Tag: AWS IAM

Building and managing resilient, micro-service based Containerized applications in a distributed environment is hard; maintaining and operating them is even harder. Even though containerized applications running on Amazon Elastic Kubernetes Service (Amazon EKS) take advantage of the performance, scale, reliability, and availability of AWS infrastructure which, we need to understand that failures will occur and […]

In this post, we will show how you can deploy AWS Config custom rules across accounts in your organization, leveraging the Rules Development Kit (RDK), an open source development kit designed to support intuitive and efficient “Compliance-as-Code” workflows. With AWS Config custom rules, you can define custom logic for the desired configuration state of your […]

Thomson Reuters Corporation (TR) is a Canadian multinational media company that provides critical online and print information, know-how, decision making tools, software, and services for the legal industry. TR’s Tax and Accounting business serves law firms, tax and accounting firms, global trade organizations, educational institutions, and more. Thomson Reuters operates in more than 100 countries […]

In August 2021, AWS announced Amazon Managed Grafana as generally available (GA), a fully-managed service that’s developed together with Grafana Labs and based on open source Grafana. Enhanced with enterprise capabilities, Amazon Managed Grafana makes it easier to visualize and analyze operational data at scale. Amazon Managed Grafana is a fully-managed and secure data visualization service that […]

AWS Control Tower provides the easiest way for you to set up and govern your AWS environment following prescriptive AWS best practices managed on your behalf. AWS Control Tower orchestrates multiple AWS services (AWS Organizations, AWS CloudFormation StackSets, Amazon Simple Storage Service (Amazon S3), AWS Single Sign-On, AWS Config, AWS CloudTrail) to build a landing […]

Customers who manage multiple AWS accounts in AWS Organizations can use service control policies (SCPs) to centrally manage permissions in their environment. SCPs can be applied to an organization unit (OU), account, or entire organization to restrict the maximum permissions that can be applied in the scoped AWS accounts. In this post, we are going to explore the use of SCPs to restrict an AWS account to read-only access.

Many of you have experience using AWS CloudFormation to automate your application deployments. As you probably know, the service supports around 600 types of resources. When you optimize your templates, you might have discovered that each of those resource types encapsulates native AWS SDK API calls to create or update each resource’s state or configuration. You […]

Many of the customers we work with look for ways to manage compliance and gain additional insights across their AWS multi-account organization from a central location. We often begin the discussion with AWS Control Tower, as it offers the easiest way to set up and govern a multi-account AWS environment. AWS Control Tower is an […]

Since AWS Systems Manager was launched, the service has continued to add new features for customers to use. Many features are enabled by granting your Amazon EC2 instances and on-premises servers access to Systems Manager using an AWS Identity and Access Management (IAM) role with the necessary permissions. To provide customers more flexible, fine-grained permission […]

Instances might have to call certain API actions or access certain resources during an AWS Systems Manager Automation execution. What if you don’t want to apply the additional permissions to the instance’s existing instance profile? In this post, I show you how to provide temporary permissions to instances when executing an Automation within the document […]