AWS Management & Governance Blog

Tag: AWS IAM

Applying managed instance policy best practices

Since AWS Systems Manager was launched, the service has continued to add new features for customers to use. Many features are enabled by granting your Amazon EC2 instances and on-premises servers access to Systems Manager using an AWS Identity and Access Management (IAM) role with the necessary permissions. To provide customers more flexible, fine-grained permission […]

Read More

Providing temporary instance permissions with AWS Systems Manager Automations

Instances might have to call certain API actions or access certain resources during an AWS Systems Manager Automation execution. What if you don’t want to apply the additional permissions to the instance’s existing instance profile? In this post, I show you how to provide temporary permissions to instances when executing an Automation within the document […]

Read More

Automating IAM Roles For Cross-Account Access Series Overview

The AWS Partner Network Blog has recently published a series describing a method to automate the creation of an IAM role for cross-account access, and how to collect the information needed for a partner to assume the role after creation. This post gives readers an overview of the series, summarizing each of the individual posts […]

Read More

AWS CloudFormation Guardrails: Protecting your Stacks and Ensuring Safer Updates

“I wonder what will happen if I touch these two wires together.” – Unix fortune If you’ve worked with cloud-hosted applications or large distributed architectures for any extended period of time, chances are you’ve heard colleagues invoke Murphy’s law: “Anything that can go wrong, will go wrong”. All of us have experienced one of those events in the […]

Read More

Recover your impaired instances using EC2Rescue and Amazon EC2 Systems Manager Automation

Have you ever had an issue connecting to your Amazon EC2 Windows instance? This can be caused by any number of different reasons, but is almost always related to how the instance is configured. Unfortunately, if you can’t connect to it, you can’t fix it! Earlier this year, AWS announced EC2Rescue for Windows, a convenient, […]

Read More

Automate remediation actions for Amazon EC2 notifications and beyond using EC2 Systems Manager Automation and AWS Health

You can use EC2 Systems Manager Automation to take remediation actions in response to events that may impact your AWS resources. To illustrate this concept, this post guides you through setting up automated remediation actions when an Amazon EBS backed Amazon EC2 instance is scheduled for retirement. An instance is scheduled to be retired when […]

Read More

Supercharge Multi-Account Management with AWS CloudFormation

As your use of Amazon Web Services evolves, you will probably outgrow your first account, and need to move into a multi-account model. There are plenty of benefits to using more than one AWS account: An administrative boundary: I can choose how permissive or restrictive my policies are based on the account type. Separating user […]

Read More

Monitor and Notify on AWS Account Root User Activity

Are you aware when someone uses your AWS account credentials to perform some activity? Are you notified in time? When you first create an AWS account, you begin only with a single sign-in identity that has complete access to all AWS services and resources in the account. This identity is called the root user and […]

Read More