AWS Management & Governance Blog

Category: Security, Identity, & Compliance

Simplifying setup for new accounts using Service Quotas

Service Quotas enables you to view and manage your quotas for AWS services from a central location. You can currently view and manage over 100 services, such as Amazon VPC, Amazon DynamoDB, and Amazon RDS. Recently, we made it easier to manage quotas for Amazon EC2 with vCPU-based On-Demand Instance limits, which reduce the number […]

Read More

Enabling experimentation and innovation in the cloud at SulAmérica Seguros

SulAmérica Seguros is Brazil’s largest independent insurer. The company offers one-stop shopping with a diversified business offering (healthcare; auto insurance; life insurance; pension plans; savings bonds; and asset management). Founded in 1895, SulAmérica is Brazil’s: Third largest insurer in the healthcare and dental market Fifth largest in the auto insurance market Ninth largest in the […]

Read More

How to Detect and Mitigate Guardrail Violation with AWS Control Tower

Many companies that I work with would like to innovate fast in the cloud by adopting a self-service infrastructure provisioning model in a multi-account environment. However, maintaining security and governance in such a model is an organizational challenge. Without structured guardrails and baseline configuration enforcement, troubleshooting and mitigating risk can be cumbersome. AWS Control Tower […]

Read More

Enabling self-service provisioning of AWS resources with AWS Control Tower

Customers provision new accounts in AWS Control Tower whenever they are on-boarding new business units or setting up application workloads. In some cases, organizations also want their cloud users, developers, and data scientists to deploy self-service standardized and secure patterns and architectures with the new account. Here are a few examples: A developer or cloud […]

Read More

Packaging to Distribution – Using AWS Systems Manager Distributor to deploy Datadog

AWS Systems Manager Distributor automates the process of packaging and publishing software to managed Windows and Linux instances across the cloud landscape, as well as to on-premises servers, through a single simplified interface. Customers can now leverage AWS Systems Manager Distributor to package custom software like monitoring agents and security agents, and then distribute them […]

Read More

Enable self-service, secured data science using Amazon SageMaker notebooks and AWS Service Catalog

by Sanjay Garje and Vebhhav (Veb) Singh Enterprises of all sizes are moving to the AWS Cloud. We hear from leadership of those enterprise teams that they are looking to provide a safe, cost-governed way to provide easy access to Amazon SageMaker to promote experimentation with data science to unlock new business opportunities and disrupt […]

Read More

Managing AWS resources across multiple accounts and Regions using AWS Systems Manager Automation

AWS Systems Manager Automation simplifies common administrative and maintenance tasks of AWS resources. Using Systems Manager Automation, you can execute predefined tasks/workflows in the form of AWS Systems Manager documents (SSM documents) that you can write yourself or use community published documents. A SSM document defines the actions that Systems Manager performs on your AWS […]

Read More

Automate account creation, and resource provisioning using AWS Service Catalog, AWS Organizations, and AWS Lambda

As an organization expands its use of AWS services, there is often a conversation about the need to create multiple AWS accounts to ensure separation of business processes or for security, compliance, and billing. Many of the customers we work with use separate AWS accounts for each business unit so they can meet the different […]

Read More

Using AWS Systems Manager Parameter Store Secure String parameters in AWS CloudFormation templates

When using AWS CloudFormation templates to code your infrastructure, you should consider applying best practices to improve the maintainability of your code. Further, these best practices should be augmented by guidelines like those outlined for twelve-factor apps, which are targeted at optimizing applications for continuous deployment. Of these factors, you should note that you should […]

Read More

Automating processes for handling and remediating AWS Abuse alerts

Introduction AWS Abuse addresses many different types of potentially abusive activity such as phishing, malware, spam, and denial of service (DoS)/ distributed denial of service (DDoS) incidents. When abuse is reported, we alert customers so they can take the remediation action that is necessary. Customers want to build automation for handling abuse events and the […]

Read More