AWS Cloud Operations Blog

AWS Management and Governance at Re:Invent 2020

AWS re:Invent is always an exciting time of the year to engage with our customers to learn, and share information about our services and features. Due to the current pandemic, re:Invent is pivoting to a free and virtual format presented across 3 weeks from November 30 to December 18 this year. Yes, you read that right. AWS re:Invent 2020 is going virtual and free!!!

As the excitement is building up, we bring you this post that presents the highlights for the AWS management and governance sessions. These sessions help you enable, provision, and operate your AWS environment for both business agility and governance control. All from the comfort of your home, with each session broadcasting multiple times offered to our global customers. To enjoy the benefit of these sessions, you must register for re:Invent. 

The sessions are prerecorded and are released during the event with our experts available online to answer your questions live. You can find the schedule of these events in our official session catalog and mark your calendars. Following are the AWS management and governance track sessions you should try not to miss.

Leadership Session

  • MGT291L – Speed up innovation with cloud management and governance

When enterprises modernize their application development strategies in order to serve millions of users globally and improve developer efficiency, operations management becomes even more crucial for businesses to run smoothly. IT operations or DevOps teams often need to provision and take operational actions on hundreds of thousands of applications and resources daily while maintaining safety and compliance. How can IT make operations management and governance easy and efficient, while also enjoying the freedom and speed of innovation that the cloud brings? In this session, hear from AWS senior leader Bill Vass on the future of monitoring, management, and governance, both on AWS and on premises.

Configuration, compliance, and auditing

  • MGT304 – Configuration, compliance, and audit at scale

To avoid misconfiguration issues and security breaches, it’s crucial that you have a robust configuration, compliance, and audit program to effectively manage AWS resources. In this session, learn how to use AWS Config to monitor and track resource configuration. See how AWS Config rules and conformance packs help set desired resource configurations, evaluate configuration compliance and risk, and remediate configuration drift. Also, learn how to use AWS CloudTrail to simplify compliance audits by recording and storing event logs for actions made within your AWS account. Hear directly from Intuit, which has been effective at managing compliance on AWS.

  • MGT309 – Simplify industry compliance management with AWS Config

Are you in a highly regulated industry? Do you need to meet industry compliance requirements in the cloud? In this session, deep dive into AWS Config conformance packs, which can be mapped to controls that audit and assess the overall compliance of your multi-account AWS resource configurations. You learn how to manage compliance in a multi-account environment, and you hear how Lockheed Martin simplified industry compliance management by implementing guardrails to limit exposure as well as incorporating remediation processes.

  • MGT402 – Manage configuration and compliance in hybrid environments

Capturing resource inventory and configuration history and defining compliance on resource configuration can be challenging. This is particularly true if resources span across on-premises environments and the cloud. In this session, you learn how to use AWS CloudFormation to extend the inventory and compliance management capabilities of AWS Config to private and third-party resources, including on-premises resources, at scale. By attending this session, you gain an understanding of how and when to use the AWS CloudFormation registry, and you learn how to get started with AWS Config custom configuration items and custom rules for inventory and compliance management.

  • SEC302 – Achieve compliance as code using AWS Config

Many companies in regulated industries have achieved compliance requirements using AWS Config. They also need a record of the incidents generated by AWS Config in tools such as ServiceNow for audits and remediation. In this session, learn how you can achieve compliance as code using AWS Config. Through the creation of a noncompliant Amazon EC2 machine, this demo shows how AWS Config triggers an incident into a governance, risk, and compliance system for audit recording and remediation. The session also covers best practices for how to automate the setup process with AWS CloudFormation to support many teams.

  • SEC313 – A security operator’s guide to practical AWS CloudTrail analysis

AWS CloudTrail helps you discover and troubleshoot security and operational issues by capturing a comprehensive history of changes that occurred in your AWS account within a specified period of time. In this session, you learn about the AWS CloudTrail service and its value for security operations. The session dives deep into sources of data enrichment and reviews how to leverage AWS CloudTrail as part of your security operations and incident response procedures.

 

Enterprise governance and control

  • MGT307 – How to onboard existing AWS accounts onto AWS Control Tower

You can efficiently manage and govern your multi-account AWS environment using automated best practices and guardrails without needing to maintain code. In this session, learn the best practices for successfully managing existing AWS accounts using AWS Control Tower. NuData Security, a Mastercard company, discusses why it brought its 100+ AWS accounts under AWS Control Tower from the AWS Landing Zone solution. NuData uses AWS Control Tower to apply and manage guardrails, helping its security teams reduce risk and aggregate findings. Take a deep dive into AWS account provisioning with AWS Control Tower and learn how AWS Service Catalog can enable advanced capabilities of governance.

  • MGT301- Best practices for securing your multi-account environment

In this session, learn how to define and implement a security baseline in multiple accounts by using AWS Organizations. Join this session to take a deep dive into the benefits of a security organizational units, account creation and AWS CloudFormation StackSets usage. Also learn about the standardization of settings across the enterprise for services such as AWS CloudTrail, Amazon GuardDuty, Amazon Macie, AWS Identity and Access Management(IAM) Access Analyzer, AWS Backup, and others.

  • MGT305 – Announcing the AWS Well-Architected Management and Governance Lens

AWS Well-Architected helps cloud architects build secure, high-performing, and resilient infrastructure for their applications. Lenses extend the guidance offered by AWS Well-Architected to specific industry and technology domains. The new Management and Governance Lens provides prescriptive guidance on key concepts, design principles, and best practices for optimizing management and governance across your AWS environment. This Lens includes recommended combinations of AWS services, integration points with partner solutions, and vetted reference implementations. Learn how to leverage these recommendations to achieve visibility at scale in a dynamic environment, accelerate your cloud migrations, and improve your overall management and governance by following best practices based on thousands of successful migrations.

  • ARC211 – Build governance at scale with AWS Control Tower

As you move to an organization-wide, multi-account, multi-Region strategy for your AWS environment, new questions emerge. How do you control budgets across many accounts, workloads, and users in a large organization? How do you automate account provisioning and maintain good security when hundreds of users and business units are requesting cloud resources? How can you ensure that the organization is adhering to security and governance requirements? In this session, you learn about AWS Control Tower and how this service can help you establish baseline security and governance in multiple AWS accounts at scale.

Monitoring and observability

  • MGT302 – Gaining application-level governance and cost visibility

Provisioning reusable application infrastructure on-demand, quickly, and in a safe and repeatable manner is often difficult. In this session, learn how to use AWS Service Catalog to help simplify the creation of layered application infrastructure. Also, learn how to build application infrastructure using governed, reusable AWS Service Catalog products via AWS CloudFormation templates to resolve common operational questions.

  • MGT303 – Turbocharging cost optimization with Amazon CloudWatch metrics

Understanding which parts of your architecture incur the most cost can often be difficult and time-consuming. In this session, learn how to drill down into your architecture spend and optimize for performance and cost by using Amazon CloudWatch metrics to enrich Cost and Usage Report data in your Amazon S3 data lake. Learn best practices for sending CloudWatch metrics to Amazon S3, discuss ways for correlating operational telemetry with cost and usage data, and review methods for optimizing cost.

  • MGT306 – Increase availability with AWS observability solutions

To provide access to critical resources when needed and also limit the potential financial impact of an application outage, a highly available application design is critical. In this session, learn how you can use Amazon CloudWatch and AWS X-Ray to increase the availability of your applications. Join this session to learn how AWS observability solutions can help you proactively detect, efficiently investigate, and quickly resolve operational issues. All of which help you manage and improve your application’s availability.

  • OPN301 – Open-source observability at AWS

In this session, hear from a CNCF SIG observability member on the state of open-source observability on AWS. From the Fluent Bit-based FireLens to Prometheus metrics in Amazon CloudWatch to OpenTelemetry, there is a lot to discuss and show in the context of microservices, containers, and serverless compute.

Centralized operations management

  • MGT401 – Automate anything with AWS Systems Manager

You can automate any task that involves interaction with AWS and on-premises resources, including in multi-account and multi-Region environments, with AWS Systems Manager. In this session, learn how Systems Manager Automation can be used to automate across multiple Regions and accounts, integrate with other AWS services, and extend to your on-premises datacenters. This session takes a deep dive into the requirements for Systems Manager, how to author a custom runbook using an automation document, and how to execute automation anywhere.

  • MGT403 – Securely manage all your servers with full auditability

Remotely managing cloud or on-premises servers securely and with auditability often requires additional infrastructure or software to be effective and secure. In this session, you learn how to eliminate those additional requirements and components and still provide secure and auditable access to your resources. The session covers features that give you secure access to your servers, including AWS Systems Manager Session Manager, which increases security and auditability. You also learn how to configure attribute-based access control federation to Session Manager, and you hear how AWS CloudTrail, Amazon CloudWatch, and Amazon S3 provide various mechanisms for auditability and oversight.

Cloud financial management

  • Various sessions on our sister track. Join us!

In addition to these sessions, we offer 19 leadership sessions through which you can hear directly from AWS leaders as they share the latest advances in AWS technologies, set the future product direction, and motivate you through compelling success stories.

Don’t forget to tune into the sessions to manage your AWS environments effectively. Check out re:Invent 2020 website for more details and sign up to receive updates.

 

About the Authors

Harshitha Putta is a Cloud Infrastructure Architect with AWS Professional Services in Seattle, WA. She is passionate about building innovative solutions using AWS services to help customers achieve their business objectives. She enjoys spending time with family and friends, playing board games and hiking.