AWS Cloud Operations Blog
Category: AWS Organizations
How to manage cost overruns in your AWS multi-account environment – Part 2
In the first post of this two-part series, we showed you two approaches for preventing cost overruns in a centralized budget management pattern: Applying a restrictive service control policy (SCP) to an organizational unit (OU). Moving the account to another OU with restrictive SCPs. In this post, we share how you can prevent cost overruns […]
The latest from AWS Organizations (Spring 2021)
AWS Organizations provides features customers can use to manage their AWS environment across accounts. When paired with other AWS services, AWS Organizations helps you manage permissions, create and share resources, govern your environment, and centrally control your security requirements. Here’s what the team has been up to since our virtual 2020 re:Invent season. Use attribute-based […]
AWS Health Aware – Customize AWS Health Alerts for Organizational and Personal AWS Accounts
AWS strives for high availability and has a 99.9% uptime for most services. However, in the rare event that incidents do occur, customers should be prepared to respond. AWS Health is the primary channel to communicate service degradation, scheduled changes, and resource impacting issues. For customers running critical applications, having access to proactive and real-time […]
CloudFormation StackSets delegated administration
If you are using AWS CloudFormation StackSets, you are having to manage your stacks from the AWS Organizations management account. According to best practice, the management account should be used only for tasks that require it. Until today, you had to use the management account to manage your AWS CloudFormation stack sets. To help limit […]
Best practices for creating and managing sandbox accounts in AWS
Organizations use multiple environments, each with different security and compliance controls, as part of their deployment pipeline. Following the principle of least privilege, production environments have the most restrictive security and compliance controls. They tightly limit who can access the environment and which actions each user (or principal) can perform. Development and test environments also […]
How to implement a read-only service control policy (SCP) for accounts in AWS Organizations
Customers who manage multiple AWS accounts in AWS Organizations can use service control policies (SCPs) to centrally manage permissions in their environment. SCPs can be applied to an organization unit (OU), account, or entire organization to restrict the maximum permissions that can be applied in the scoped AWS accounts. In this post, we are going to explore the use of SCPs to restrict an AWS account to read-only access.
How to aggregate and visualize AWS Health events using AWS Organizations and Amazon Elasticsearch Service
September 8, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. In this post, I show you how to aggregate AWS Health events centrally from all accounts in your organization using AWS Organizations, AWS Lambda, and AWS Health API, and then build automation to ingest and visualize the operations data using […]
AWS Management and Governance at Re:Invent 2020
AWS re:Invent is always an exciting time of the year to engage with our customers to learn, and share information about our services and features. Due to the current pandemic, re:Invent is pivoting to a free and virtual format presented across 3 weeks from November 30 to December 18 this year. Yes, you read that […]
View AWS Trusted Advisor recommendations at scale with AWS Organizations
Since 2014, AWS Trusted Advisor has been providing customers with visibility into an individual AWS account and providing recommendations based on known AWS best practices. Trusted Advisor makes recommendations to help customers achieve a better security posture, control their costs, optimize application performance, design better fault tolerance, and maintain control over their AWS service limits […]
AWS Organizations, AWS Config, and Terraform
In this post, I show how you can use AWS Organizations, AWS Config, and HashiCorp’s Terraform to deploy guardrails at scale. AWS Config provides configuration, compliance, and auditing features that are required for governing your resources and providing security posture assessment at scale. With its recent support for AWS Organizations, AWS Config makes it possible […]