AWS Management & Governance Blog

Tag: Management and Governance

Write preventive compliance rules for AWS CloudFormation templates the cfn-guard way

Continuous delivery pipelines, combined with infrastructure as code tools like AWS CloudFormation, allow our customers to manage applications in a safe and predictable way. CloudFormation helps customers model and provision their AWS and third-party application resources, with features such as rollback to provide automation and safety. Together with tools such as AWS CodeBuild, AWS CodePipeline, […]

Read More

Configure Session Manager access for federated users using SAML session tags

In this blog post, we show you how to configure Attribute-Based Access Control (ABAC) permissions to federate users into AWS Systems Manager Session Manager. We demonstrate how you can use attributes defined in external identity systems as part of the ABAC decisions within AWS, with SAML session tags. For example, you can grant access to […]

Read More
AWS Systems Manager patch compliance data to AWS Security Hub

Multi-Account patch compliance with Patch Manager and Security Hub

Introduction In this blog post, I discuss how to import critical patch compliance findings into Security Hub. Security Hub is a service that provides customers with a comprehensive view of their security and compliance status across their AWS accounts. Customers use Security Hub as a single place that aggregates, organizes, and ranks their security findings. […]

Read More

Automating the discovery of licensed software using AWS License Manager

Software license management often comes with the challenges of staying compliant, controlling overages, and managing vendor audits. Significant time and manual effort go into making sure that software license inventories are updated and ready for auditing. Bringing cloud infrastructure into the picture, with the ability to spin up virtual servers in minutes, means that managing […]

Read More

Deploy AWS Config Rules and Conformance Packs using a delegated admin

AWS Config Rules allow customers to evaluate the configuration of resources against best practices and perform remediation when specified configuration policies are not being followed. Using AWS Config Conformance Packs, customers can create a collection of AWS Config rules and remediation actions in a single pack that can be deployed across AWS Organizations. This provides […]

Read More

Managing resources using AWS CloudFormation Resource Types

Introduction Both custom resources and resource types are used to create an AWS CloudFormation resource that allow you to manage third-party resources. For example, during the creation of a simple website you may want to provision a third-party website monitor, which has a public API. In this case, you would develop and use a resource […]

Read More

AWS Control Tower Detective Guardrails as an AWS Config Conformance Pack

Many of the customers I work with would like to be able to apply AWS Control Tower’s detective guardrails to an existing AWS account before moving them to Control Tower governance. Now that you can launch AWS Control Tower in an existing AWS Organization, customers want to evaluate their existing accounts for compliance with AWS […]

Read More

Simplified Bring-Your-Own-License experience using AWS License Manager

AWS License Manager’s simplified Bring-Your-Own-License (BYOL) experience allows you to effectively govern and manage software licenses, such as Windows and SQL Server, that require a dedicated physical server. You can enjoy the flexibility and cost effectiveness of using your own licenses on Amazon EC2 Dedicated Hosts, but with the simplicity, resiliency, and elasticity of Amazon EC2. […]

Read More
Workflow diagram that shows how Control Tower's lifecycle events are generated and recorded

Using lifecycle events to track AWS Control Tower actions and trigger automated workflows

Many customers that I work with are creating and provisioning new accounts using AWS Control Tower. They prefer an AWS native solution for creating their environment knowing that it will be based upon documented AWS Best Practices. As customers scale their account creation, there exists an opportunity to use additional Control Tower features to perform […]

Read More

Mechanisms to govern license usage with AWS License Manager

AWS License Manager streamlines the process of bringing software vendor licenses to the cloud. As you build your applications in AWS that use third party licenses or move your on-premises workloads to AWS, you can save costs by using bring-your-own-license (BYOL) opportunities. This can be done by re-purposing your existing license inventory for use with […]

Read More