Articles on CloudWatch, Systems Manager, Config, and other operations management services
CloudWatch Internet Monitor continuously monitors the availability and performance of end users accessing your application over the internet, broken down by ISP, city, and ASN. Leveraging AWS global network observability data, it provides an integrated workflow from detecting performance degradation to supporting DNS routing failover decisions.
Analyze the root causes of past major incidents including the S3 outage, us-east-1 DNS failure, and Kinesis outage from AWS's published Correction of Errors (COE) and incident reports, and explain how they changed AWS's design principles.
Dig into the true meaning behind AWS's frequently used phrase "Undifferentiated Heavy Lifting," examining the responsibility boundaries of managed services, the reality of the shared responsibility model, and the illusions and realities of fully managed services.
Automate patch management with Patch Manager, streamline remote operations with Run Command, and enable SSH-free shell access with Session Manager.
Automatically check account health across five categories: cost optimization, performance, security, fault tolerance, and service limits. Learn about Priority for organization-wide best practice management and API integration.
Learn how to use AWS Trusted Advisor for automated environment diagnostics. This article covers the check items and usage across five categories: cost optimization, security, fault tolerance, performance, and service limits.
Quantify risks through architecture reviews based on six pillars, add organization-specific best practices with custom lenses, and track improvement progress with milestones.
Procure third-party software in three delivery models (AMI, container, SaaS) and consolidate billing with AWS. Learn about organization-wide governance with Private Marketplace and automating contract management.
Learn how AppFabric collects audit logs from SaaS applications, standardizes them to OCSF format, and builds analysis pipelines.
Automatically build a best-practice multi-account environment and maintain continuous compliance with over 400 guardrails. Learn extension techniques using Account Factory and Customizations for Control Tower.
Roll out configuration changes independently from code deployments using Linear and Exponential strategies. Ensure safety with automatic rollback triggered by CloudWatch alarms.
Manage backups for EC2, RDS, DynamoDB, and more under a unified policy. Covers Vault Lock WORM protection and automated restore testing.
Learn how to record resource configurations with AWS Config, evaluate compliance using Config rules, and set up auto-remediation actions.
Establish governance for multi-account environments through OU hierarchy design and SCP-based access control. Also covers cost management with consolidated billing.
Record all API activity and run advanced analysis with SQL queries in CloudTrail Lake. This article covers automatic anomaly detection with Insights and real-time detection through EventBridge integration.
Build unified monitoring with the three pillars of metrics, logs, and alarms. This article covers interactive analysis with Logs Insights, high-precision notifications with composite alarms, and leveraging Embedded Metric Format.
Define infrastructure with templates and preview impact with change sets before deployment. Detect configuration drift with drift detection and deploy across your entire organization with StackSets.
Learn how Amazon DevOps Guru uses ML to detect operational anomalies, including automatic CloudWatch metrics analysis, proactive anomaly detection, recommended actions, and CloudFormation stack-level monitoring.
A comprehensive guide covering service outage detection, automated notifications via EventBridge integration, and organization-wide impact analysis through Organizations integration.
Learn how to manage configuration values and secrets with Parameter Store, design hierarchical parameter structures, and choose between Parameter Store and Secrets Manager.
Learn how to catalog IT-approved CloudFormation templates and safely provide end-user self-service through launch constraints and template constraints.
Launch with a single click from the console and start working immediately in an environment with AWS CLI, SAM CLI, and CDK pre-installed. Scripts are preserved with 1 GB of persistent storage.
Learn how to assess application fault tolerance with AWS Resilience Hub, including defining RTO/RPO targets, configuring resilience policies, running automated assessments, and leveraging improvement recommendations.
Learn how to deliver CloudWatch alarm and CodePipeline notifications to Slack and Teams, and build a ChatOps environment where you can operate AWS using @aws commands from chat.
Learn how to build a multi-source observability dashboard by integrating CloudWatch, Prometheus, and OpenSearch data sources.
Learn how to share VPC subnets and Transit Gateways across accounts to centralize IP address space management and reduce VPC peering connections.
Learn how to assess application fault tolerance with Resilience Hub, configure RTO/RPO policies, and leverage improvement recommendations.
Collect EKS/ECS metrics in a Prometheus-compatible format and query them with PromQL. Learn how to build a container monitoring platform integrated with Managed Grafana.
Establish governance for your multi-account environment with automated landing zone construction and guardrail-based policy enforcement. Also covers automated account creation with Account Factory.
Simply embed a JavaScript snippet to collect page load times, Web Vitals, JS errors, and HTTP errors in real time. This article explains how to visualize frontend quality using session replay and custom events.
Learn about architecture reviews using the AWS Well-Architected Tool. Covers evaluation based on the six pillars, improvement planning, and custom lens usage.
Explain how AWS service quotas (formerly service limits) are not mere restrictions but a design to protect other customers in a multi-tenant environment, covering the noisy neighbor problem, soft vs hard limits, and what happens behind quota increase requests.
Learn how to design systems operations management with AWS Systems Manager, including patch management, Parameter Store, and operational automation using Run Command.
We explain why AWS resource tags are not just labels but the foundation for cost allocation, access control, and automation, covering tag key naming conventions, how to use the 50-tag limit, and governance through tag policies.
Learn how to design audit logs using AWS CloudTrail, including recording API activity, long-term storage in S3, and compliance automation through integration with AWS Config.
This article explains the technical and economic reasons behind the split between CloudWatch basic monitoring (5 minutes) and detailed monitoring (1 minute), the step-down aggregation of metric retention periods, and the high-resolution mode for custom metrics.
Learn about operational monitoring design with AWS CloudWatch, including metrics collection, log analysis, and alarm configuration for comprehensive observability.
Covers the most frequently flagged design issues in AWS Well-Architected Reviews, focusing on five areas: single-AZ deployment, missing backups, underutilized logging, neglected cost optimization, and overly permissive security groups.
Learn how Amazon Time Sync Service works, how GPS and atomic clocks provide high-precision time sources, the design decision to absorb leap seconds through smearing, and why time synchronization matters in distributed systems.
Learn how to deploy CloudTrail, Config, GuardDuty, and Security Hub across all accounts using the Organizations delegated administrator model, achieving unified security and compliance management.
Establish security boundaries and optimize cost allocation through OU hierarchy design and SCP governance controls in Organizations. This article covers the full picture of multi-account operations, including Control Tower guardrails and consolidated billing.
Learn how to build a ChatOps notification platform using AWS Chatbot. Covers AWS event notifications to Slack and Microsoft Teams, instant delivery of CloudWatch alarms, and automating incident response through SNS integration.
Learn how to catalog approved IT services with AWS Service Catalog and enable self-service infrastructure provisioning through CloudFormation integration. This article covers operational patterns that maintain governance while empowering development teams.
Learn about resource sharing in multi-account environments with AWS RAM (Resource Access Manager) and organization-wide resource management through AWS Organizations integration. Explore practical patterns for VPC subnet sharing and Transit Gateway sharing.