AWS Cloud Operations Blog

Know Before You Go – AWS re:Invent 2022 Compliance & Auditing

As organizations scale by moving more of their workloads to the cloud, they are looking to manage their cloud operations securely and to be prepared for compliance and auditing. AWS Cloud Operations aims to improve the compliance and auditing process in the cloud through best-in-class services by the scale and security of AWS infrastructure, per the Shared Responsibility Model. Compliance and auditing are crucial to organizations, so we have put together a curated subtrack within AWS Cloud Operations to address your most pressing questions from continuous compliance to remediation and evidence collection.

Be prepared for your next audit by checking out the sessions below at re:Invent, the annual learning conference hosted by AWS for the global cloud computing community! This year, re:Invent will be held in Las Vegas, Nevada, from November 28 to December 2.

Sessions to Attend

COP306 | Cloud compliance and auditing best practices on AWS – Chalk Talk
Nov 28, 1:00 pm, MGM Grand Boulevard 167
This chalk talk explores how to implement best practices for continuously assessing, managing, and maintaining compliance for formalized standards, such as those required by the Center for Internet Security (CIS), the National Institute of Standards and Technology (NIST), and others. Learn about specific best practices to help support auditability, including automated evidence gathering and reporting for these standards.

COP333 | Building AWS Config rules to meet your custom compliance needs – Builders’ Session
Nov 28, 1:00 pm, Mandalay Bay (MND) South Pacific D
Compliance needs are not one size fits all. Different organizations within different industries have to build solutions that fit their needs. In this builders’ session, learn how to build custom rules using AWS CloudFormation Guard, conformance packs, and specific features that help with customization. You must bring your laptop to participate.

COP215 | Visualizing AWS Config and Amazon CloudWatch usage and costs – Chalk Talk
Nov 28, 2:30 pm, Caesars Forum (CSR) 104
In this session, explore dashboards that you can deploy into your own account to get a real-time view of some of the typical main contributors to AWS Config and Amazon CloudWatch costs. The dashboards are designed to help you identify high-cost areas and see the impact of any changes made over time. You can deploy the dashboards into your own account and explore how to create and modify them for your own needs.

COP304 | Cloud compliance, assurance, and auditing – Breakout Session
Nov 29, 12:30 pm, The Venetian (VEN) Lido 3106
In this session, learn how to continuously assess, manage, and maintain compliance for formalized standards such as those required by the Federal Risk and Authorization Management Program (FedRAMP), the National Institute of Standards and Technology (NIST), and others. Explore the various auditing options, including auditing privileged access across services like Amazon S3 and Amazon DynamoDB. Dive deep into how you can achieve governance and compliance using preventative and detective guardrails and other AWS offerings. You must bring your laptop to participate.

COP334 | Audit and investigate compliance violations with AWS CloudTrail Lake – Builders’ Session
Nov 29, 12:30 pm, MGM Grand Premier 320
Companies managing cloud infrastructure need effective ways to audit operations for security and compliance. AWS CloudTrail Lake is a managed data lake that lets you aggregate, immutably store, and query events recorded by CloudTrail for auditing, security investigation, and operational troubleshooting. In this builders’ session, learn how to set up CloudTrail Lake, create an event data store, and query the data with sample queries that are designed to help you get started with writing queries for common scenarios. Then learn to write CloudTrail Lake compliance queries to query for violations in commonly used compliance frameworks such as CIS and PCI. You must bring your laptop to participate.

COP216 | Why is continuous compliance important? – Chalk Talk
Nov 30, 8:30 am, Caesars Forum (CSR) 110
In this chalk talk, learn why continuous compliance is important when taking the Zero Trust approach and what methods can be adopted to assure that systems remain secure and compliant. The talk also covers how to take action through automation or incident response when something becomes non-compliant.

COP322 | How to remediate and automate operational changes – Chalk Talk
Nov 30, 8:30 am, Wynn (WYN) Lafite 4
Imagine a scenario where a remediation needs to be reviewed, approved, and then deployed within a change window while you also keep a history of change requests. In this chalk talk, learn how to embed an enterprise change management framework for requesting, approving, implementing, and reporting on operational changes in an AWS Systems Manager runbook. By incorporating change workflows into your AWS Config–based automated remediation through the use of change templates, your organization can improve its response time and streamline the workflow for mitigating noncompliant configurations.

COP311 | Simplify and automate continuous compliance with AWS – Workshop
Nov 30, 5:30 pm, MGM Grand Premier 312
In this workshop, learn how to simplify and automate the definition of controls for managing compliance at scale using AWS Config. Also learn how to automate the process of collecting evidence based on those controls. This workshop dives deep into custom rules with AWS CloudFormation Guard, conformance packs, and evidence collection with AWS Audit Manager. Learn about concepts like continuous compliance and automated remediation. You must bring your laptop to participate.

COP214 | Streamline your audit log management and evidence reporting – Chalk Talk
Nov 30, 7 :00 pm, MGM Grand 301
Managing activity logs and analyzing them at cloud scale is often a complex task for organizations. In this chalk talk, cloud engineers can learn the benefits of using AWS CloudTrail Lake to simplify their workflows for log collection and investigative analysis on their auditable activity events, facilitating audit and security investigations and operational troubleshooting. Audits have traditionally been a very manual, labor-intensive process. See how governance, risk, and compliance (GRC) officers can leverage AWS Audit Manager to automate the process of collecting, reviewing, approving, and reporting evidence for audit preparation so you’ll be ready for your next audit.

COP312 | How Commonwealth Bank simplified their compliance journey – Breakout Session
Nov 30, 7:00 pm, Mandalay Bay (MND) Lagoon L
Compliance can be a daunting challenge. In this session, learn how Commonwealth Bank met regulatory requirements by setting desired configuration, audit, and detection controls and remediating their resources across more than 500 accounts using AWS Config and conformance packs. Hear how they integrated AWS native services like AWS Config, AWS Security Hub, and Amazon GuardDuty to automate AWS security checks, centralize security alerts and benchmark their compliance against their regulatory and risk requirements.

COP313 | Goldman Sachs: Using policy as code to deploy new applications in minutes – Breakout Session
Dec 1, 4:15 pm, Wynn (WYN) Cristal 7
Are your application teams distributed, deploying at scale, and mandated to follow strict security and compliance requirements? In this session, Goldman Sachs, one of the world’s largest investment banks, shares learnings and examples from their experience gained over a year. Learn how they implemented a policy as code (PaC) program, giving application engineers self-service tools to deploy secure cloud applications at scale. Find out how they drastically reduced the time-to-market for new applications from several weeks to just a few minutes.

 

 

About the authors:

Tiffany Chen

Tiffany Chen (cwtiff@amazon.com) is a Solutions Architect on the CSC team at AWS. She has supported AWS customers with their deployment workloads and currently works with Enterprise customers to build well-architected and cost-optimized solutions. In her spare time, she enjoys traveling, gardening, baking, and watching basketball.

Winnie Chen

Winnie Chen (winniec@amazon.com) is a Solutions Architect currently on the CSC team at AWS supporting greenfield customers. She supports customers of all industries as well as sizes such as enterprise and small to medium businesses. She has been with AWS for over 3 years helping customers migrate and build their infrastructure on AWS. In her free time, she enjoys traveling and spending time outdoors through activities like hiking, biking and rock climbing.