AWS Cloud Operations Blog

Tag: AWS Config

Streamline Compliance Management with AWS Config custom rules and conformance packs

Streamline compliance management with AWS Config custom rules and conformance packs

In this blog post, we will show you how to manage your compliance controls with AWS Config custom rules (custom rules) written in AWS CloudFormation Guard (cfn-guard) domain-specific language (DSL) with use of conformance packs. AWS CloudFormation Guard, the language used to write custom policy rules is an open-source domain-specific language (DSL) and command line […]

Simplifying remediation using AWS Systems Manager with Amazon Q Developer

In this blog post, we will build a custom automation document for resolving the non-compliant resource status through  AWS Systems Manager Automation. Building an AWS Systems Manager (SSM) document using Amazon Q Developer involves creating a JSON or YAML document that defines the desired state of your managed instances in AWS. SSM documents are used […]

Identify AWS resources at risk across your multi-account environment with AWS Organizations integrations

Identify AWS resources at risk across your multi-account environment with AWS Organizations integrations

With numerous AWS accounts in an organization, receiving an external security finding like a vulnerability assessment or pen test report impacting multiple resources can be challenging. Without a centralized resource viewing and search capability, identifying the affected resources require switching and inspecting each account individually, which is time-consuming and inefficient. Security vulnerabilities are time-sensitive, and […]

Simplify compliance management of multicloud or hybrid resources with AWS Config

Simplify compliance management of multicloud or hybrid resources with AWS Config

Organizations of all sizes operate in a compliance landscape that is complex, dynamic, and evolving rapidly, facing internal requirements as well as industry or government regulations. A multicloud strategy creates additional challenges to maintain compliance policies across cloud providers. With AWS, you can implement compliance processes faster and more easily with automation, ready-to-use templates, and […]

Create AWS Config rules efficiently with Generative AI

AWS Config enables businesses to assess, audit, and evaluate the configurations of their AWS resources by leveraging AWS Config rules that represent your ideal configuration settings.  For example a Security Group that allows ingress on port 22 should be marked as noncompliant. AWS Config provides predefined rules called managed rules to help you quickly get […]

How BMW Group uses automation to achieve end-to-end compliance at scale on AWS

This post is co-written with Dr. Jens Kohl, Daniel Engelhardt, and Sascha Kallin from BMW Group. The BMW Group – headquartered in Munich, Germany – is a vehicle manufacturer with 149,000 employees worldwide and manufactures in over 30 production and assembly facilities across 15 countries. Today, the BMW Group (BMW) is the world’s leading manufacturer […]

Simplify query authoring in AWS Config advanced queries with natural language query generation

AWS Config advanced queries provide a SQL-based querying interface to retrieve resource configuration metadata of AWS resources and identify resource compliance state. You can use AWS Config advanced queries in a single AWS Account and Region or in a multi-account and cross-region setup with AWS Config configuration aggregators. Writing queries requires you to know SQL […]

Leveraging custom AWS Config rules to optimize cost saving on AWS

AWS Config assesses, audits, and evaluates the configurations and relationships of your resources in your AWS account. Why might we want to use this service for cost optimization? Well consider a scenario where we can be alerted if a specific Amazon Relational Database Service (Amazon RDS) instance is deployed in the account. If a larger […]

Implementing automated and centralized tagging controls with AWS Config and AWS Organizations

Introduction This blog post is for customers who want to implement automated tagging controls and strategy for cost allocation. Customers want to centralize and maintain consistency for tags across AWS Organizations so they are available outside their AWS environment (e.g. in build scripts, etc.) or enforce centralized conditional tagging on existing and new AWS resources […]

How to use AWS Config proactive rules and AWS CloudFormation Hooks to prevent creation of noncompliant cloud resources

Balancing developer freedom and governance controls is a key challenge faced by organizations that are adopting cloud. On one hand, developers need the freedom to innovate and develop new applications and services quickly and on the other, organizations need to maintain control over the resources used and the data processed in order to ensure compliance […]