AWS Cloud Operations Blog

[Update] AWS Control Tower 3.0 now allows you to either select organization-level CloudTrail trails or opt out of Control Tower-managed trails, eliminating the need for the workaround mentioned in this blog. For additional details, refer to the Release notes. The customers that we work with often use multiple AWS accounts to meet their business needs. […]

Backup compliance in AWS includes defining and enforcing backup policies to encrypt your backups, protect them from manual deletion, prevent changes to your backup lifecycle settings, and audit and report on backup activity from a centralized console. AWS Backup Audit Manager, a feature within the AWS Backup service, provides built-in compliance controls for these areas. […]

Enabling agile application development teams to self-serve and quickly provision the resources that they need while adhering to the organization’s governance and controls can be challenging. In this post, we’ll explore Expedia Group’s Cerebro platform, a Database as a Service (DBaaS) offering built on AWS technologies. By using this platform, Expedia Group is able to […]

Organizations have many business reasons to track resource usage across their AWS environments. For example, management and administrative teams want to track operation expenditure, license governance, and asset tracking for their AWS Marketplace solutions across Regions currently in use. A centralized reporting dashboard allows the teams to access this information quickly and efficiently. This post […]

Before defining observability, consider the following example: You run an e-commerce site, and you’re interested in understanding the customer experience of the site, as well as how that translates into sales. You have identified that long page-loading times lead to poor customer experience, which in turn leads customers to abandon their carts and buy competing […]

Today, you can centrally close member accounts in your AWS organization enabling easier and more efficient account management of your AWS environment. This means you’re able to close member accounts from your organization’s management account without needing to login to each member account individually with root credentials. You can also ensure that only authorized IAM […]

Our customers commonly need the ability to create a self-service model for establishing networking connectivity between their accounts, while maintaining a predetermined security posture. The self-service model provides guardrails to disallow insecure or incorrect configurations. The Serverless Transit Network Orchestrator (STNO) v3.0 solution automates the process of setting up and managing transit networks in distributed […]

Customers use the cloud to move faster and build differentiated products and services. AWS lets you experiment, innovate, and scale more quickly, all while providing a flexible and secure cloud environment. Furthermore, a multi-account AWS environment lets you build and deploy workloads quickly, while providing mechanisms to do so in a secure, scalable, and resilient […]

AWS has a native feature flagging solution, AWS AppConfig Feature Flags. Feature flags are a powerful tool that allow engineers to safely push out new features to customers, but doing so in a measured and usually gradual way. In this blog post, you will learn about what feature flags are, what are the benefits to […]

In today’s complex computing environment, organizations continually have new requirements for maintaining data. In essence, data residency is established on multiple levels, and AWS offers different features and services to support it. This post focuses on utilizing the AWS Control Tower governance model to support data residency requirements in regions where AWS Control Tower isn’t […]