Automate-it-logo
C'est parti

Using GitHub Actions with AWS IAM roles

blog image

Problem statement There are many different and interesting DevOps tools on the market nowadays. Companies can use and combine them depending on use cases, cost, historical reasons, personal preferences, etc. Some tools can be integrated with others quite well, others – not. No matter which tools we use, there are fundamental and critical areas that […]

Deploying Hashicorp Vault to EKS cluster with DynamoDB backend.

image header

Problem statement Kubernetes secret is not the best place to keep sensitive data. Even though EKS supports adding KMS envelope encryption to enhance security for secrets, we still can not apply fine-grained control access to kubernetes secrets via RBAC. A better idea is to use an external secrets store, for example AWS Secrets Manager, Hashicorp […]

Enabling AWS Budget for multiple accounts within AWS Organization

Problem statement Using a multi-account AWS environment was mentioned many times in previous posts as the best practice for companies which helps apply flexible security controls, simplifies billing and in general enables you to move faster and build differentiated products and services. There are many different approaches for organizing accounts, depending on the company’s type, […]

Cross-account monitoring with Amazon CloudWatch

Automat-it branded element design

Problem statement Using multiple AWS accounts is one of guidelines to set up a well-architected environment. By using multiple accounts, you can best support your security goals and business processes. In previous posts we already covered multi-account logging, backups and security services integrations. In this post we will look at multi-account monitoring with Amazon CloudWatch, […]

AWS Security Hub integrations

headline image

Security is essential for every organization, that’s why Automat-it pays great attention to it during project delivery and well-architected review. AWS has several really impressive security related services that help us build a safe infrastructure and continuously monitor compliance. In the previous post we demonstrated how to enable AWS Security Hub for a multi-account AWS […]

Multi-account backup copy in AWS

In the previous post about the Landing Zone solution we checked what AWS Backup Policy is and how we can centrally manage AWS Backup service across multiple AWS accounts. Backups were created in the same account and region with the target resource, but what can we do if we need to copy backups to another […]

Logging in a multi-account AWS environment

Automat-it branded element design

Collecting and storing different types of logs are crucial for security and compliance, especially when we deal with such standards as HIPAA, PCI DSS and others. When we build a secure multi-account infrastructure with AWS Control Tower, we get a “Log Archive” account in the initial setup. There are many AWS services that can generate […]

Machine Learning services in AWS (part 2)

In the previous post we started an overview of Machine Learning and Artificial Intelligence services in AWS, including Amazon Sagemaker and Amazon Rekognition. In this one we will take a look at Amazon Polly, Amazon Translate, Amazon Transcribe, Amazon Comprehend and Amazon Textract. Amazon Polly Amazon Polly is a service that turns text into lifelike […]

Machine Learning services in AWS (part 1)

Machine Learning is everywhere. Even if not everywhere, the majority of people face it every day while surfing the internet, buying things online, watching videos, listening to music and many other activities. Machine learning is integrated in social media, ecommerce, healthcare, banking, manufacturing and other industries. It helps to enhance the customer service experience, personalize […]

More about AWS Landing Zone (Part 2)

headline image

Automat-it is moving forward with our Landing Zone solutions. The previous post demonstrated an IP management solution, Backup Policies and License Manager. This post describes some security and compliance topics as well as cost optimization, in particular we will take a look at Security Hub, Tag Policies, Resource groups and Budgets with alerts. AWS Security […]