Tag: Management and Governance

Continuous delivery pipelines, combined with infrastructure as code tools like AWS CloudFormation, allow our customers to manage applications in a safe and predictable way. CloudFormation helps customers model and provision their AWS and third-party application resources, with features such as rollback to provide automation and safety. Together with tools such as AWS CodeBuild, AWS CodePipeline, […]

In this blog post, we show you how to configure Attribute-Based Access Control (ABAC) permissions to federate users into AWS Systems Manager Session Manager. We demonstrate how you can use attributes defined in external identity systems as part of the ABAC decisions within AWS, with SAML session tags. For example, you can grant access to […]

Update 10/2020 – Viewing patch compliance findings across AWS accounts in AWS Security Hub is supported natively. For more information please see What’s new announcement here. Introduction In this blog post, I discuss how to import critical patch compliance findings into Security Hub. Security Hub is a service that provides customers with a comprehensive view […]

Software license management often comes with the challenges of staying compliant, controlling overages, and managing vendor audits. Significant time and manual effort go into making sure that software license inventories are updated and ready for auditing. Bringing cloud infrastructure into the picture, with the ability to spin up virtual servers in minutes, means that managing […]

AWS Config Rules allow customers to evaluate the configuration of resources against best practices and perform remediation when specified configuration policies are not being followed. Using AWS Config Conformance Packs, customers can create a collection of AWS Config rules and remediation actions in a single pack that can be deployed across AWS Organizations. This provides […]

Introduction Both custom resources and resource types are used to create an AWS CloudFormation resource that allow you to manage third-party resources. For example, during the creation of a simple website you may want to provision a third-party website monitor, which has a public API. In this case, you would develop and use a resource […]

Many of the customers I work with would like to be able to apply AWS Control Tower’s detective guardrails to an existing AWS account before moving them to Control Tower governance. Now that you can launch AWS Control Tower in an existing AWS Organization, customers want to evaluate their existing accounts for compliance with AWS […]

AWS License Manager’s simplified Bring-Your-Own-License (BYOL) experience allows you to effectively govern and manage software licenses, such as Windows and SQL Server, that require a dedicated physical server. You can enjoy the flexibility and cost effectiveness of using your own licenses on Amazon EC2 Dedicated Hosts, but with the simplicity, resiliency, and elasticity of Amazon EC2. […]

Many customers that I work with are creating and provisioning new accounts using AWS Control Tower. They prefer an AWS native solution for creating their environment knowing that it will be based upon documented AWS Best Practices. As customers scale their account creation, there exists an opportunity to use additional Control Tower features to perform […]

AWS License Manager streamlines the process of bringing software vendor licenses to the cloud. As you build your applications in AWS that use third party licenses or move your on-premises workloads to AWS, you can save costs by using bring-your-own-license (BYOL) opportunities. This can be done by re-purposing your existing license inventory for use with […]