AWS Cloud Operations Blog
Category: Security, Identity, & Compliance
Improving Mergers & Acquisitions Due Diligence with AWS Audit Manager
The purpose of this narrative is to provide guidance for Mergers & Acquisitions (M&A) Due Diligence stakeholders on how to leverage AWS Audit Manager to support compliance and risk assessments during technical due diligence. The target audience of this guidance includes practitioners that support diligence, integration, corporate development (CorpDev), technology/IT, auditing, and advisory activities during […]
Announcing AWS CloudTrail Lake one-year extendable retention pricing option
In 2022 Amazon Web Services (AWS) released AWS CloudTrail Lake, a managed audit and security lake that allows you to aggregate, immutably store, visualize, and query your activity logs for auditing, security investigation, and operational troubleshooting. Working backwards from our customers we have added capabilities to CloudTrail Lake such as the ability to copy CloudTrail events into […]
Best practices for managing AWS account meta-data at scale
As we all know, using multiple accounts on your AWS environment is one of the recommended best practices when organizing your workloads and your environment. Using multiple accounts brings multiple benefits allowing you to better leverage AWS services. However, AWS accounts are additional resources that you need to manage. In this blog post, you will […]
Centralize image administration for virtual machines and containers using EC2 Image Builder
Customers may have different processes for image building across virtual machines, containers, or both. This variation in processes introduces operational overhead in managing images, including the initial configuration and the ongoing updates. From the AWS Well-Architected Operational Excellence Pillar, section “Document and share lessons learned”, these images should be standardized, configured with the latest patches, […]
Auto-remediate best practice deviations detected by AWS Trusted Advisor
AWS Trusted Advisor inspects your AWS infrastructure and provides best practice recommendations when opportunities exist to reduce cost, optimize your AWS infrastructure, improve system availability and performance, help close security gaps and monitor service quotas. Trusted Advisor recommendations are based on best practices identified by AWS services experts and learnings from serving thousands of customers […]
Provisioning access to security and audit teams in an AWS multi-account environment created by AWS Control Tower
AWS Control Tower offers the easiest way to set up and govern a secure, compliant, and multi-account AWS environment based on best practices established by working with thousands of enterprises. Organizations can leverage built-in preventive, proactive, and detective controls as a starting point to address the customer part of the AWS Shared Responsibility Model. Control […]
Using Lambda-backed Custom Resources to Reduce Overhead in a Multi-Account Environment
Introduction Many of my customers use AWS CloudFormation to streamline provisioning operations for AWS and third-party resources, that they describe with code in JSON- or YAML-formatted CloudFormation templates. Some workloads require custom logic or inputs beyond standard parameter values. For these scenarios, an often overlooked and useful CloudFormation feature lies in AWS Lambda-backed custom resources. With Lambda-backed custom […]
Manage migrations to multiple AWS Accounts using AWS Application Migration Service (MGN) and AWS Organizations
Many customers have successfully migrated on-premises or cloud-based applications to AWS using the AWS Application Migration Service (AWS MGN). Customers commonly migrate their applications to a number of different AWS Accounts that are part of an AWS Organization, in line with the best practices of establishing a multi-account AWS environment. When using AWS MGN, the […]
Automated Evidence Collection for Life Sciences continuous compliance solutions using AWS Audit Manager
In the first post of this two-part series, we highlighted how Life Sciences customers can implement a controlled change management process using AWS Systems Manager Change Manager and AWS Config. The solution in our first post, highlighted how a you can follow your Standard Operating Procedures (SOP’s) by implementing approval steps in order to make […]
Automating organizational policies with custom AWS Config Rules and evidence collection in AWS Audit Manager
AWS Config is a service that allows you to evaluate your AWS resources against a desired configuration state using AWS Config Rules. Two types of rules exist, managed rules which are meant to be used out-of-the-box and custom rules for which you define your desired configuration state via code. AWS Audit Manager can help you […]