AWS Cloud Operations Blog

Category: Security, Identity, & Compliance

Setting up secure, well-governed machine learning environments on AWS.

Setting up secure, well-governed machine learning environments on AWS

When customers begin their machine learning (ML) journey, it’s common for individual teams in a line of business (LoB) to set up their own ML environments. This provides teams with flexibility in their tooling choices, so they can move fast to meet business objectives. However, a key difference between ML projects and other IT projects is […]

How AWS Partners can determine AWS Support plans in an organization

How AWS Partners can determine AWS Support plans in an organization

Solutions providers who engage with their end customers in a resale arrangement must manage different business models and support delivery models. AWS Organizations makes it possible to build the right account structure to support a resale arrangement. Monthly end-customer invoicing often poses a huge challenge in a shared resale arrangement, where you need to know […]

Securely scale multi-account architecture with AWS Network Firewall and AWS Control Tower

Securely scale multi-account architecture with AWS Network Firewall and AWS Control Tower

Administrators and developers are always balancing the need for security with the need to move quickly. Recently, AWS published the Management and Governance Lens, an extension of the AWS Well-Architected Framework. The M&G Lens provides a set of prescriptive guidance to help customers build both securely and with speed. From this work, we learn about how to […]

Restrict Access by Member Account to a Centralized CloudTrail Logging Bucket

Restrict Access by member account to a centralized CloudTrail logging bucket

Logging and monitoring are critical components of a governance, risk, and compliance strategy. When you use AWS CloudTrail with AWS Organizations, you get an eagle-eye view of account activity across your AWS infrastructure. However, as your enterprise scales workloads in the cloud and accelerates cloud use, the logs can increase exponentially. Over time, you can […]

Use AWS License Manager API operations to manage your Oracle licenses based on Oracle cloud policy

Use AWS License Manager API operations to manage your Oracle licenses based on Oracle cloud policy

Learn with Shree on how to use AWS License Manager API operations to manage your Oracle licenses (for databases running on Amazon RDS for Oracle, Amazon EC2 and on-premises servers) based on Oracle cloud policy. Additionally, learn how to use the built-in integration of License Manager API operations with AWS CloudTrail to prepare for vendor audit.

Managing the multi-account environment using AWS Organizations and AWS Control Tower

Managing the multi-account environment using AWS Organizations and AWS Control Tower

This is the third post in our series about multi-account management. In the first post, Governance, risk, and compliance when establishing your cloud presence, we focus on design considerations for managing in a cloud environment. Our second post, Best Practices for Organizational Units with AWS Organizations, provides guidance for a production-ready organizational unit (OU) structure when creating […]

Integrate across the Three Lines Model (Part 2): Transform AWS Config conformance packs into AWS Audit Manager assessments

Integrate across the Three Lines Model (Part 2): Transform AWS Config conformance packs into AWS Audit Manager assessments

The Three Lines Model developed by the Institute of Internal Auditors (IIA) helps organizations identify structures and processes to facilitate strong governance and risk management. In that model, the first-line function manages risk. The second-line function oversees risk. The third-line function provides objective and independent assurance of risk management. According to Deloitte analysis, modernizing the […]

Introducing AWS CloudFormation Guard 2.0

In their blog post published last year, Write preventive compliance rules for AWS CloudFormation templates the cfn-guard way, Luis, Raisa, and Josh showed you how to use CloudFormation Guard, an open source tool that helps validate your AWS CloudFormation templates against a rule set to keep AWS resources in compliance with company guidelines. Since the […]

GoDaddy’s journey to the cloud and their Standard Cloud Platform

GoDaddy’s journey to the cloud and their Standard Cloud Platform

In this blog post, we explore GoDaddy’s journey to the cloud and their Public Cloud Portal, an application created to onboard engineering teams to AWS. GoDaddy started this journey in early 2018 when they announced their partnership with AWS. We’ll focus on how GoDaddy created a service to enable thousands of employees and hundreds of […]

How to manage cost overruns in your AWS multi-account environment – Part I

How to manage cost overruns in your AWS multi-account environment – Part 1

AWS provides a flexible and secure environment where you can experiment, innovate, and scale more quickly. As you build and deploy your workloads, you need mechanisms to isolate your resources (for example, a resource container). You can use multiple AWS accounts for this purpose. An AWS account provides natural security, access, and billing boundaries for […]