AWS Architecture Blog

Category: AWS Organizations

Overview of USAA architecture automation workflow to manage AWS account metadata

How to track AWS account metadata within your AWS Organizations

United Services Automobile Association (USAA) is a San Antonio-based insurance, financial services, banking, and FinTech company supporting millions of military members and their families. USAA has partnered with Amazon Web Services (AWS) to digitally transform and build multiple USAA solutions that help keep members safe and save members’ money and time. Why build an AWS […]

The AWS Well-Architected Custom Lens Lifecycle

Implementing the AWS Well-Architected Custom Lens lifecycle in your organization

In this blog post, we present a lifecycle that helps you build, validate, and improve your own AWS Well-Architected Custom Lens, in order to roll it out across your whole organization. The AWS Well-Architected Custom Lens is a new feature of the AWS Well-Architected Tool that lets you bring your own best practices to complement the existing […]

Figure 2. Simulating Regional failover using service control policies

Minimizing Dependencies in a Disaster Recovery Plan

The Availability and Beyond whitepaper discusses the concept of static stability for improving resilience. What does static stability mean with regard to a multi-Region disaster recovery (DR) plan? What if the very tools that we rely on for failover are themselves impacted by a DR event? In this post, you’ll learn how to reduce dependencies […]

Figure 4. High-level architecture pattern for discovering public IPs

Find Public IPs of Resources – Use AWS Config for Vulnerability Assessment

Systems vulnerability management is a key component of your enterprise security program. Its goal is to remediate OS, software, and applications vulnerabilities. Scanning tools can help identify and classify these vulnerabilities to keep the environment secure and compliant. Typically, vulnerability scanning tools operate from internal or external networks to discover and report vulnerabilities. For internal […]

Field Notes: Building Multi-Region and Multi-Account Tools with AWS Organizations

This blog post was updated November 19, 2021.  It’s common to start with a single AWS account when you are beginning your cloud journey with AWS. Running operations such as creating, reading, updating, and deleting resources in a single AWS account can be straightforward with AWS application program interfaces (APIs). Because an organization grows, so […]

Example of a basic organization

New Whitepaper Provides Best Practices for Optimizing AWS Accounts

Moving fast on the cloud while staying secure requires mechanisms to give the right people access to the right features at the right time. We recommend using multiple accounts, which helps you isolate applications, data, and business processes across your environment. The recently released whitepaper Organizing Your AWS Environment Using Multiple Accounts will show you […]

Monolithic versus microservice approach

Issues to Avoid When Implementing Serverless Architecture with AWS Lambda

There’s lots of articles and advice on using AWS Lambda. I’d like to show you how to avoid some common issues so you can build the most effective architecture. Technologies emerge and become outdated quickly. So, solutions that may look like the right solution, otherwise known as anti-patterns, can prevent you from building a cost-optimized, […]

ArchitectureOverview-1024x369

Field Notes: Enabling Guardrails in New AWS Regions the AWS Control Tower Supports

Originally published March 2020 to the Field Notes blog, and updated in January 2021, to highlight that AWS Control Tower supports the updating of enrolled accounts from the dashboard. Follow the instructions from Update existing OUs and accounts in addition to this blog. For the first time since the launch of AWS Control Tower, we […]

AWS Control Tower Management account screenshot

Field Notes: Enroll Existing AWS Accounts into AWS Control Tower

Originally published on April 21, 2020 to the Field Notes blog and updated in August 2020 with new prechecks to the account enrollment script. Updated April 8, 2021 to reflect changes in the AWS Organizations service.  Last updated September 29, 2022: you can now enroll an existing account or register an organizational unit  from the […]

Sample post-merger AWS environment

Mergers and Acquisitions Readiness with the Well-Architected Framework

Companies looking for an acquisition or a successful exit through a merger, undergo a technical assessment as part of the due diligence process. While being a profitable business by itself can attract interest, running a disciplined IT department within your organization can make the acquisition more valuable. As an entity operating cloud workloads on AWS, […]