic for the desired configuration state of your […]

Announcing evidence finder for AWS Audit Manager

Today, we’re excited to announce a new search feature that allows customers to perform targeted searches by multiple criteria, group the results and send the data to an assessment report. Customers can more easily find the evidence they need and, organize it without the need to add it to a report. Customers can then generate their […]

Automate the sending of AWS Audit Manager assessment reports

Implementing compliance at scale is not an easy endeavor for customers as they move their workloads to the AWS cloud. Due to the challenges that are posed by cloud environments such as the more ephemeral nature of resources or the dynamic landscape of the cloud, automation is paramount to success. At an enterprise scale the […]