AWS Cloud Operations Blog
Tag: AWS Config
Delegated Administrators Guide to Effective Controls in AWS Organizations
Introduction AWS Organizations provides the capability to centrally manage and govern your AWS environment. As an organization, you can delegate administration of specific AWS services integrated with AWS Organizations to authorized individuals or teams. Implementing effective controls for these delegated administrators is essential to ensuring the security, compliance, and operational efficiency of your AWS environment. […]
Streamline compliance management with AWS Config custom rules and conformance packs
In this blog post, we will show you how to manage your compliance controls with AWS Config custom rules (custom rules) written in AWS CloudFormation Guard (cfn-guard) domain-specific language (DSL) with use of conformance packs. AWS CloudFormation Guard, the language used to write custom policy rules is an open-source domain-specific language (DSL) and command line […]
Simplifying remediation using AWS Systems Manager with Amazon Q Developer
In this blog post, we will build a custom automation document for resolving the non-compliant resource status through AWS Systems Manager Automation. Building an AWS Systems Manager (SSM) document using Amazon Q Developer involves creating a JSON or YAML document that defines the desired state of your managed instances in AWS. SSM documents are used […]
Identify AWS resources at risk across your multi-account environment with AWS Organizations integrations
With numerous AWS accounts in an organization, receiving an external security finding like a vulnerability assessment or pen test report impacting multiple resources can be challenging. Without a centralized resource viewing and search capability, identifying the affected resources require switching and inspecting each account individually, which is time-consuming and inefficient. Security vulnerabilities are time-sensitive, and […]
Simplify compliance management of multicloud or hybrid resources with AWS Config
Organizations of all sizes operate in a compliance landscape that is complex, dynamic, and evolving rapidly, facing internal requirements as well as industry or government regulations. A multicloud strategy creates additional challenges to maintain compliance policies across cloud providers. With AWS, you can implement compliance processes faster and more easily with automation, ready-to-use templates, and […]
Create AWS Config rules efficiently with Generative AI
AWS Config enables businesses to assess, audit, and evaluate the configurations of their AWS resources by leveraging AWS Config rules that represent your ideal configuration settings. For example a Security Group that allows ingress on port 22 should be marked as noncompliant. AWS Config provides predefined rules called managed rules to help you quickly get […]
How BMW Group uses automation to achieve end-to-end compliance at scale on AWS
This post is co-written with Dr. Jens Kohl, Daniel Engelhardt, and Sascha Kallin from BMW Group. The BMW Group – headquartered in Munich, Germany – is a vehicle manufacturer with 149,000 employees worldwide and manufactures in over 30 production and assembly facilities across 15 countries. Today, the BMW Group (BMW) is the world’s leading manufacturer […]
Simplify query authoring in AWS Config advanced queries with natural language query generation
AWS Config advanced queries provide a SQL-based querying interface to retrieve resource configuration metadata of AWS resources and identify resource compliance state. You can use AWS Config advanced queries in a single AWS Account and Region or in a multi-account and cross-region setup with AWS Config configuration aggregators. Writing queries requires you to know SQL […]
Leveraging custom AWS Config rules to optimize cost saving on AWS
AWS Config assesses, audits, and evaluates the configurations and relationships of your resources in your AWS account. Why might we want to use this service for cost optimization? Well consider a scenario where we can be alerted if a specific Amazon Relational Database Service (Amazon RDS) instance is deployed in the account. If a larger […]
Implementing automated and centralized tagging controls with AWS Config and AWS Organizations
Introduction This blog post is for customers who want to implement automated tagging controls and strategy for cost allocation. Customers want to centralize and maintain consistency for tags across AWS Organizations so they are available outside their AWS environment (e.g. in build scripts, etc.) or enforce centralized conditional tagging on existing and new AWS resources […]