AWS Management & Governance Blog

Tag: Compliance

Using AWS Systems Manager OpsCenter and AWS Config for compliance monitoring

In this post, I show how AWS Systems Manager OpsCenter can be used to centrally record and mitigate alerts from AWS Config.  When AWS Config detects a resource that is out of compliance, an OpsItem is created.  This OpsItem is used to track details of the noncompliant resource, record investigative actions, and provide access to […]

Read More
Automatic drift remediation solution architecture

Implement automatic drift remediation for AWS CloudFormation using Amazon CloudWatch and AWS Lambda

“Stack drift” is a common occurrence for organizations using AWS CloudFormation, and remediating stack drift represents a persistent and tedious challenge for organizations managing critical infrastructure with CloudFormation stacks. Stack drift occurs when the actual configuration of an infrastructure resource differs from its expected configuration. Typically, this is caused by users editing resources directly by […]

Read More
Overview of architecture: Multiple target accounts send info to master account

Managing aged access keys through AWS Config remediations

One of the security best practices that is time-consuming to manage is enforcing IAM access key rotation for IAM users. Access keys give IAM users the ability to connect to Amazon EC2 instances. Therefore rotating these regularly (for example, every 90 days) is one of the key steps in protecting your resources from unauthorized access. […]

Read More

Deploy AWS Config Rules and Conformance Packs using a delegated admin

AWS Config Rules allow customers to evaluate the configuration of resources against best practices and perform remediation when specified configuration policies are not being followed. Using AWS Config Conformance Packs, customers can create a collection of AWS Config rules and remediation actions in a single pack that can be deployed across AWS Organizations. This provides […]

Read More
Multi-account framework

Governance, risk, and compliance when establishing your cloud presence

When speaking with the business and technology leaders I work with, they express the need to bring new products and services to market quickly. They must also stay secure while doing so. At the same time, they must maintain a resilient environment while adapting workloads to changing business needs over time. In this multi-part blog […]

Read More

Amazon S3 bucket compliance using AWS Config Auto Remediation feature

AWS Config keeps track of the configuration of your AWS resources and their relationships to your other resources. It can also evaluate those AWS resources for compliance. This service uses rules that can be configured to evaluate AWS resources against desired configurations. For example, there are AWS Config rules that check whether or not your […]

Read More

Query your resource configuration state using the advanced query feature of AWS Config

On March 19, AWS Config announced a new capability called advanced query. Advanced query makes it easy to query the resource configuration properties of your AWS resources for audit, compliance, or operational troubleshooting. Advanced query is available in all AWS public Regions and in AWS GovCloud (US) at no additional charge for AWS Config customers. […]

Read More

How Datacom solved hybrid risk management with AWS Systems Manager

The content and opinions in this post are those of the third-party author and AWS is not responsible for the content or accuracy of this post. This post is from Chris Coombs at Datacom, and Samual Brown, Senior Technical Account Manager at AWS. Datacom is an AWS Premier Partner providing migration, transformation and managed services […]

Read More