AWS Cloud Operations Blog

Category: Security, Identity, & Compliance

Authorize different sets of interactive session commands for users using SSM documents

Limit interactive session commands by groups of users using AWS Systems Manager

Customers are looking for a way to limit the types of commands that can be run on their Amazon Elastic Compute Cloud (Amazon EC2) instances when using AWS Systems Manager Session Manager interactive sessions. Allowed commands vary by group, meaning you need to allow different sets of commands based on the group of users. For […]

DevSecOps for auto healing PCI DSS 3.2.1 violations in AWS using custom AWS Config conformance packs, AWS Systems Manager and AWS CodePipeline

If you migrate your workloads to the cloud to modernize your applications or secure infrastructure and operations, you’ll find these migrations are increasingly performed with a DevOps methodology that incorporates continuous development, integration, and testing. It is always a best practice to incorporate security as code in your DevOps workflows to uncover security issues when […]

Open sesame: Granting privileged access to EC2 instances with Session Manager

In this guest blog post, Herman Lee (Cloud Solution Architect, VP) and Nauman Noor (Managing Director) from the public cloud engineering team at State Street discuss their use of AWS Systems Manager Session Manager for privileged access management of Amazon EC2 instances. State Street Corporation is a financial services company responsible for the management, custody, […]

How to aggregate and visualize AWS Health events using AWS Organizations and Amazon Elasticsearch Service

September 8, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. In this post, I show you how to aggregate AWS Health events centrally from all accounts in your organization using AWS Organizations, AWS Lambda, and AWS Health API, and then build automation to ingest and visualize the operations data using […]

AWS Management and Governance at Re:Invent 2020

AWS re:Invent is always an exciting time of the year to engage with our customers to learn, and share information about our services and features. Due to the current pandemic, re:Invent is pivoting to a free and virtual format presented across 3 weeks from November 30 to December 18 this year. Yes, you read that […]

Example Dashboard

View AWS Trusted Advisor recommendations at scale with AWS Organizations

Since 2014, AWS Trusted Advisor has been providing customers with visibility into an individual AWS account and providing recommendations based on known AWS best practices. Trusted Advisor makes recommendations to help customers achieve a better security posture, control their costs, optimize application performance, design better fault tolerance, and maintain control over their AWS service limits […]

Successful creation of canary shows the status, previous canary runs and the list of canaries for the user.

Secure monitoring of user workflow experience using Amazon CloudWatch Synthetics and AWS Secrets Manager

Customers often need an easy way to monitor the URLs, API endpoints, and critical GUI workflows of their web applications in a secure fashion. Monitoring helps keep the service available by detecting performance bottlenecks and operational issues as soon as they arise. Customers also want to be alerted when availability and latency issues occur so […]

The document management system includes KMS, Amazon Cognito identity pool, and a document bucket. Internal and external users are authenticated through a process that uses API Gateway and the identity pool. The Lambda function runs inside the VPC.

Mphasis rearchitects a legacy application to a serverless cloud-native architecture on AWS

Mphasis thrives on business agility and resilience. Its internal operations, especially the core development processes and supporting functions such as sales, client servicing, finance, and administration, are fueled by multiple in-house business applications. For a company to showcase its digital prowess, empower its workforce to innovate, and stay at the cutting edge of technology, these […]

How BBVA automated responses through event management at scale

In this blog post, we describe how BBVA USA, a financial institution that ranks among the top 25 largest commercial banks, used AWS services to implement event management at scale and centralize its event response. Generally speaking, security compliance in a monolithic environment is easier to monitor and enforce when a small number of hands […]

Customizing account configuration with AWS Control Tower lifecycle events

Customizing account configuration with AWS Control Tower lifecycle events

In this blog post, we show how to customize the networking configuration in an AWS account. For example by deleting the default VPCs in all AWS Regions, using AWS Resource Access Manager to share the appropriate VPC subnets and using AWS Firewall Manager to apply security groups to VPCs in the account.