AWS Cloud Operations Blog

Category: Management & Governance

A sneak peek at the Governance, Risk, and Compliance (GRC) sessions for re:Inforce 2023

A full conference pass is $1,099. Register today with the code secure150off to receive a limited time $150 discount, while supplies last. AWS re:Inforce is just around the corner and this post covers sessions on cloud governance, risk management, and compliance that you should add to your agenda. AWS re:Inforce is a security learning conference […]

Use Amazon CloudWatch Internet Monitor for greater visibility into online experiences

Today millions of internet users access applications hosted globally across 167,000 cities served by over 74,000 autonomous systems (ASNs). Tracking constantly changing network routes can be a daunting task for Site Reliability Engineers (SREs), application developers, network operators, systems engineers, and cloud solutions architects. With Amazon CloudWatch Internet Monitor, teams can quickly identify the network […]

Building CIS hardened Golden Images and Pipelines with EC2 Image Builder

Until recently, customers had to navigate to the AWS Marketplace Console and search for a compatible Amazon Machine Image (AMI) product for your image pipeline. They also had to write their own custom components to harden the operating systems to meet Center for Internet Security (CIS) Benchmark guidelines. This required subscriptions to the CIS Benchmark […]

Visualize and gain insights into your VPC Flow logs with Amazon Managed Grafana

Modern IT infrastructure in Cloud is becoming increasingly distributed and data intensive. With the growing number of devices, applications, and users consuming the services, the amount of data being transmitted across networks is increasing rapidly. This increase in data warrants organizations to have visibility in the network traffic. Analysis of network traffic can help in […]

Estimating AWS Config recorder costs and usage using AWS CloudTrail

AWS Config is a service that tracks configuration changes of AWS resources in your AWS account.  AWS Config uses the configuration recorder to create a configuration item whenever it detects a change to a resource type that it is recording. For example, if AWS Config is recording Amazon S3 buckets, AWS Config creates a configuration […]

Automating Amazon CloudWatch Alarm Cleanup at Scale

Automating Amazon CloudWatch Alarm Cleanup at Scale

Do you have thousands of Amazon CloudWatch alarms across AWS Regions and want to quickly identify which ones are low-value alarms or misconfigured alarms across regions? Are you looking for ways to identify alarms which are in ‘ALARM’ or ‘IN_SUFFICIENT’ state for several days and need to be revisited? Do you need a cleanup mechanism […]

How Hapag-Lloyd established observability for serverless multi-account workloads

This post is co-authored by Grzegorz Kaczor from Hapag-Lloyd AG and Michael Graumann and Daniel Moser from AWS. Introduction Establishing observability over the state, performance, health, and security posture of applications is key to successfully operating multi-account workloads in the cloud. As the number and size of workloads increases, finding and correlating all available information […]

Implementing AWS Session Manager logging guardrails in a multi-account environment

Raiffeisen Bank International (RBI), a prominent Austrian banking group, maintains a multi-account AWS environment that allows product teams to build and test new customer features at speed, but within the limits of central security guardrails. One of these guardrails requires central logging of all sessions established to Amazon Elastic Compute Cloud (Amazon EC2) instances across the […]

Tracking and remediating non-compliant resources by integrating AWS Config and Atlassian Jira Service Management through automated webhooks

Tracking and remediating non-compliant resources by integrating AWS Config and Atlassian Jira Service Management through automated webhooks

Organizations require their cloud environment to be secure and compliant according to their governance policies. AWS Config provides customers configuration details of their resources in AWS accounts. Customers can make use of AWS Config managed rules, AWS Config custom rules or conformance packs to get to know the configuration details of their resources quickly. Being aware of […]

Automate account customization using Account Factory Customization in AWS Control Tower

Automate account customization using Account Factory Customization in AWS Control Tower

Before customers can build, migrate and operate their workloads at scale, they must build a foundation to enable a multi-account architecture that supports the growing needs of their organization. With this foundation in place, customers can create AWS accounts to enable workload isolation within their organizations. As customers build their AWS account structure to group […]