AWS Cloud Operations Blog

Category: Security, Identity, & Compliance

How SMBs can deploy a multi-account environment quickly using AWS Organizations and AWS CloudFormation StackSets

Small and Medium Businesses (SMBs) need to operate with high availability and mitigate security risks while keeping costs low. An AWS multi-account environment with workload isolation, robust access control, cost visualization, and integrated security mechanisms can help SMBs build a platform to support growth. SMBs want to deploy a multi-account environment on AWS quickly and […]

Securely share AWS CloudTrail Lake logs across accounts without replicating data

In 2022, we launched AWS CloudTrail Lake, an immutable managed data lake designed to simplify audit, security, and compliance investigations by capturing, storing, and analyze AWS user and API activities. By providing immutable storage for your activity logs, CloudTrail Lake protects the integrity of your audit data by providing read-only access. CloudTrail Lake integrates seamlessly […]

Enhance your AWS cloud infrastructure security with AWS Managed Services (AMS)

Introduction A security or data loss incident can lead to both financial and reputational losses. Maintaining security and compliance is a shared responsibility between AWS and you (our customer), where AWS is responsible for “Security of the Cloud” and you are responsible for “Security in the Cloud”. However, security in the cloud has a much […]

VMware’s Cloud Journey: AWS Account Management at Scale

This post was co-authored with Thiru Bhat, Director CSO-CM, Office of the CTO, VMware VMware has been developing virtualization software since 1998. Headquartered in Palo Alto, California, the company is known for its application modernization, cloud, networking, security, and digital workspace offerings. They require a thorough and all-encompassing approach to ensure that corporate controls and […]

Implementing automated and centralized tagging controls with AWS Config and AWS Organizations

Introduction This blog post is for customers who want to implement automated tagging controls and strategy for cost allocation. Customers want to centralize and maintain consistency for tags across AWS Organizations so they are available outside their AWS environment (e.g. in build scripts, etc.) or enforce centralized conditional tagging on existing and new AWS resources […]

AWS Audit Manager launches AWS Best Practices Framework for Generative AI

The rapid growth of generative AI brings promising new innovation, and at the same time raises new challenges. At AWS, we are committed to developing AI responsibly while enabling customers to provide assurance regarding the security of their environment to regulators and auditors. AWS Audit Manager announces the first version of AWS best practices framework for generative AI […]

How to record resource configuration changes periodically with AWS Config

AWS Config is a service that tracks configuration changes of AWS resources in your AWS account or across your AWS Organizations. AWS Config uses the configuration recorder to detect changes of your resources and track them as configuration items (CIs). Given the increasing complexity of cloud infrastructure, the number of resource configuration changes being made […]

Improving Mergers & Acquisitions Due Diligence with AWS Audit Manager

The purpose of this narrative is to provide guidance for Mergers & Acquisitions (M&A) Due Diligence stakeholders on how to leverage AWS Audit Manager to support compliance and risk assessments during technical due diligence. The target audience of this guidance includes practitioners that support diligence, integration, corporate development (CorpDev), technology/IT, auditing, and advisory activities during […]

Announcing AWS CloudTrail Lake one-year extendable retention pricing option

In 2022 Amazon Web Services (AWS) released AWS CloudTrail Lake, a managed audit and security lake that allows you to aggregate, immutably store, visualize, and query your activity logs for auditing, security investigation, and operational troubleshooting.  Working backwards from our customers we have added capabilities to CloudTrail Lake such as the ability to copy CloudTrail events into […]

Best practices for managing AWS account meta-data at scale

Best practices for managing AWS account meta-data at scale

As we all know, using multiple accounts on your AWS environment is one of the recommended best practices when organizing your workloads and your environment. Using multiple accounts brings multiple benefits allowing you to better leverage AWS services. However, AWS accounts are additional resources that you need to manage. In this blog post, you will […]