Blog

Compliance and AWS Config

Compliance and AWS Config

Cloud Providers have streamlined many compliance requirements...

Audit and compliance of technology assets at scale have been a major cost for companies in times past, not to mention a major headache for engineers who have had to satisfy certain criteria in the maintenance of infrastructure assets on behalf of their company. Times certainly have changed in the infrastructure world as more and more cloud adoption has led to investment by cloud providers in developing products that directly target managed and unmanaged assets/resources performing many services, including compliance checks and automated remediation.

It's hard to pick a clearly superior platform/product and/or approach as all adopted a qualitative approach with deepening expertise. They have done this knowing that a business trusting a cloud provider with such key assets under their management does not come easy. Making a scaleable product that targets your resource assets for baseline compliance checks and can remediate them in an automated fashion solves many headaches all at once. The reputations of AWS, Google Cloud Platform, Microsoft Azure plus more have been built upon this legacy that dramatically increased in effectiveness since around 2016. Today, it's hard not to consider paying over top dollar for a streamlined service where someone else does the heavy lifting in a manner you can trust. Cloud Architects will tell you that products like AWS Config will solve your compliance monitoring needs on your managed digital assets and your AWS storage with nearly no fuss. It may sound a little dreamy especially if you have a large server fleet with associated storage requirements, but it is also accurate.

For example, you can set AWS Config up in literally five minutes on the dashboard and start adding rules for your resources. No more lengthy automation projects developing scripts to run across your server fleet with sometimes considerable performance overheads. It's a five minute set up and you can add rules/customizations plus more from there. You can set up a Simple Notification System (SNS) topic delivery, IAM roles (permissions), along with desired instance types and use an API request monitor 'cloudtrail-enabled' to log API requests after the fact. Adding rules could not be easier, select 'Add Rule' and add one such as 'desired-instance-type' followed by 't2.micro'. There are many more rules you can add with similar ease and AWS Config dashboard will show which ones are and are not in compliance after a few minutes. You can click into them and investigate the issue in a 'drill down' fashion. Once you corrected the issue you can then re-evaluate the rules via the AWS Config dashboard to see what's in compliance and what is not. Unmanaged instances like EC2 have extra services to help with your management of them like AWS Systems Manager. There you can also leverage the monitoring power of CloudWatch, EventBrige and SNS along with a Lambda function installing the SSMAgent on your EC2 instances. There you can get application-level logging into the same compliance and monitoring streams gathering compliance inventory information plus more at scale.

Other products have compliance checks sewn into them like CloudFormation with drift detection seeing if your deployed instances have had their configuration changed since last deployment plus more. The range of compliance orientated features in products certainly impresses given how they enable scale in a cost-effective manner when you think of the costs of poor compliance controls plus more. All leading cloud providers have their own products that achieve this level of service provision like Azure Insights, and all impress in their own way. What's important is that Cloud as a concept has evolved into a growth phase in its lifecycle along with a human-driven development cycle of technology that signals real progress for the digital age. Finally, a tenuous balance between big and small business interests have been maintained by the major providers, spurning an ecosystem of SME specialist providers who do an excellent job of bringing the benefits of going big to the small operator who wants to extend their reach beyond bricks and motor. Long may it continue!

Stay tuned for more on DevOps in this blog along with articles on other areas of interest in the Infrastructure and Writing arenas. To not miss out on any updates on my availability, tips on related areas or anything of interest to all, sign up for one of my newsletters in the footer of any page on Maolte. I look forward to us becoming pen pals!

Best Regards

John

Related Articles

Image of interconnected points and a project startup text for a maolte article

New Business and IT Contracting

Image of Jenkins workflow

CICD and Jenkins

image of charmartin train station in Madrid Spain

Site Reliability and Change

Azure DevOps VNet Topology image on Azure portal.

Azure V-Net Demo