AWS Cloud Operations Blog

Category: Configuration, compliance, and auditing

Use AWS License Manager API operations to manage your Oracle licenses based on Oracle cloud policy

Use AWS License Manager API operations to manage your Oracle licenses based on Oracle cloud policy

Learn with Shree on how to use AWS License Manager API operations to manage your Oracle licenses (for databases running on Amazon RDS for Oracle, Amazon EC2 and on-premises servers) based on Oracle cloud policy. Additionally, learn how to use the built-in integration of License Manager API operations with AWS CloudTrail to prepare for vendor audit.

Create a Jira issue using an AWS Config remediation action

Create a Jira issue using an AWS Config remediation action

AWS Config can create issue entries in the Jira Service Management platform when it determines an AWS resource is noncompliant. In this blog post, I show you how to configure an AWS Config rule to create a Jira issue after the rule detects a noncompliant AWS resource. I also share Jira Service Desk configuration changes […]

Integrate across the Three Lines Model (Part 2): Transform AWS Config conformance packs into AWS Audit Manager assessments

Integrate across the Three Lines Model (Part 2): Transform AWS Config conformance packs into AWS Audit Manager assessments

The Three Lines Model developed by the Institute of Internal Auditors (IIA) helps organizations identify structures and processes to facilitate strong governance and risk management. In that model, the first-line function manages risk. The second-line function oversees risk. The third-line function provides objective and independent assurance of risk management. According to Deloitte analysis, modernizing the […]

Introducing AWS CloudFormation Guard 2.0

In their blog post published last year, Write preventive compliance rules for AWS CloudFormation templates the cfn-guard way, Luis, Raisa, and Josh showed you how to use CloudFormation Guard, an open source tool that helps validate your AWS CloudFormation templates against a rule set to keep AWS resources in compliance with company guidelines. Since the […]

Use AWS Control Tower to automate configuration of AWS accounts for ServiceNow IT operations management

Use AWS Control Tower lifecycle events to automate configuration of AWS accounts for ServiceNow IT operations management

Several organizations that I work with use ServiceNow’s IT Operations management capabilities for their on-premises infrastructure and want to leverage the same capabilities for their AWS environment as well. Some of the core capabilities of ServiceNow’s IT Operations management are ServiceNow Discovery, Event Management and Cloud Management. Currently, customers who want to enable ServiceNow’s Cloud […]

Use the power of script steps in your Systems Manager Automation runbooks

Use the power of script steps in your Systems Manager Automation runbooks

Customers have been using AWS Systems Manager Automation documents for years to define to define a sequence of actions to take on their AWS infrastructure such as invoking an AWS Lambda function or copying an Amazon Machine Image (AMI). These documents, now referred to as runbooks, are simple to use, yet powerful. The aws:executeScript action […]

¬Field Notes: Cross-account deployments in an AWS Control Tower environment

Field Notes: Cross-account deployments in an AWS Control Tower environment

AWS Control Tower helps customers put an orchestration layer on top of a multi-account strategy. When customers build applications, they often use separate accounts as part of a deployment pipeline so that they can validate changes before production. This best practice helps reduce blast radius should there be any issues with newer iterations. With AWS […]

Using an AWS Service Catalog service action to allow end users to update resources after deployment

Enterprise customers with multiple users want to manage policies on cloud resources like AWS Key Management Service (AWS KMS) and Amazon Simple Storage Service (Amazon S3) to grant access to additional users after the product has been deployed through, for example, AWS CloudFormation templates. In addition, customers want to accomplish this task in a self-service […]

Integrate across the Three Lines Model (Part 1): Build a custom automation of AWS Audit Manager with AWS Security Hub

The Three Lines Model developed by the Institute of Internal Auditors (IIA) helps organizations identify structures and processes to facilitate strong governance and risk management. In that model, the first-line function manages risk, the second-line function oversees risk and the third-line function provides objective and independent assurance of risk management. According to a Deloitte analysis […]

Target-a-group-of-Amazon-EC2-On-Demand-Capacity-Reservations

Target a group of Amazon EC2 On-Demand Capacity Reservations

On-Demand Capacity Reservations enable you to reserve capacity for Amazon Elastic Compute Cloud(Amazon EC2) instances in an Availability Zone for any duration. You can use AWS Resource Groups to organize AWS resources into logical collections of applications, projects or environments. Last year, we introduced the ability to target EC2 capacity reservations in a resource group by using […]