AWS Cloud Operations & Migrations Blog
Category: AWS Identity and Access Management (IAM)
How to configure AWS Migration Strategy Recommendations service and plan migration and modernization pathways for your on-premises workloads
Introduction Customers that have decided to migrate their workloads from their on-premise VMware environments to AWS cloud and want to analyze and generate automated migration strategy recommendation patterns (based on the 7Rs) should look into implementing AWS Migration Hub Strategy Recommendations (Strategy Recommendations). Strategy Recommendations is a free AWS tool that helps customers to plan […]
How to grant least privilege access to third-parties on your private EC2 instances with AWS Systems Manager
AWS Systems Manager Session Manager provides a more secure way to manage your Amazon Elastic Compute Cloud (EC2) instances without the need to open inbound ports, maintain bastion hosts, or manage SSH keys. Furthermore, you can use it with a combination of AWS services to give access to external third-parties. Due to business requirements, you […]
Create event-driven workflow with AWS Resource Groups lifecycle events
AWS Resource Groups recently announced a new feature that pushes group lifecycle changes to Amazon EventBridge. A resource group is a collection of AWS resources, in the same AWS Region, that are grouped either using a tag-based query, or AWS CloudFormation stack-based query, and group lifecycle events make it easier for AWS customers to receive […]
Enhance Amazon EKS Containerized Application Resilience with AWS Resilience Hub
Building and managing resilient, micro-service based Containerized applications in a distributed environment is hard; maintaining and operating them is even harder. Even though containerized applications running on Amazon Elastic Kubernetes Service (Amazon EKS) take advantage of the performance, scale, reliability, and availability of AWS infrastructure which, we need to understand that failures will occur and […]
Using AWS Distro for OpenTelemetry and IAM Roles Anywhere on-premises to ingest metrics into Amazon Managed Service for Prometheus
Customers using Prometheus in self-hosted environments face challenges in managing a highly-available, scalable and secure Prometheus server environment, infrastructure for long-term storage, and access control. Amazon Managed Service for Prometheus, a Prometheus-compatible monitoring service for infrastructure and application metrics, solves these problems by providing a fully-managed environment which is tightly integrated with AWS Identity and […]
Managing AWS account lifecycle in AWS Control Tower using the Account Close API
AWS Control Tower provides the easiest way for you to set up and govern your AWS environment following prescriptive AWS best practices managed on your behalf. AWS Control Tower orchestrates multiple AWS services (AWS Organizations, AWS CloudFormation StackSets, Amazon Simple Storage Service (Amazon S3), AWS Single Sign-On, AWS Config, AWS CloudTrail) to build a landing […]
Secure cloud assets using AWS Service Catalog’s Attribute Based Access Control
This post describes how Expedia Group protects production database assets from accidental or automated deletion using the new Attribute Based Access Control (ABAC) feature for AWS Service Catalog. We also cover the benefits of scaling using an ABAC strategy and how Expedia incorporated ABAC to their Cerebro platform. Prerequisites AWS Service Catalog AWS Identity and […]
Auto-scaling Amazon EC2 using Amazon Managed Service for Prometheus and alert manager
Customers want to migrate their existing Prometheus workloads to the cloud and utilize all that the cloud offers. AWS has services like Amazon EC2 Auto Scaling, which lets you scale out Amazon Elastic Compute Cloud (Amazon EC2) instances based on metrics like CPU or memory utilization. Applications that use Prometheus metrics can easily integrate into […]
Monitoring Amazon EMR on EKS with Amazon Managed Prometheus and Amazon Managed Grafana
Apache Spark is an open-source lightning-fast cluster computing framework built for distributed data processing. With the combination of Cloud, Spark delivers high performance for both batch and real-time data processing at a petabyte scale. Spark on Kubernetes is supported from Spark 2.3 onwards, and it gained a lot of traction among enterprises for high performance and […]
Codify your best practices using service control policies: Part 2
I introduced the fundamental concepts of service control policies (SCPs) in the previous post. We discussed what SCPs are, why you should create SCPs, the two approaches you can use to implement SCPs, and how to iterate and improve SCPs as your workload and business needs change. In this post, I will discuss how you […]