AWS Cloud Operations Blog

Category: Best Practices

Strengthen application resilience with myApplications and AWS Resilience Hub

Introduction Today, organizations prioritize managing their applications over infrastructure, focusing on business outcomes while leveraging automation and cloud services to handle the underlying infrastructure. They seek to consolidate key application metrics like health, security, cost, and performance from AWS services such as AWS Security Hub or Amazon CloudWatch. These organizations also need to ensure their […]

Streamline change processes ­and improve governance with AWS Well-Architected

The AWS Well-Architected Framework (WA Framework) is designed to help cloud architects build secure, resilient, high-performing, and efficient workloads on AWS. It is structured around six pillars: Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, and Sustainability. Figure 1. The pillars of AWS Well-Architected Framework This post provides insights on how to streamline your change-management […]

Centrally detect and investigate security findings with AWS Organizations integrations

Detecting security risks and investigating the corresponding findings is essential for protecting your AWS environment from potential threats, ensuring the confidentiality, integrity, and availability of your data and resources for your business needs. AWS provides a range of governance and security services such as AWS Organizations, AWS Control Tower, and AWS Config along with many others, […]

Automating metrics collection on Amazon EKS with Amazon Managed Service for Prometheus managed scrapers

Managing and operating monitoring systems for containerized applications can be a significant operational burden for customers such as metrics collection. As container environments scale, customers have to split metric collection across multiple collectors, right-size the collectors to handle peak loads, and continuously manage, patch, secure, and operationalize these collectors. This overhead can detract from an […]

Serverless Governance of Software Deployed with AWS Service Catalog

AWS Service Catalog (Service Catalog) is a powerful tool that empowers organizations to manage and govern approved services and resources. It significantly benefits platform engineering by standardizing environments, accelerating service delivery, and enhancing security. With its automated provisioning and resource management, Service Catalog supports infrastructure as code, enabling scalable, reliable deployments. Platform engineering teams are […]

Leveraging AWS CloudTrail Insights for Proactive API Monitoring and Cost Optimization

Leveraging AWS CloudTrail Insights for Proactive API Monitoring and Cost Optimization

AWS CloudTrail Insights is a powerful feature within AWS CloudTrail that helps organizations identify and respond to unusual operational activity in their AWS accounts. This includes identifying spikes in resource provisioning, bursts of IAM actions, or gaps in periodic maintenance activity. CloudTrail Insights continuously analyzes CloudTrail management events from trails and event data stores, establishing […]

Deploy AWS Systems Manager Quick Setup programmatically across your AWS Organization

AWS Systems Manager Quick Setup simplifies setting up AWS services, including Systems Manager, by automating common or recommended tasks in your AWS Organization across AWS accounts and Regions. These tasks include, creating required AWS Identity and Access Management (IAM) instance profile roles and setting up operational best practices, such as periodic patch scans and inventory […]

Streamline Compliance Management with AWS Config custom rules and conformance packs

Streamline compliance management with AWS Config custom rules and conformance packs

In this blog post, we will show you how to manage your compliance controls with AWS Config custom rules (custom rules) written in AWS CloudFormation Guard (cfn-guard) domain-specific language (DSL) with use of conformance packs. AWS CloudFormation Guard, the language used to write custom policy rules is an open-source domain-specific language (DSL) and command line […]

Elevating Your AWS Observability: Unlocking the Power of Amazon CloudWatch Alarms

Organizations commonly leverage AWS services to enhance the observability and operational excellence of their workloads. However, often it is unclear the actions that teams should take when observability metrics are delivered to them, it can be difficult to understand which metrics need action to remediate and which ones are simply noise. For example, if an […]

Protect your AWS resources from unauthorized access using AWS Organizations integrations

In today’s digital landscape, customers have complex and distributed workloads running on AWS, involving a large number of AWS resources across multiple services. Tackling security risks across numerous resources can seem daunting, but with the right approach following best practices, can be addressed in a timely manner. AWS offers tools and services designed to help […]