AWS Management & Governance Blog

Category: Compliance

Maximize cloud investment value through operational excellence using AWS Managed Services

Maximize cloud investment value through operational excellence using AWS Managed Services

In this blog post, I share my observations as an AMS Solutions Architect on how achieving operational excellence can help organizations realize their cloud business objectives while migrating to AWS. I dive deep into the five design principles that AWS Managed Services (AMS) uses to achieve operational excellence. Amazon is guided by four principles: customer […]

Read More
Ensure license compliance in AWS for ISVs using ISV seller-issued licenses

Ensure license compliance in AWS for ISVs using ISV seller-issued licenses

AWS License Manager helps reduce the risk of noncompliance by providing independent software vendors (ISVs) with a centralized AWS account and built-in controls to ensure only approved users and workloads can consume licenses. ISVs can use License Manager to manage and distribute software licenses to end users with and without AWS accounts. As an issuer, […]

Read More
Use AWS License Manager API operations to manage your Oracle licenses based on Oracle cloud policy

Use AWS License Manager API operations to manage your Oracle licenses based on Oracle cloud policy

Learn with Shree on how to use AWS License Manager API operations to manage your Oracle licenses (for databases running on Amazon RDS for Oracle, Amazon EC2 and on-premises servers) based on Oracle cloud policy. Additionally, learn how to use the built-in integration of License Manager API operations with AWS CloudTrail to prepare for vendor audit.

Read More

Best practices for AWS Config conformance packs

AWS Config conformance packs help you manage configuration compliance of your AWS resources at scale. A conformance pack is a collection of AWS Config rules and remediation actions that can be easily deployed as a single entity in an account or across an organization in AWS Organizations. This is particularly useful if you need to quickly establish a […]

Read More
Figure 1: CloudTrail Process Flow

How to optimize AWS CloudTrail costs by using advanced event selectors

AWS CloudTrail can be used for security, monitoring restricted API calls, notification of threshold breaches, operational issues, filtering mechanisms for isolating data, faster root cause identification, and speedy resolution. CloudTrail can also be used for various compliance and governance controls, by helping you achieve compliance by logging API calls and changes to resources. Event selectors […]

Read More
Authorize different sets of interactive session commands for users using SSM documents

Limit interactive session commands by groups of users using AWS Systems Manager

Customers are looking for a way to limit the types of commands that can be run on their Amazon Elastic Compute Cloud (Amazon EC2) instances when using AWS Systems Manager Session Manager interactive sessions. Allowed commands vary by group, meaning you need to allow different sets of commands based on the group of users. For […]

Read More

Automate FedRAMP controls in your AWS environment using AWS Config conformance packs

AWS Config has released a new sample conformance pack template to help customers meet the operational best practices for Federal Risk and Authorization Management Program (FedRAMP). FedRAMP is a U.S. government-wide program that delivers a standard approach to the security assessment, authorization, and continuous monitoring for cloud products and services. Conformance packs are a collection […]

Read More

Open sesame: Granting privileged access to EC2 instances with Session Manager

In this guest blog post, Herman Lee (Cloud Solution Architect, VP) and Nauman Noor (Managing Director) from the public cloud engineering team at State Street discuss their use of AWS Systems Manager Session Manager for privileged access management of Amazon EC2 instances. State Street Corporation is a financial services company responsible for the management, custody, […]

Read More

AWS Organizations, AWS Config, and Terraform

In this post, I show how you can use AWS Organizations, AWS Config, and HashiCorp’s Terraform to deploy guardrails at scale. AWS Config provides configuration, compliance, and auditing features that are required for governing your resources and providing security posture assessment at scale. With its recent support for AWS Organizations, AWS Config makes it possible […]

Read More

AWS Config for resource housekeeping and cost optimization

This guest blog post is contributed by Bradley Segobiano, a Lead Software engineer at Genesys. Bradley works with the DevOps team and helps developer teams build and run a stable and highly available application platform. The elasticity Cloud Computing provides is a powerful enabler of innovation. But as new infrastructure is deployed, it is important […]

Read More