AWS Cloud Operations Blog
Tag: Compliance
Implement automatic drift remediation for AWS CloudFormation using Amazon CloudWatch and AWS Lambda
“Stack drift” is a common occurrence for organizations using AWS CloudFormation, and remediating stack drift represents a persistent and tedious challenge for organizations managing critical infrastructure with CloudFormation stacks. Stack drift occurs when the actual configuration of an infrastructure resource differs from its expected configuration. Typically, this is caused by users editing resources directly by […]
Managing aged access keys through AWS Config remediations
One of the security best practices that is time-consuming to manage is enforcing IAM access key rotation for IAM users. Access keys give IAM users the ability to connect to Amazon EC2 instances. Therefore rotating these regularly (for example, every 90 days) is one of the key steps in protecting your resources from unauthorized access. […]
Deploy AWS Config Rules and Conformance Packs using a delegated admin
AWS Config Rules allow customers to evaluate the configuration of resources against best practices and perform remediation when specified configuration policies are not being followed. Using AWS Config Conformance Packs, customers can create a collection of AWS Config rules and remediation actions in a single pack that can be deployed across AWS Organizations. This provides […]
Governance, risk, and compliance when establishing your cloud presence
June 22, 2021: We’ve updated this post to reference the recently published Management & Governance Lens, an extension of the AWS Well-Architected Framework. When speaking with the business and technology leaders I work with, they express the need to bring new products and services to market quickly. They must also stay secure while doing so. […]
Amazon S3 bucket compliance using AWS Config Auto Remediation feature
AWS Config keeps track of the configuration of your AWS resources and their relationships to your other resources. It can also evaluate those AWS resources for compliance. This service uses rules that can be configured to evaluate AWS resources against desired configurations. For example, there are AWS Config rules that check whether or not your […]
Query your resource configuration state using the advanced query feature of AWS Config
On March 19, AWS Config announced a new capability called advanced query. Advanced query makes it easy to query the resource configuration properties of your AWS resources for audit, compliance, or operational troubleshooting. Advanced query is available in all AWS public Regions and in AWS GovCloud (US) at no additional charge for AWS Config customers. […]
How Datacom solved hybrid risk management with AWS Systems Manager
The content and opinions in this post are those of the third-party author and AWS is not responsible for the content or accuracy of this post. This post is from Chris Coombs at Datacom, and Samual Brown, Senior Technical Account Manager at AWS. Datacom is an AWS Premier Partner providing migration, transformation and managed services […]