AWS Cloud Operations Blog
Category: Security, Identity, & Compliance
How to Detect and Mitigate Guardrail Violation with AWS Control Tower
Many companies that I work with would like to innovate fast in the cloud by adopting a self-service infrastructure provisioning model in a multi-account environment. However, maintaining security and governance in such a model is an organizational challenge. Without structured guardrails and baseline configuration enforcement, troubleshooting and mitigating risk can be cumbersome. AWS Control Tower […]
Packaging to Distribution – Using AWS Systems Manager Distributor to deploy Datadog
AWS Systems Manager Distributor automates the process of packaging and publishing software to managed Windows and Linux instances across the cloud landscape, as well as to on-premises servers, through a single simplified interface. Customers can now leverage AWS Systems Manager Distributor to package custom software like monitoring agents and security agents, and then distribute them […]
Enable self-service, secured data science using Amazon SageMaker notebooks and AWS Service Catalog
by Sanjay Garje and Vebhhav (Veb) Singh Enterprises of all sizes are moving to the AWS Cloud. We hear from leadership of those enterprise teams that they are looking to provide a safe, cost-governed way to provide easy access to Amazon SageMaker to promote experimentation with data science to unlock new business opportunities and disrupt […]
Managing AWS resources across multiple accounts and Regions using AWS Systems Manager Automation
AWS Systems Manager Automation simplifies common administrative and maintenance tasks of AWS resources. Using Systems Manager Automation, you can execute predefined tasks/workflows in the form of AWS Systems Manager documents (SSM documents) that you can write yourself or use community published documents. A SSM document defines the actions that Systems Manager performs on your AWS […]
Automate account creation, and resource provisioning using AWS Service Catalog, AWS Organizations, and AWS Lambda
As an organization expands its use of AWS services, there is often a conversation about the need to create multiple AWS accounts to ensure separation of business processes or for security, compliance, and billing. Many of the customers we work with use separate AWS accounts for each business unit so they can meet the different […]
Using AWS Systems Manager Parameter Store Secure String parameters in AWS CloudFormation templates
When using AWS CloudFormation templates to code your infrastructure, you should consider applying best practices to improve the maintainability of your code. Further, these best practices should be augmented by guidelines like those outlined for twelve-factor apps, which are targeted at optimizing applications for continuous deployment. Of these factors, you should note that you should […]
Automating processes for handling and remediating AWS Abuse alerts
Introduction AWS Abuse addresses many different types of potentially abusive activity such as phishing, malware, spam, and denial of service (DoS)/ distributed denial of service (DDoS) incidents. When abuse is reported, we alert customers so they can take the remediation action that is necessary. Customers want to build automation for handling abuse events and the […]