AWS Cloud Operations Blog
Category: AWS Config
Using OPA to create AWS Config rules
In this blog post, we will show how you can use AWS Config custom rules with Open Policy Agent (OPA) to evaluate the compliance of your AWS resources. AWS Config enables you to assess, audit, and evaluate the configuration of your AWS resources. The service continuously monitors and records your AWS resource configurations and allows […]
Implement AWS Config rule remediation with Systems Manager Change Manager
AWS Config enables you to assess, audit, and evaluate the configurations of your AWS resources. AWS Config rules are evaluated when changes are made in the AWS environment. By analyzing changes as they occur, you can catch compliance violations quickly and minimize the exposure to your organization. When you apply a remediation action to an […]
Improve monitoring of AWS Systems Manager Agent
The ability to present a single pane of glass simplifies the process of tracking and controlling IT systems. Enterprises that run workloads on AWS use AWS Systems Manager because of its security, ease of management, and centralized reporting. When an agent loses connection to the management platform, you can lose visibility into system behavior and […]
Automate configuration compliance at scale in AWS
AWS Config continuously monitors and records your AWS resource configurations. You can use the service to automate the evaluation and remediation of recorded configurations against desired configurations. You also can review changes in configurations and relationships between AWS resources and dive into the history of a resource configuration. The basis of a well-architected multi-account AWS […]
Using AWS Control Tower and AWS Service Catalog to automate Control Tower lifecycle events
Many enterprise customers who use AWS Control Tower to create accounts want a way to extend the account creation process. They want this process to cover common business use cases including the creation of networks, security profiles, governance, and compliance. A manual process manually is cumbersome and makes it difficult for the organization to respond […]
Use Amazon Athena and AWS CloudTrail to estimate billing for AWS Config rule evaluations
AWS Config is a service that enables you to audit your AWS resources for compliance to a desired configuration state. You are billed based on the number of Configuration Items (a point-in-time snapshot of an AWS resource) recorded and the number of AWS Config rules (a function that reports resource compliancy) evaluated per resource per […]
AWS AppConfig: The Amazon service that helps you scale for large events like Prime Day
Amazon uses a number of AWS services to help meet increased traffic and demand during Prime Day events. As Jeff Barr has mentioned in his previous blog posts, some key services used in Prime Day include: Amazon DynamoDB handles the trillions of Prime Day requests. Amazon Interactive Video Service (Amazon IVS) enables shoppers to shop […]
Managing the multi-account environment using AWS Organizations and AWS Control Tower
This is the third post in our series about multi-account management. In the first post, Governance, risk, and compliance when establishing your cloud presence, we focus on design considerations for managing in a cloud environment. Our second post, Best Practices for Organizational Units with AWS Organizations, provides guidance for a production-ready organizational unit (OU) structure when creating […]
Create a Jira issue using an AWS Config remediation action
AWS Config can create issue entries in the Jira Service Management platform when it determines an AWS resource is noncompliant. In this blog post, I show you how to configure an AWS Config rule to create a Jira issue after the rule detects a noncompliant AWS resource. I also share Jira Service Desk configuration changes […]
Aggregate operational tasks with AWS Systems Manager Explorer and OpsCenter
AWS Systems Manager Explorer is a customizable operations dashboard that reports information about your AWS resources. Explorer displays an aggregated view of operations data (OpsData) for your AWS accounts and across AWS Regions. Explorer provides context into how operational issues are distributed, trend over time, and vary by category. In this blog post, we explain […]