Category: Security, Identity, & Compliance

AWS Control Tower provides the easiest way for you to set up and govern your AWS environment following prescriptive AWS best practices managed on your behalf. AWS Control Tower orchestrates multiple AWS services (AWS Organizations, AWS CloudFormation StackSets, Amazon Simple Storage Service (Amazon S3), AWS Single Sign-On, AWS Config, AWS CloudTrail) to build a landing […]

This post describes how Expedia Group protects production database assets from accidental or automated deletion using the new Attribute Based Access Control (ABAC) feature for AWS Service Catalog. We also cover the benefits of scaling using an ABAC strategy and how Expedia incorporated ABAC to their Cerebro platform. Prerequisites AWS Service Catalog AWS Identity and […]

AWS Systems Manager Explorer is a customizable operations dashboard that reports information about your AWS resources. Explorer displays an aggregated view of operations data (OpsData) for your AWS accounts and AWS Regions. OpsData also includes information from supporting AWS services, such as AWS Trusted Advisor, AWS Compute Optimizer, and AWS Support Center cases, among other […]

  AWS Service Catalog is a widely used service that simplifies the management of tools, services, and resources in AWS accounts for organizations. This service empowers end users to provision products vetted by their organization in their environments with confidence in security and compliance. Portfolios are shared with AWS accounts in an AWS Organization, from which […]

Update 11/2022 – In September 2022, Amazon Inspector added support for Windows operating systems for continual software vulnerability scanning. This post supports remediating vulnerabilities only on Linux operating systems supported by the Systems Manager agent. This post is the second part of the Automate vulnerability management and remediation series using Amazon Inspector and AWS Systems […]

Update 11/2022 – In September 2022, Amazon Inspector added support for Windows operating systems for continual software vulnerability scanning. This post supports remediating vulnerabilities only on Linux operating systems supported by the Systems Manager agent. AWS recently launched the new Amazon Inspector for performing continuous vulnerability scans on Amazon Elastic Compute Cloud (Amazon EC2) instances […]

Customers want to migrate their existing Prometheus workloads to the cloud and utilize all that the cloud offers. AWS has services like Amazon EC2 Auto Scaling, which lets you scale out Amazon Elastic Compute Cloud (Amazon EC2) instances based on metrics like CPU or memory utilization. Applications that use Prometheus metrics can easily integrate into […]

To comply with regulatory standards and follow security best practices, organizations have told us that they want to ensure they have disabled older versions of Transport Layer Security (TLS), such as TLS 1.0 and 1.1, and only use modern TLS 1.2 and 1.3. When connecting to AWS API endpoints, your client software negotiates its preferred TLS version, […]

Organizations building modern applications require a way to gain actionable insights into their Amazon Elastic Compute Cloud (Amazon EC2) workloads. Amazon CloudWatch is a monitoring and observability service that collects operational data from logs, metrics, and events. The service lets customers monitor your resources spread across different accounts or regions in a single view, visualize […]

Microsoft SCCM (System Center Configuration Manager) enables the management, deployment, and security of devices and applications. Compliance settings in Configuration Manager lets you manage configuration and compliance in your organization. As customers migrate their traditional workloads, they’re also looking for an AWS native solution that provides the flexibility to manage compliance and configuration management on […]