Category: Security, Identity, & Compliance

In the first post of this two-part series, we highlighted how Life Sciences customers can implement a controlled change management process using AWS Systems Manager Change Manager and AWS Config. The solution in our first post, highlighted how a you can follow your Standard Operating Procedures (SOP’s) by implementing approval steps in order to make […]

AWS Config is a service that allows you to evaluate your AWS resources against a desired configuration state using AWS Config Rules. Two types of rules exist, managed rules which are meant to be used out-of-the-box and custom rules for which you define your desired configuration state via code.  AWS Audit Manager can help you […]

Customers often need to launch workloads in new accounts and regions. You could be developing an application in a development account, and looking to launch it in a production account, following AWS multi-account best practices on separating production and non-production workloads. You could also be launching a second instance of your payment processing application in […]

Service control policies (SCPs) are a set of policies that allow organizations to manage permissions using AWS Organizations. SCPs help control access to AWS services and resources provisioned across multiple accounts created within an organization. In addition, SCPs enable you to set up permission guardrails by defining the maximum available permissions for IAM principals in […]

AWS Systems Manager Session Manager provides a more secure way to manage your Amazon Elastic Compute Cloud (EC2) instances without the need to open inbound ports, maintain bastion hosts, or manage SSH keys. Furthermore, you can use it with a combination of AWS services to give access to external third-parties. Due to business requirements, you […]

Until recently, customers had to navigate to the AWS Marketplace Console and search for a compatible Amazon Machine Image (AMI) product for your image pipeline. They also had to write their own custom components to harden the operating systems to meet Center for Internet Security (CIS) Benchmark guidelines. This required subscriptions to the CIS Benchmark […]

In part one, we identified different features of Organizations requiring guidance and consideration when you move an account from one organization in Organizations to another. We focused on Organizations Polices, AWS Resource Access Manager (AWS RAM) shares, and AWS global condition context keys. In this post, part two of a three-part series, we identify behaviors […]

AWS customers use AWS Organizations as the basis of a multi-account AWS environment as defined by the Organizing Your AWS Environment Using Multiple Accounts AWS Whitepaper. Organizations is an AWS service that enables you to centrally manage and govern multiple accounts. Often there is a scenario when you must move an AWS account from one […]

AWS Resource Groups recently announced a new feature that pushes group lifecycle changes to Amazon EventBridge. A resource group is a collection of AWS resources, in the same AWS Region, that are grouped either using a tag-based query, or AWS CloudFormation stack-based query, and group lifecycle events make it easier for AWS customers to receive […]

Building and managing resilient, micro-service based Containerized applications in a distributed environment is hard; maintaining and operating them is even harder. Even though containerized applications running on Amazon Elastic Kubernetes Service (Amazon EKS) take advantage of the performance, scale, reliability, and availability of AWS infrastructure which, we need to understand that failures will occur and […]