AWS Cloud Operations Blog

Category: AWS Config

Exploring AWS Config data using Amazon Athena and Amazon Managed Grafana

This post is co-written with Jacob Rickerd, Principal Security Engineer at Attentive. The post walks through an example dashboard that Attentive, an AI-powered mobile marketing platform, uses for resource inventory, serving as a starting point for you to build comprehensive dashboards tailored to your environment and tag policies. Attentive is the AI-powered SMS and email […]

Streamline Compliance Management with AWS Config custom rules and conformance packs

Streamline compliance management with AWS Config custom rules and conformance packs

In this blog post, we will show you how to manage your compliance controls with AWS Config custom rules (custom rules) written in AWS CloudFormation Guard (cfn-guard) domain-specific language (DSL) with use of conformance packs. AWS CloudFormation Guard, the language used to write custom policy rules is an open-source domain-specific language (DSL) and command line […]

Simplifying remediation using AWS Systems Manager with Amazon Q Developer

In this blog post, we will build a custom automation document for resolving the non-compliant resource status through  AWS Systems Manager Automation. Building an AWS Systems Manager (SSM) document using Amazon Q Developer involves creating a JSON or YAML document that defines the desired state of your managed instances in AWS. SSM documents are used […]

Ten Ways to Improve Your AWS Operations

Introduction When I take my car in for service for a simple oil change, the technician often reads off a litany of other services my car needs that I had put off since the previous service (and maybe the service before that, too). I tend to wait for the “check engine” light to come on […]

Identify AWS resources at risk across your multi-account environment with AWS Organizations integrations

Identify AWS resources at risk across your multi-account environment with AWS Organizations integrations

With numerous AWS accounts in an organization, receiving an external security finding like a vulnerability assessment or pen test report impacting multiple resources can be challenging. Without a centralized resource viewing and search capability, identifying the affected resources require switching and inspecting each account individually, which is time-consuming and inefficient. Security vulnerabilities are time-sensitive, and […]

Simplify compliance management of multicloud or hybrid resources with AWS Config

Simplify compliance management of multicloud or hybrid resources with AWS Config

Organizations of all sizes operate in a compliance landscape that is complex, dynamic, and evolving rapidly, facing internal requirements as well as industry or government regulations. A multicloud strategy creates additional challenges to maintain compliance policies across cloud providers. With AWS, you can implement compliance processes faster and more easily with automation, ready-to-use templates, and […]

Create AWS Config rules efficiently with Generative AI

AWS Config enables businesses to assess, audit, and evaluate the configurations of their AWS resources by leveraging AWS Config rules that represent your ideal configuration settings.  For example a Security Group that allows ingress on port 22 should be marked as noncompliant. AWS Config provides predefined rules called managed rules to help you quickly get […]

How BMW Group uses automation to achieve end-to-end compliance at scale on AWS

This post is co-written with Dr. Jens Kohl, Daniel Engelhardt, and Sascha Kallin from BMW Group. The BMW Group – headquartered in Munich, Germany – is a vehicle manufacturer with 149,000 employees worldwide and manufactures in over 30 production and assembly facilities across 15 countries. Today, the BMW Group (BMW) is the world’s leading manufacturer […]

Leveraging custom AWS Config rules to optimize cost saving on AWS

AWS Config assesses, audits, and evaluates the configurations and relationships of your resources in your AWS account. Why might we want to use this service for cost optimization? Well consider a scenario where we can be alerted if a specific Amazon Relational Database Service (Amazon RDS) instance is deployed in the account. If a larger […]

Implementing automated and centralized tagging controls with AWS Config and AWS Organizations

Introduction This blog post is for customers who want to implement automated tagging controls and strategy for cost allocation. Customers want to centralize and maintain consistency for tags across AWS Organizations so they are available outside their AWS environment (e.g. in build scripts, etc.) or enforce centralized conditional tagging on existing and new AWS resources […]