AWS Cloud Operations & Migrations Blog

Category: Security

Best practices: AWS Outposts in a multi-account AWS environment: Part 2

This post is written by Karl Schween, Principal Solutions Architect at AWS. This post is part two of two part series ‘Sharing AWS Outposts in a multi account AWS environment’ providing you guidance and considerations for sharing AWS Outposts and Amazon S3 on Outposts in a multiple AWS Account environment. AWS Outposts is a fully […]

Read More

Automatically update alternate contacts for newly created AWS Accounts

Customers use the cloud to move faster and build differentiated products and services. AWS lets you experiment, innovate, and scale more quickly, all while providing a flexible and secure cloud environment. Furthermore, a multi-account AWS environment lets you build and deploy workloads quickly, while providing mechanisms to do so in a secure, scalable, and resilient […]

Read More

Policy-as-Code for Securing AWS and Third-Party Resource Types

This post was written by Scott Alexander and Kevin Formsma from Mphasis Stelligent. Every day, more developers are having lightbulb moments as they realize they can design and manage their infrastructure. It’s our responsibility, as practitioners of the DevOps mindset, to build systems that allow developers to move quickly and speed up the feedback loop […]

Read More
Maximize cloud investment value through operational excellence using AWS Managed Services

Maximize cloud investment value through operational excellence using AWS Managed Services

In this blog post, I share my observations as an AMS Solutions Architect on how achieving operational excellence can help organizations realize their cloud business objectives while migrating to AWS. I dive deep into the five design principles that AWS Managed Services (AMS) uses to achieve operational excellence. Amazon is guided by four principles: customer […]

Read More
Securely scale multi-account architecture with AWS Network Firewall and AWS Control Tower

Securely scale multi-account architecture with AWS Network Firewall and AWS Control Tower

Administrators and developers are always balancing the need for security with the need to move quickly. Recently, AWS published the Management and Governance Lens, an extension of the AWS Well-Architected Framework. The M&G Lens provides a set of prescriptive guidance to help customers build both securely and with speed. From this work, we learn about how to […]

Read More

Introducing AWS CloudFormation Guard 2.0

In their blog post published last year, Write preventive compliance rules for AWS CloudFormation templates the cfn-guard way, Luis, Raisa, and Josh showed you how to use CloudFormation Guard, an open source tool that helps validate your AWS CloudFormation templates against a rule set to keep AWS resources in compliance with company guidelines. Since the […]

Read More
How to manage cost overruns in your AWS multi-account environment – Part II

How to manage cost overruns in your AWS multi-account environment – Part 2

In the first post of this two-part series, we showed you two approaches for preventing cost overruns in a centralized budget management pattern: Applying a restrictive service control policy (SCP) to an organizational unit (OU). Moving the account to another OU with restrictive SCPs. In this post, we share how you can prevent cost overruns […]

Read More

AWS CloudTrail Best Practices

September 8, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. AWS CloudTrail gives you a history of AWS calls for your account, including API calls made through the AWS Management Console, AWS SDKs, and command line tools. As a result, you can identify: Which users and accounts called AWS APIs […]

Read More

Automate FedRAMP controls in your AWS environment using AWS Config conformance packs

AWS Config has released a new sample conformance pack template to help customers meet the operational best practices for Federal Risk and Authorization Management Program (FedRAMP). FedRAMP is a U.S. government-wide program that delivers a standard approach to the security assessment, authorization, and continuous monitoring for cloud products and services. Conformance packs are a collection […]

Read More

Write preventive compliance rules for AWS CloudFormation templates the cfn-guard way

Continuous delivery pipelines, combined with infrastructure as code tools like AWS CloudFormation, allow our customers to manage applications in a safe and predictable way. CloudFormation helps customers model and provision their AWS and third-party application resources, with features such as rollback to provide automation and safety. Together with tools such as AWS CodeBuild, AWS CodePipeline, […]

Read More