AWS Cloud Operations Blog

Tag: AWS Config

How Kyndryl used AWS Service Management Connector, AWS Config and AWS Systems Manager to achieve lifecycle management of AWS resources through ServiceNow

Customers need a way to do lifecycle management of AWS resources in the AWS Cloud. Many customers leverage managed solutions providers to manage their AWS accounts, and they’re looking for AWS native solutions and integrations to solve their business problems. Lifecycle management includes discovering new resources from customer’s AWS environment, populating them via federation into […]

AWS Resources Lifecycle Management Via ServiceNow and AWS Service Management Connector

Customers deploy series of AWS resources to support their workloads in the cloud. These organizations, as part of their maturity journey, must help managing the lifecycle of their AWS Resources using existing IT Service Management tool, such as ServiceNow. Manually executing these tasks via both consoles (ServiceNow and AWS Console) is inefficient and time-tasking. With […]

Find the most evaluated AWS Config rules using AWS CloudTrail Lake

In this post, I’ll show you how to find most evaluated AWS Config rules to dive deep into AWS Config charges on your invoice by using AWS CloudTrail Lake. The solution uses the new AWS CloudTrail feature, CloudTrail Lake, to analyze CloudTrail events. AWS Config is a service that enables you to assess, audit, and […]

Customize AWS Config resource tracking in AWS Control Tower environment

[Update on Sep/21/2024] AWS Config recorder has recently provided support for periodic recording, this captures the latest configuration changes of your resources once every 24 hours, reducing the number of changes delivered. This blog has been updated to incorporate that. [Update on May/14/2024] Minor update to the services that depend on AWS Config recorder and […]

Compliance and Auditing Sessions at AWS re:Inforce 2022

Today we’re going to highlight just some of the sessions planned for AWS re:Inforce 2022, which will take place in Boston, MA, on July 26-27. AWS re:Inforce is a learning conference focused on security, compliance, identity, and privacy. The event features access to hundreds of technical and business sessions, an AWS Partner expo hall, a […]

Announcing AWS Config Custom Rules using Guard Custom policy

AWS Config lets you evaluate your AWS resources with a desired configuration state using AWS Config Rules. In AWS Config, you can define two types of rules, managed rules and custom rules. Managed rules are AWS provided rules that will evaluate your resources with a predefined configuration state that address some of the most common […]

Change Management for Life Sciences

In this post, we’ll demonstrate how Customers looking to maintain Good Laboratory Practices (GLP), Good Clinical Practices (GCP), Good Manufacturing Practices (GMP) can get started evaluating their environments for the controls found in Title 21 of the Code of Federal regulations (CFR) Part 11, and remediate non-compliant resources via a change control process using native […]

Service Notice – Upcoming changes required for AWS Config

On July 5, 2022, the AWS managed policy AWSConfigRole will be deprecated. This policy is being replaced by a more scoped-down policy, AWS_ConfigRole. The AWSConfigRole managed policy will continue working for all currently attached users, groups, and roles. However, after July 5, 2022, the AWSConfigRole managed policy can’t be attached to any new users, groups, […]

Set up an organization-wide aggregator in AWS Config using a delegated administrator account

AWS Config provides a detailed view of the configuration of AWS resources in your AWS account. With AWS Config, you can review changes in configurations and relationships between AWS resources, explore resource configuration histories, and use rules to determine compliance. An aggregator is an AWS Config resource type that collects AWS Config configuration and compliance […]

Use tags to create and maintain Amazon CloudWatch alarms for Amazon EC2 instances (Part 2)

This blog post is the second in a two-part series. Part one of this blog post showed how to deploy and configure the CloudWatchAutoAlarms Lambda function to create a default alarm set and custom alarms for your Amazon Elastic Compute Cloud (Amazon EC2) instances using EC2 instance tags. In this post, I show how you […]