Category: Security, Identity, & Compliance

Introduction Many of my customers use AWS CloudFormation to streamline provisioning operations for AWS and third-party resources, that they describe with code in JSON- or YAML-formatted CloudFormation templates. Some workloads require custom logic or inputs beyond standard parameter values. For these scenarios, an often overlooked and useful CloudFormation feature lies in AWS Lambda-backed custom resources. With Lambda-backed custom […]

Many customers have successfully migrated on-premises or cloud-based applications to AWS using the AWS Application Migration Service (AWS MGN). Customers commonly migrate their applications to a number of different AWS Accounts that are part of an AWS Organization, in line with the best practices of establishing a multi-account AWS environment. When using AWS MGN, the […]

In the first post of this two-part series, we highlighted how Life Sciences customers can implement a controlled change management process using AWS Systems Manager Change Manager and AWS Config. The solution in our first post, highlighted how a you can follow your Standard Operating Procedures (SOP’s) by implementing approval steps in order to make […]

AWS Config is a service that allows you to evaluate your AWS resources against a desired configuration state using AWS Config Rules. Two types of rules exist, managed rules which are meant to be used out-of-the-box and custom rules for which you define your desired configuration state via code.  AWS Audit Manager can help you […]

Customers often need to launch workloads in new accounts and regions. You could be developing an application in a development account, and looking to launch it in a production account, following AWS multi-account best practices on separating production and non-production workloads. You could also be launching a second instance of your payment processing application in […]

Service control policies (SCPs) are a set of policies that allow organizations to manage permissions using AWS Organizations. SCPs help control access to AWS services and resources provisioned across multiple accounts created within an organization. In addition, SCPs enable you to set up permission guardrails by defining the maximum available permissions for IAM principals in […]

AWS Systems Manager Session Manager provides a more secure way to manage your Amazon Elastic Compute Cloud (EC2) instances without the need to open inbound ports, maintain bastion hosts, or manage SSH keys. Furthermore, you can use it with a combination of AWS services to give access to external third-parties. Due to business requirements, you […]

Until recently, customers had to navigate to the AWS Marketplace Console and search for a compatible Amazon Machine Image (AMI) product for your image pipeline. They also had to write their own custom components to harden the operating systems to meet Center for Internet Security (CIS) Benchmark guidelines. This required subscriptions to the CIS Benchmark […]

In part one, we identified different features of Organizations requiring guidance and consideration when you move an account from one organization in Organizations to another. We focused on Organizations Polices, AWS Resource Access Manager (AWS RAM) shares, and AWS global condition context keys. In this post, part two of a three-part series, we identify behaviors […]

AWS customers use AWS Organizations as the basis of a multi-account AWS environment as defined by the Organizing Your AWS Environment Using Multiple Accounts AWS Whitepaper. Organizations is an AWS service that enables you to centrally manage and govern multiple accounts. Often there is a scenario when you must move an AWS account from one […]