AWS Cloud Operations Blog

Category: Configuration, compliance, and auditing

How to detect and monitor Amazon Simple Storage Service (S3) access with AWS CloudTrail and Amazon CloudWatch

How to detect and monitor Amazon Simple Storage Service (S3) access with AWS CloudTrail and Amazon CloudWatch

While protection of data is critical, equally important is observing who accesses it.  AWS services allow you to control your data by determining where it’s stored, who has access, and how it’s secured. AWS CloudTrail provides an effective way to track data access activities.  You can detect access attempts, and identify potential unauthorized attempts. CloudTrail, […]

Operational Best Practices for FedRAMP Compliance in AWS GovCloud with AWS Config

AWS Config is a fully managed service that provides customers with resource inventory, configuration monitoring, and configuration change notifications to support security, governance, and compliance for workloads in AWS. An AWS Config rule represents desired configurations for a resource and evaluates changes in near real-time and records the compliance history in AWS Config. Using AWS […]

Using AWS CloudTrail data events to audit your Amazon SNS and Amazon SQS workloads

Customers in highly regulated industries, such as Financial Services or Healthcare and Life Sciences, often need to audit every action made in environments with sensitive data. Regulations like HIPAA or FFIEC, and industry frameworks like the PCI DSS, require granular log entries that record user and administrative actions within an environment containing sensitive data, and […]

Simplifying remediation using AWS Systems Manager with Amazon Q Developer

In this blog post, we will build a custom automation document for resolving the non-compliant resource status through  AWS Systems Manager Automation. Building an AWS Systems Manager (SSM) document using Amazon Q Developer involves creating a JSON or YAML document that defines the desired state of your managed instances in AWS. SSM documents are used […]

Introducing AWS Audit Manager Common Controls Library

AWS Audit Manager introduced the AWS common controls library to help Governance, Risk and Compliance (GRC) teams efficiently map their enterprise controls into Audit Manager for evidence collection. The common controls library provides customers with a simpler way to collect evidence that supports overlapping controls across multiple compliance standards, streamlining the evidence collection process, reducing […]

Get Disk Utilization of Your Fleet Using AWS Systems Manager Custom Inventory Types

Get Disk Utilization of Your Fleet Using AWS Systems Manager Custom Inventory Types

Some of my customers need assistance while operating their Amazon Elastic Compute Cloud (Amazon EC2) infrastructure. They need to: Review the disk usage of various volumes/ disks within an EC2 instance. To do it in a scalable way, one does not need to access the instance either through a Remote Desktop Session (RDP) or use […]

Auditing generative AI workloads with AWS CloudTrail

With the emergence of generative AI being incorporated into every aspect of how we utilize technology, a common question that customers are asking is how to properly audit generative AI services on AWS, such as Amazon Bedrock, Amazon Sagemaker, Amazon Q Developer, and Amazon Q Business. In this post, we will demonstrate common scenarios that […]

Simplify compliance management of multicloud or hybrid resources with AWS Config

Simplify compliance management of multicloud or hybrid resources with AWS Config

Organizations of all sizes operate in a compliance landscape that is complex, dynamic, and evolving rapidly, facing internal requirements as well as industry or government regulations. A multicloud strategy creates additional challenges to maintain compliance policies across cloud providers. With AWS, you can implement compliance processes faster and more easily with automation, ready-to-use templates, and […]

Create AWS Config rules efficiently with Generative AI

AWS Config enables businesses to assess, audit, and evaluate the configurations of their AWS resources by leveraging AWS Config rules that represent your ideal configuration settings.  For example a Security Group that allows ingress on port 22 should be marked as noncompliant. AWS Config provides predefined rules called managed rules to help you quickly get […]

Securely share AWS CloudTrail Lake logs across accounts without replicating data

In 2022, we launched AWS CloudTrail Lake, an immutable managed data lake designed to simplify audit, security, and compliance investigations by capturing, storing, and analyze AWS user and API activities. By providing immutable storage for your activity logs, CloudTrail Lake protects the integrity of your audit data by providing read-only access. CloudTrail Lake integrates seamlessly […]