AWS Cloud Operations Blog
Tag: AWS Control Tower
Centrally detect and investigate security findings with AWS Organizations integrations
Detecting security risks and investigating the corresponding findings is essential for protecting your AWS environment from potential threats, ensuring the confidentiality, integrity, and availability of your data and resources for your business needs. AWS provides a range of governance and security services such as AWS Organizations, AWS Control Tower, and AWS Config along with many others, […]
Modernizing Account Management with Amazon Bedrock and AWS Control Tower
Introduction The integration of Generative AI into cloud governance transforms AWS account management into a more automated and efficient process. Leveraging the generative AI capabilities of Amazon Bedrock alongside tools such as AWS Control Tower and Account Factory for Terraform (AFT), organizations can now expedite the AWS account setup and management process, aligning with best […]
Manage your AWS multi-account environment with Account Factory for Terraform (AFT)
Independent software vendors (ISVs) are AWS Partners who build products or services using AWS. Their workloads are typically diverse and require a flexible and customizable multi-account setup. Following are some examples: Backoffice workloads, which tend be deployed once and are then regularly updated, typically relying on commercial off-the-shelf software. Presales workloads, which are short lived […]
Using Lambda-backed Custom Resources to Reduce Overhead in a Multi-Account Environment
Introduction Many of my customers use AWS CloudFormation to streamline provisioning operations for AWS and third-party resources, that they describe with code in JSON- or YAML-formatted CloudFormation templates. Some workloads require custom logic or inputs beyond standard parameter values. For these scenarios, an often overlooked and useful CloudFormation feature lies in AWS Lambda-backed custom resources. With Lambda-backed custom […]
Learn how to design landing zone architectures with new AWS Control Tower training
Do you or your organization need solutions to help reach your Cloud Governance objectives as you migrate to AWS? How do you stay agile and innovate faster while staying secure?Designing and building a landing zone is a key step in the migration journey to the AWS cloud. A well-architected landing zone helps accelerate migration and […]
Building a well architected AWS GovCloud (US) environment with AWS Control Tower
Using AWS Control Tower in the AWS GovCloud (US) Regions The recent announcement of AWS Control Tower achieves FedRAMP High authorization in AWS GovCloud (US) Regions reminds us that it is a good time to review how to implement a well-architected multi-account strategy. This helps customers quickly build a baseline multi-account environment while having access […]
Provision sandbox accounts with budget limits to reduce costs using AWS Control Tower
Many Amazon Web Services (AWS) customers struggle to keep cloud costs under control while allowing employees to innovate and develop their AWS skills. We talk to technology leaders every day who rank controlling cloud spend among their top concerns. Those same leaders don’t want to stifle innovation or restrict employee’s ability to learn AWS. Using […]
Accelerating development with AWS CDK plugin – CfnGuardValidator
Customers can incorporate the CfnGuardValidator plugin into their AWS Cloud Development Kit (AWS CDK) application to accelerate their application development process. This acceleration stems from ensuring that the deployed resources comply with both organizational policy and AWS best practices. Without the plugin, however, ensuing policy compliance can often be an iterative process. Organizations may implement […]
Best practices for applying controls with AWS Control Tower
Enabling effective governance in a multi-account environment and aligning with AWS best practices and common compliance frameworks can be a complex endeavor. Many customers, particularly those operating in regulated industries, face the challenge of investing time and resources in identifying risks and developing their own controls to address service relationships and dependencies. This process can […]
Build a multi-account access notification system with Amazon EventBridge
While working with many of our customers, a recurring question has been “How can we be notified when users login to key accounts so we can take action if needed?” This post shows how to implement a flexible, simple, and serverless solution that creates notifications when sensitive accounts are logged in to. Alerting on high […]