AWS Cloud Operations & Migrations Blog

Category: Security, Identity, & Compliance

How Arctic Wolf uses AWS CloudTrail Lake to Simplify Security and Operations

In this post, we’ll discuss how Arctic Wolf is using AWS CloudTrail Lake to simplify compliance, enhance security operations, and obtain new operational insights from their CloudTrail data. Arctic Wolf, the leader in security operations, helps customers protect their organizations from rapidly evolving cyber threats with the Arctic Wolf Security Operations Cloud and Concierge Security® model. As […]

Image for - Prepare for Oracle license audits in AWS using AWS Audit Manager and AWS License Manager

Prepare for Oracle license audits in AWS using AWS Audit Manager and AWS License Manager

Many of our customers who run Oracle databases need help with managing their Oracle licenses on AWS and ensuring that they have not fallen out of compliance with Oracle’s licensing rules. They must be prepared to provide relevant evidence in an auditor-friendly format during an Oracle license audit. Gathering evidence in a timely manner to […]

Use AWS RAM and AWS MGN to Govern your Migration at scale in AWS

Introduction AWS customers consider Lift & Shift as the first increment of value delivery in their cloud adoption journey. Following this strategy customers will have benefits of speed, cost reduction, business agility, operational resiliency, and staff productivity. As part of the migration plan they will adopt a multi-account strategy to establish their AWS foundation at […]

Fine-grained access control in Amazon Managed Grafana using Grafana Teams

Every customer who uses Amazon Managed Grafana as part of their observability or data visualization service has multiple business units or divisions to serve. Users from these business units or divisions must access Amazon Managed Grafana and manage or view their own resources, such as data sources, dashboards, and alerts. Additionally, IT administrators must manage […]

Managing AWS account lifecycle in AWS Control Tower using the Account Close API

AWS Control Tower provides the easiest way for you to set up and govern your AWS environment following prescriptive AWS best practices managed on your behalf. AWS Control Tower orchestrates multiple AWS services (AWS Organizations, AWS CloudFormation StackSets, Amazon Simple Storage Service (Amazon S3), AWS Single Sign-On, AWS Config, AWS CloudTrail) to build a landing […]

Secure cloud assets using AWS Service Catalog’s Attribute Based Access Control

This post describes how Expedia Group protects production database assets from accidental or automated deletion using the new Attribute Based Access Control (ABAC) feature for AWS Service Catalog. We also cover the benefits of scaling using an ABAC strategy and how Expedia incorporated ABAC to their Cerebro platform. Prerequisites AWS Service Catalog AWS Identity and […]

Centralized view of support cases opened from multiple AWS accounts using AWS Systems Manager

AWS Systems Manager Explorer is a customizable operations dashboard that reports information about your AWS resources. Explorer displays an aggregated view of operations data (OpsData) for your AWS accounts and AWS Regions. OpsData also includes information from supporting AWS services, such as AWS Trusted Advisor, AWS Compute Optimizer, and AWS Support Center cases, among other […]

Visualize AWS Service Catalog Product Usage in an AWS Organization with Amazon QuickSight

  AWS Service Catalog is a widely used service that simplifies the management of tools, services, and resources in AWS accounts for organizations. This service empowers end users to provision products vetted by their organization in their environments with confidence in security and compliance. Portfolios are shared with AWS accounts in an AWS Organization, from which […]

Automate vulnerability management and remediation in AWS using Amazon Inspector and AWS Systems Manager – Part 2

This post is the second part of the Automate vulnerability management and remediation series using Amazon Inspector and AWS Systems Manager. This series provides methods for remediating Amazon Inspector findings on-demand using AWS Systems Manager Automation runbooks. In Part 1 of this series, you learned how to remediate Inspector findings for a specific vulnerability affecting […]

Automate vulnerability management and remediation in AWS using Amazon Inspector and AWS Systems Manager – Part 1

AWS recently launched the new Amazon Inspector for performing continuous vulnerability scans on Amazon Elastic Compute Cloud (Amazon EC2) instances and container images stored in Amazon Elastic Container Registry (Amazon ECR). These scans assess software vulnerabilities and unintended network exposure. The new Amazon Inspector uses the Systems Manager (SSM) agent to collect software application inventory […]