Skip to content

Cloud Security

Writing an SCP in AWS: An Introduction

Preventive guardrails are a key component of cloud governance. (Cloud governance is the process of defining and creating policies to control costs, minimize security risks, and improve efficiency.) In AWS, preventive guardrails are SCPs (Service Control Policies). Eventually you may need a preventive guardrail in AWS that is not already available. In this case, writing an SCP is an option. Beware, SCPs do have logical limitations on what you can… Read More »Writing an SCP in AWS: An Introduction

AWS Control Tower

AWS Control Tower: A Tool for Cloud Governance

What is AWS Control Tower? AWS Control Tower is a service that provides for cloud governance for a multi-account AWS environment. (Cloud Governance is the process of defining and creating policies to control costs, minimize security risks, and improve efficiency.) It does this by orchestrating several other AWS services, including AWS Organizations, AWS Service Catalog, and AWS IAM Identity Center (successor to AWS Single Sign-On). Control Tower accomplishes this primarily… Read More »AWS Control Tower: A Tool for Cloud Governance

Cloud Security

Cloud Governance and Cloud Security using AWS Config

Cloud Governance is the process of defining and creating policies to control costs, minimize security risks, and improve efficiency. On AWS, cloud security often starts with preventive and detective guardrails. We will be discussing cloud security using AWS Config here, otherwise known as detective guardrails. What is AWS Config? AWS Config is a service that records configuration changes to your AWS resources. This includes recording how resources are connected to… Read More »Cloud Governance and Cloud Security using AWS Config

//