AWS Management & Governance Blog

Extend AWS Control Tower governance using AWS Config Conformance Packs

As many customers adopt AWS Control Tower, they have asked Raphael and me how to add additional governance policies such as the NIST Cybersecurity Framework (CSF) to their environments on top of the guardrails that AWS Control Tower provides. Customers want to enable these additional policies on the AWS Regions where AWS Control Tower is […]

Read More

Automating Amazon CloudWatch Alarms with AWS Systems Manager

Amazon CloudWatch is a monitoring and observability service built for DevOps engineers, developers, Site Reliability Engineers (SRE), and IT managers. CloudWatch provides you with data and actionable insights to monitor your applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. Are you looking for an automated way […]

Read More

Identifying resources with the most configuration changes using AWS Config

AWS Config tracks changes made to supported resources and records them as configuration items (CIs), which are JSON files delivered to an Amazon S3 bucket. These are delivered in 6-hour intervals, as configuration history files. Each file contains details about the resources that changed in that 6-hour period, for the respective resource types, such as […]

Read More
Featured Image - Adjusting X-Ray sampling rules dynamically using CloudWatch Alarms

Dynamically adjusting X-Ray sampling rules

In a distributed system environment, tracing service-to-service interactions is essential to easily identify service bottlenecks, faults, and errors. AWS X-Ray allows you to set up tracing on your applications hosted on a variety of compute environments, such as Amazon Elastic Compute Cloud (Amazon EC2), AWS Elastic Beanstalk, Amazon Elastic Kubernetes Service (Amazon EKS), Amazon Elastic […]

Read More

Simplifying permissions management at scale using tags in AWS Organizations

AWS Organizations has extended its existing tagging support for AWS accounts to include all Organizations resources, such as organizational units (OUs) and your root and organization-level policies. You can tag these resources as you create them, giving you a convenient way to make sure that your Organizations resources are categorized from the start, without needing […]

Read More

Setting up monitors for .NET Application and Microsoft SQL Server using Amazon CloudWatch Application Insights

Many Windows-based applications are .NET applications using Windows SQL Server on the backend to retrieve and persist data. On the journey to the cloud, these applications are often re-hosted with a lift-and-shift approach. When such an application is hosted on the Amazon Elastic Compute Cloud (Amazon EC2) Windows platform, although native Windows-based tools are available […]

Read More
Trsuted Advisor Checks Image

Multi-account AWS Trusted Advisor summaries now available in AWS Systems Manager Explorer

AWS Systems Manager Explorer is a customizable operations dashboard that reports information about your AWS resources. Explorer displays an aggregated view of operations data (OpsData) for your AWS accounts and across Regions. In Explorer, OpsData includes metadata about your Amazon EC2 instances, patch compliance details, and operational work items (OpsItems). AWS Trusted Advisor is an […]

Read More
This diagram shows how AWS Config continuously tracks the state of resources in your account. When changes are detected, AWS Config tracks records those changes and maintains a history. Those changes and history are delivered to an s3 bucket and can be later accessed via the console or the API. If a rule is deployed to evaluate the resource, it can be triggered automatically. The evaluation results can be displayed on the console or accessed via the AWS Config API.

Using AWS Config for security analysis and resource administration

This blog post is a collaboration between Snehal Nahar, Technical Account Manager at AWS and Howard Zeemer, Manager of Operational Tools and Automation at LendingTree In this post, we will discuss how Lending Tree is using AWS Config for resource administration and security analysis. LendingTree empowers consumers to shop for financial services, comparing multiple offers […]

Read More

Instantly monitor serverless applications with AWS Resource Groups

Serverless computing allows you to build and run applications without thinking about servers. Building serverless applications means that your developers can focus on their core product instead of worrying about managing and operating servers. This reduced overhead lets developers reclaim time and energy that can be spent on developing great products that scale and are reliable. […]

Read More

Use Systems Manager Automation documents to manage instances and cut costs off-hours

Cut costs by minimizing infrastructure when it’s not under heavy use, for example turning off EC2 and RDS instances nights and weekends. In this post you will learn how to do this using Systems Manager Automation Documents, State Manager, and CloudWatch Events.

Read More