AWS Cloud Operations Blog

In this blog post, we share a procedure for configuring AWS Systems Manager Session Manager run as support for Active Directory (AD) federated users using AWS Security Token Service (AWS STS) session tags. We show you how to start a Session Manager session using the AD user name of the federated user on an AD-joined […]

Each AWS service requires explicit access to resources, endpoints, and objects that reside in the domain of another service. This is referred to as the permission boundary. Services like AWS Config, Amazon Macie, and AWS GuardDuty require an AWS Identity and Access Management (IAM) role that grants access to resources outside of its control. Understanding […]

If you migrate your workloads to the cloud to modernize your applications or secure infrastructure and operations, you’ll find these migrations are increasingly performed with a DevOps methodology that incorporates continuous development, integration, and testing. It is always a best practice to incorporate security as code in your DevOps workflows to uncover security issues when […]

Datalex is an industry leader of omni-channel retail solutions for airlines around the world. The Datalex product portfolio supports end-to-end retail capabilities that include pricing, shopping, and order management. This year, Datalex’s multi-year deal with their API provider was up for renewal. As part of a best practice review, they considered other options. When the […]

In this guest blog post, Herman Lee (Cloud Solution Architect, VP) and Nauman Noor (Managing Director) from the public cloud engineering team at State Street discuss their use of AWS Systems Manager Session Manager for privileged access management of Amazon EC2 instances. State Street Corporation is a financial services company responsible for the management, custody, […]

Active Directory administrators are accustomed to managing domain resources using Remote Server Administrators Tools (RSAT) installed on either their workstations or a member server in the domain. When it comes to managing resources on a managed Active Directory service, such as the case with AWS Managed Microsoft AD, these tools must be available for administrators […]

Many organizations get access to their AWS resources using a Direct Connect connection or a Site-to-Site VPN. AWS Site-to-Site VPN creates a secure connection between your data center or branch office and your AWS cloud resources.  In this post, we will see how to monitor your Cisco CSR VPN tunnel and BGP (Border Gateway Protocol) […]

Cloud transformation is imperative Line of business (LOB) leaders and application owners within a business recognize that they urgently need to pivot their model to cloud—and not just to save cost or to get out of a data center. They own the apps that drive revenue for the business and modernizing them is critical to […]

4/9/2021 – Updated the Prometheus server deployment setup part by removing the AWS SigV4 side-car proxy container. This is no longer needed as the Prometheus server now directly signs requests made to the AMP remote write API. Amazon Managed Service for Prometheus (AMP) is a Prometheus-compatible monitoring service for container infrastructure and application metrics for […]

September 8, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. Amazon Managed Grafana is a fully managed and secure data visualization service that enables customers to instantly query, correlate, and visualize operational metrics, logs, and traces for their applications from multiple data sources. Amazon Managed Grafana is based on the […]