Category: AWS Identity and Access Management (IAM)

Organizations want their developers to provision resources that they need to build applications while maintaining compliance with security, operational, and cost optimization best practices. Most solutions today inform customers about noncompliant resources only after those resources have been provisioned. These noncompliant resources exist until they are deleted or modified and increase security risk, operational overhead, […]

In a previous blog post, we provided a walkthrough of how to fix unreachable Amazon EC2 Windows instances using the EC2Rescue for Windows tool. In this blog post, I will walk you through how to utilize EC2Rescue for Linux to fix unreachable Linux instances. This Knowledge Center Article describes how EC2Rescue for Linux can be used to […]

In response to customer requests, Amazon Managed Grafana now supports direct Security Assertion Markup Language (SAML) 2.0 integration, without the need to go through AWS Identity and Access Management (AWS IAM) or AWS Single Sign-On (AWS SSO). SAML authentication support enables you to use your existing identity provider to offer single sign-on for logging into […]

Solutions providers who engage with their end customers in a resale arrangement must manage different business models and support delivery models. AWS Organizations makes it possible to build the right account structure to support a resale arrangement. Monthly end-customer invoicing often poses a huge challenge in a shared resale arrangement, where you need to know […]

Logging and monitoring are critical components of a governance, risk, and compliance strategy. When you use AWS CloudTrail with AWS Organizations, you get an eagle-eye view of account activity across your AWS infrastructure. However, as your enterprise scales workloads in the cloud and accelerates cloud use, the logs can increase exponentially. Over time, you can […]

In this blog post, I show you how to set up public holidays calendars using AWS Systems Manager Change Calendar and suspend your AWS CodePipeline pipelines during the critical holidays in these calendar events. For example, let’s say an application release pipeline in your AWS account builds and deploys a new version of the application […]

This blog post was contributed by Kanishk Mahajan, AWS and Maya Neelakandhan, CloudKnox As you migrate your workloads to the cloud or operate your existing workloads in the cloud it would be ideal if every application was deployed with the exact permissions that it required. In practice, however, the effort required to determine the precise […]

This post is the last in a series on how to build customizations using AWS CloudFormation. In part 1, we introduced you to cfn-response and crhelper and discussed the scenarios they are best suited for. In part 2, we addressed a coverage gap in our public roadmap and showed you how to build an AWS […]

This post is the second in a series on how to build customizations using AWS CloudFormation. In part 1, we showed you how to develop customizations using cfn-response and crhelper and shared the scenarios they are best suited for. In this post, we’ll use AWS CloudFormation macros to address some of the coverage gaps identified […]

Customers who manage multiple AWS accounts in AWS Organizations can use service control policies (SCPs) to centrally manage permissions in their environment. SCPs can be applied to an organization unit (OU), account, or entire organization to restrict the maximum permissions that can be applied in the scoped AWS accounts. In this post, we are going to explore the use of SCPs to restrict an AWS account to read-only access.