AWS Cloud Operations Blog

Category: Security, Identity, & Compliance

Managing the account lifecycle in account-per-tenant SaaS environments on AWS

Managing the account lifecycle in account-per-tenant SaaS environments on AWS

Software as a service (SaaS) companies have many options when they implement multi-tenancy in their applications. The AWS SaaS Factory Program provides recommendations for different deployment patterns depending on factors such as cost, compliance, and end-customer requirements. You might find that silo methods like VPC-per-tenant are not sufficient. Your application might be in a highly […]

Query and visualize Microsoft SQL Server license utilization using Amazon Athena and Amazon QuickSight

Query and visualize Microsoft SQL Server license utilization using Amazon Athena and Amazon QuickSight

In part 1 of this two-part series, I showed you how to deploy a solution to centrally track Microsoft SQL Server licenses in AWS Organizations across multiple AWS accounts and Regions. In this post, I will show you how to query and visualize the aggregated Inventory data using Amazon Athena and Amazon QuickSight to centrally manage your SQL Server licenses. With […]

How Ryanair governs their image distribution using EC2 Image Builder

Ryanair Holdings plc, Europe’s largest airline group, is the parent company of Buzz, Lauda, Malta Air, and Ryanair. Before the COVID-19 pandemic, it carried 149 million guests on more than 2,500 daily flights from more than 80 bases. The Ryanair Group connects over 225 destinations in 37 countries on a fleet of 450 aircraft—and there […]

Amazon Managed Grafana supports direct SAML integration with identity providers

Amazon Managed Grafana supports direct SAML integration with identity providers

In response to customer requests, Amazon Managed Grafana now supports direct Security Assertion Markup Language (SAML) 2.0 integration, without the need to go through AWS Identity and Access Management (AWS IAM) or AWS Single Sign-On (AWS SSO). SAML authentication support enables you to use your existing identity provider to offer single sign-on for logging into […]

Infosys implements AWS Control Tower to enforce multi-account governance

Infosys implements AWS Control Tower to enforce multi-account governance

Today, most enterprises adopt a multi-account strategy on AWS as their workloads scale and become more complex. Because the number of AWS accounts can grow quickly when you use a multi-account strategy, you need mechanisms to govern these accounts and standard guardrails to enforce controls across them. In this blog post, we are going to […]

Maximize cloud investment value through operational excellence using AWS Managed Services

Maximize cloud investment value through operational excellence using AWS Managed Services

In this blog post, I share my observations as an AMS Solutions Architect on how achieving operational excellence can help organizations realize their cloud business objectives while migrating to AWS. I dive deep into the five design principles that AWS Managed Services (AMS) uses to achieve operational excellence. Amazon is guided by four principles: customer […]

Automate configuration compliance at scale in AWS

Automate configuration compliance at scale in AWS

AWS Config continuously monitors and records your AWS resource configurations. You can use the service to automate the evaluation and remediation of recorded configurations against desired configurations. You also can review changes in configurations and relationships between AWS resources and dive into the history of a resource configuration. The basis of a well-architected multi-account AWS […]

Share reusable infrastructure as code by using AWS CloudFormation modules and StackSets

Share reusable infrastructure as code by using AWS CloudFormation modules and StackSets

It is common for customers to have multiple teams creating infrastructure as code (IaC) templates (for example, by using AWS CloudFormation). Because there is duplication of the common resources used in these templates, you might understandably feel like you’re reinventing the wheel. By sharing these common definitions as CloudFormation modules, you can provide access to […]

Using AWS Control Tower and AWS Service Catalog to automate Control Tower lifecycle events

Many enterprise customers who use AWS Control Tower to create accounts want a way to extend the account creation process. They want this process to cover common business use cases including the creation of networks, security profiles, governance, and compliance. A manual process manually is cumbersome and makes it difficult for the organization to respond […]

Ensure license compliance in AWS for ISVs using ISV seller-issued licenses

Ensure license compliance in AWS for ISVs using ISV seller-issued licenses

AWS License Manager helps reduce the risk of noncompliance by providing independent software vendors (ISVs) with a centralized AWS account and built-in controls to ensure only approved users and workloads can consume licenses. ISVs can use License Manager to manage and distribute software licenses to end users with and without AWS accounts. As an issuer, […]