AWS Management & Governance Blog

Manage your AWS CloudFormation templates and stacks using AWS Systems Manager

Manage your AWS CloudFormation templates and stacks using AWS Systems Manager

With AWS CloudFormation, you get a powerful way to automate and manage infrastructure as code. Until now, customers relied on Amazon Simple Storage Service (Amazon S3) or a version-control system to store, share, and manage CloudFormation templates as code artifacts. In addition, many customers use AWS Service Catalog for advanced use cases related to governance of […]

Read More
Ensure license compliance in AWS for ISVs using ISV seller-issued licenses

Ensure license compliance in AWS for ISVs using ISV seller-issued licenses

AWS License Manager helps reduce the risk of noncompliance by providing independent software vendors (ISVs) with a centralized AWS account and built-in controls to ensure only approved users and workloads can consume licenses. ISVs can use License Manager to manage and distribute software licenses to end users with and without AWS accounts. As an issuer, […]

Read More
Best practice considerations when using AWS Systems Manager document sharing

Best practice considerations when using AWS Systems Manager document sharing

An AWS Systems Manager (SSM) document is a resource that defines actions to perform on your managed instances. Each type—command documents, Automation documents, and session documents—serves a purpose. Depending on your use cases, you might use them to automate backup procedures for your applications, install packages, or use them across your fleet of instances for other DevOps […]

Read More
Using Amazon CloudWatch with Amazon EventBridge for cross-account event monitoring

Using Amazon CloudWatch with Amazon EventBridge for cross-account event monitoring

We often talk about event driven architectures where an event is something that happens within your application or architecture. It could be a new file received by your application or when there is an alert triggered by high CPU utilization. We can act on these events by scanning the file contents or scaling out more […]

Read More

Save costs and deploy highly available Microsoft Exchange on AWS using Dedicated Hosts and License Manager

In a previous blog, “How to run Microsoft Exchange on AWS using Amazon EC2”, you learn how you can run Microsoft Exchange on AWS. However, did you also know that you could save costs by bringing both your Windows Server and Exchange licensing to Dedicated Hosts? In this post, I will show you how Amazon […]

Read More
Setting up secure, well-governed machine learning environments on AWS.

Setting up secure, well-governed machine learning environments on AWS

When customers begin their machine learning (ML) journey, it’s common for individual teams in a line of business (LoB) to set up their own ML environments. This provides teams with flexibility in their tooling choices, so they can move fast to meet business objectives. However, a key difference between ML projects and other IT projects is […]

Read More
How AWS Partners can determine AWS Support plans in an organization

How AWS Partners can determine AWS Support plans in an organization

Solutions providers who engage with their end customers in a resale arrangement must manage different business models and support delivery models. AWS Organizations makes it possible to build the right account structure to support a resale arrangement. Monthly end-customer invoicing often poses a huge challenge in a shared resale arrangement, where you need to know […]

Read More
Securely scale multi-account architecture with AWS Network Firewall and AWS Control Tower

Securely scale multi-account architecture with AWS Network Firewall and AWS Control Tower

Administrators and developers are always balancing the need for security with the need to move quickly. Recently, AWS published the Management and Governance Lens, an extension of the AWS Well-Architected Framework. The M&G Lens provides a set of prescriptive guidance to help customers build both securely and with speed. From this work, we learn about how to […]

Read More
Use Amazon Athena and AWS CloudTrail to estimate billing for AWS Config rule evaluations

Use Amazon Athena and AWS CloudTrail to estimate billing for AWS Config rule evaluations

AWS Config is a service that enables you to audit your AWS resources for compliance to a desired configuration state. You are billed based on the number of Configuration Items (a point-in-time snapshot of an AWS resource) recorded and the number of AWS Config rules (a function that reports resource compliancy) evaluated per resource per […]

Read More
Scheduling centralized multi-account and multi-Region patching with AWS Systems Manager Automation

Scheduling centralized multi-account and multi-Region patching with AWS Systems Manager Automation

In an earlier blog post, I showed how you can use AWS Systems Manager Automation to patch managed instances across multiple AWS accounts and Regions. I showed how to perform this operation manually (or through the AWS CLI using start-automation-execution). In this blog post, I show you how to schedule a multi-account and multi-Region patching […]

Read More