Category: AWS CloudFormation

Enterprise customers with multiple users want to manage policies on cloud resources like AWS Key Management Service (AWS KMS) and Amazon Simple Storage Service (Amazon S3) to grant access to additional users after the product has been deployed through, for example, AWS CloudFormation templates. In addition, customers want to accomplish this task in a self-service […]

AWS Control Tower is a managed AWS service that automates the creation of a multi-account AWS environment based upon the AWS Well-Architected Framework. It builds the environment using AWS best practices for security and management services. In this blog post, we’ll show how a managed service provider can use AWS Control Tower and AWS Service […]

The Three Lines Model developed by the Institute of Internal Auditors (IIA) helps organizations identify structures and processes to facilitate strong governance and risk management. In that model, the first-line function manages risk, the second-line function oversees risk and the third-line function provides objective and independent assurance of risk management. According to a Deloitte analysis […]

As consultants, we often help customers manage AWS services using infrastructure as code (IaC). We follow DevOps practices for building, versioning, testing, and deploying services. We also use AWS Config custom and managed rules to evaluate the configuration settings of AWS resources. AWS Config continuously tracks the configuration changes that occur among AWS resources and […]

One of the first tasks my customers do when creating a new AWS account is to create the right network integration for their enterprise. Typically, this means implementing an Amazon Virtual Private Cloud (VPC) across a multi-account framework that was provisioned with AWS Control Tower. When these are provisioned in a self-service model, we see […]

If you’ve authored private resource types to extend the AWS CloudFormation registry, you might have used Java, Python, or Go, which, until now, were our officially supported languages. In this blog post, we will show you how to create a private resource type using TypeScript, the latest addition to our growing list of officially supported […]

AWS Config is a powerful service you can use to track infrastructure resources and simplify compliance. AWS Config continuously monitors and records your resource configurations. It also allows you to use AWS Config rules to automate the evaluation of recorded configurations against desired state. You can use its remediation actions to address noncompliant resources and […]

This two-part series discusses how to customize Amazon CloudWatch alarm notifications to your local time zone. Part 1 covers customizing using CloudWatch Events rule. Part 2 covers customizing using Amazon SNS. You can use Amazon CloudWatch to set alarms and automate actions based on predefined thresholds or machine learning algorithms that identify anomalous behavior in […]

AWS Managed Services (AMS) operates AWS on your behalf, providing a secure and compliant , a proven enterprise operating model, ongoing cost optimization, and day-to-day infrastructure management. AMS provides a secure and efficient means to make controlled changes to your infrastructure to ensure compliance. Changes are approved and automated through its approval engine. You can […]

AWS CloudFormation macros add custom operations to your templates, including iterations, string manipulations, and math operations. Macros allow these language extensions without sacrificing the declarative benefits enjoyed by our customers, whether they are novice developers or experienced system admins. CloudFormation macros are ideal for system administrators and developers who benefit from the additional logic to […]