AWS Cloud Operations Blog

Top 10 AWS Cloud Operations and Migrations Blog posts of 2022

With 2022 behind us, we want to take the opportunity to highlight our readers and the top blog posts from 2022. A big thank you to all our readers but also our authors who continue to work on delighting our customers with their blog posts.

#1 Announcing AWS CloudTrail Lake – a managed audit and security lake

Andres Silva comes in first place with the announcement of AWS CloudTrail Lake, a managed data lake that lets organizations aggregate, immutable store, and query events recorded by CloudTrail for auditing, security investigation, and operational troubleshooting.

Sample query screen

Figure 1. AWS CloudTrail Lake Editor

#2 Using AWS AppConfig Feature Flags

Steve Rice and Ivan Garcia discuss AWS AppConfig Feature Flags, what they are, the benefits to using them, and use-cases.

AWS AppConfig Console. Shows a single feature flag that is ready to be deployed.

Figure 2. AWS AppConfig Feature Flags

#3 Establishing RPO and RTO Targets for Cloud Applications

In this post Michael Wilson shows how customers can establish recovery targets, build a recovery plan, and determine how AWS services fit within that plan.

Figure 3. Establishing RPO and RTO Targets

#4 AWS Organizations now provides a simple, scalable and more secure way to close your member accounts

Eric Peña demonstrates how you can centrally close member accounts in your AWS Organization at scale.

Close Account confirmation

Figure 4. AWS Organizations to centrally manage AWS Accounts

#5 Why you should develop a correction of error (COE)

One best practice at Amazon is to have a standard mechanism for post-incident analysis, know as the Correction of Error (COE) process. In this post Luis Perez, Juan Ossa, Jose Caro, and Johnny Hanley explain why you should start implementing the COE mechanism after an incident.

Figure 5. Correction of Error

#6 Build an observability solution using managed AWS services and the OpenTelemetry standard

In this solution focused blog post Gaurav Dhamija, Vikram Mehto, and Yoginder Sethi demonstrate how an organization can easily build a central observability platform with AWS services and OpenTelemetry.

The visualization layer uses Amazon Managed Grafana & Amazon OpenSearch service, the aggregation layer uses Amazon Managed Service for Prometheus & Amazon OpenSearch service, and data collection layer uses Amazon Distro for OpenTelemetry & Fluent Bit.

Figure 6. AWS Services and the OpenTelemetry standard

#7 How to enable Amazon CloudWatch Alarms to send repeated notifications

CloudWatch Alarms are designed to invoke alarm actions when a state change happens. In this post Sarah Luo, Jie Dong, and Nimit Shrivastava provide a AWS Cloud Development Kit (CDK) based solution that enables repeated alarm notifications.

Figure 7. How to enable Amazon CloudWatch Alarms

#8 Proactively keep resources secure and compliant with AWS CloudFormation Hooks

In this technical blog post Kyle Tedeschi and Kevin DeJong show how you can use AWS CloudFormation Hooks to run code before creating, updating, or deleting a resource. With this feature you can provide the automatic and proactive enforcement of business requirements.

Ec2ImageIdCheckSsm hook configuration page. The configuration schema is displayed. Fill in the Configuration alias and Configuration JSON.

Figure 8. AWS CloudFormation Hooks for compliance management

#9 Automate vulnerability management and remediation in AWS using Amazon Inspector and AWS Systems Manager

In a two blog post series, Erik Weber, Priyank Ghedia, and Praveen Haranahalli present two methods for remediating Amazon Inspector software vulnerability findings using AWS Systems Manager Automation runnbooks.

Figure 3: Automation process in multiple accounts

Figure 9. Vulnerability management using Amazon Inspector and AWS Systems Manager

#10 Manage AWS account alternate contacts with Terraform

Ibukun Oyewumi and Sean Cai demonstrate how to manage AWS account alternate contacts at scale using Terraform.

The administrator uses Terraform to deploy the components required by the solution across the delegated and management accounts, including AWS EventBridge rules and buses, AWS IAM Roles, and AWS Lambda function.

Figure 10. Manage AWS Account alternate contacts with Terraform

About the author:

Greg Eppel

Greg Eppel is the Tech Leader for Cloud Operations and is responsible for the global direction of an internal community of hundreds of AWS experts focused on the operational capabilities of AWS. Prior to joining AWS in 2016 he was the CTO of a SaaS company that provided solutions to the sports, media and entertainment industry. A Canadian originally from Vancouver he resides in Northern Virginia with his family.