AWS Management Tools Blog

AWS Service Catalog Hub and Spoke Model: How to Automate the Deployment and Management of Service Catalog to Many Accounts

Many organizations may have tens to hundreds of accounts and thousands of users that require services in AWS. Enforcing organizational governance controls for deploying services requires time and resources to build the necessary guardrails, security controls, and auditing. Using the AWS Service Catalog hub and spoke model and launch constraints, I’ll show you how to […]

Read More

Using AWS Cloud9, AWS CodeCommit, and Troposphere to author AWS CloudFormation templates

AWS Cloud9 was announced at AWS re:Invent in November 2017. It’s a browser-based IDE suitable for many cloud development use cases, including serverless applications. AWS CloudFormation now supports quickly spinning up AWS Cloud9 development environments, with integration with AWS CodeCommit. In this blog post, I’ll explore how to quickly spin up AWS Cloud9 environments with […]

Read More

Distributing your AWS OpsWorks for Chef Automate infrastructure

Organizations that manage many nodes over larger geographical AWS Regions may wish to reduce latency and load between nodes in their AWS OpsWorks for Chef Automate implementation. By distributing nodes between multiple servers, organizations encounter the challenge of how to ensure that cookbooks and other configurations are consistently deployed across two or more Chef Servers […]

Read More

How to create custom AWS Config rules with AWS CodeStar

The AWS Config rules feature enables you to define in code the desired configuration of your AWS resources. For example, you can check that your Amazon S3 buckets are not publicly accessible or that your instances are associated with a security group. While Config offers a set of prebuilt (managed) rules that represent common best […]

Read More

Using AWS Systems Manager to run compliance scans using InSpec by Chef

As described in the Security Pillar of the AWS Well-Architected Framework, the careful management of the security configurations of the running systems within your environment forms the foundation of how you will maintain robust, secure, scalable systems. InSpec by Chef, an open-source testing framework, provides teams the ability to define and assess system state and […]

Read More

How to develop custom AWS Config rules using the Rule Development Kit

To help customers rapidly prototype, develop, and deploy their custom AWS Config rules at scale, AWS introduces a new version of the AWS Config Rule Development Kit (RDK). The RDK is a command-line utility designed to help you to shorten your security and compliance feedback cycles when using Config. It helps you build a continuous […]

Read More

Recovering AWS CloudFormation stacks using ContinueUpdateRollback

AWS CloudFormation treats a stack as a collection of AWS resources that customers can manage as a single unit. After you launch a stack, you can use the AWS CloudFormation console, API, or AWS CLI to update resources in your stacks. You should not make any changes to stack resources outside of CloudFormation. This is […]

Read More

How to Track Changes to Auto Scaling Groups Using AWS Config

Recently, AWS Config announced support for Auto Scaling groups. You can now track configuration changes in Auto Scaling groups, such as minimum, maximum, and desired capacities, termination policies, scaling policies, subnets, and instance protection settings. You can also use a new managed AWS Config rule to check whether the Auto Scaling groups associated with your […]

Read More

How to Track Configuration Changes to Classic Load Balancers Using AWS Config

Recently, AWS Config announced support for Classic Load Balancer in all public regions and AWS GovCloud (US). You can now start tracking the current and historical configurations of your Classic Load Balancers, and get notified via Amazon SNS when your configurations change. You can also use three new managed AWS Config rules to verify whether your […]

Read More

AWS Config: A Year in Review 2017

It’s been another exciting year for AWS Config, a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. We have expanded our regional availability, added support for new resource types, introduced new managed Config rules, and introduced a dashboard view of your resource configuration and compliance. In this post, […]

Read More