AWS Policies and Standards Automation

AWS Config

• Error: "We are unable to complete the request at this time. Please contact AWS Support."
  • either AWS Config Aggregator limit has been reached
    • default is 50 configuration aggregators
  • OR StartConfigRulesEvaluation API has exceeded more than one request per minute

Amazon States Language

• InputPath --> selects which parts of the JSON input to pass to the task of the Task state
• Parameters --> pass collection of key-value pairs.
  • Values are either static values defined in your state configuration
  • OR selected from the input using the path
• OutputPath --> filters the JSON output to further limit info passed to Output
• ResultPath --> selects what combination of the state input and the task result to pass to the output

AWS Support Plans

• Trust Advisor Checks
  • only Business and Enterprise support has all Trust Advisor Checks enabled
• Enterprise Support Plan
  • has better response time, but only for business applications:
    • Microsoft
    • SAP
    • Oracle

AWS Systems Manager

• Run Command Feature
  • install ssm agent
  • ensure required roles configured
• AWS Systems Manager Patch Manager
• AWS Systems Manager Maintenance Windows

Amazon Macie

• use machine learning to scan S3 buckets
  • scan for PII
  • create PII dashboards and alerts

Trusted Advisor

• Business Level
  • includes Cost Optimization suggestions

AWS Secrets Manager

• store database passwords
• limit access to only developers
• rotate passwords on a schedule

AWS Config

• record configuration changes
• store snapshots of configuration at regular intervals
• AWS Config data from multiple accounts can be aggregated into a single account
• Built-In Rules
  • s3-bucket-server-side-encryption-enabled
  • iam-user-mfa-enabled
• tag resources