All news with #aws systems manager tag

Automating Session Manager Preferences with CloudFormation

🔐 This post explains how to centrally manage AWS Systems Manager Session Manager preferences across multiple accounts and Regions using CloudFormation StackSets and an AWS Lambda function. The solution automates updates to the SSM-SessionManagerRunShell document, provisions optional logging destinations (Amazon S3 or CloudWatch Logs), and can create KMS keys for session and log encryption. It aims to reduce manual configuration errors and ensure consistent security and compliance at scale.

AWS Systems Manager: Windows Security Update Alerts

🛡️ AWS Systems Manager Patch Manager now notifies when Windows security updates are available but not approved by a customer's patch baseline. The feature adds a new patch state, AvailableSecurityUpdate, and by default surfaces these instances as Non-Compliant, helping administrators spot missing security patches even when using long ApprovalDelay windows. Organizations can preserve existing reporting by configuring patch baseline behavior. The capability is available in all Regions and incurs no additional charges; administrators can enable it from the Patch Manager console or documentation.

Validate SAP HANA Best-Practice Compliance with SSM

🔍 AWS Systems Manager Configuration Manager now supports SAP HANA, enabling automated validation of SAP HANA databases running on AWS against best practices defined in the AWS Well‑Architected Framework SAP Lens. The capability automatically assesses configurations, proactively flags misconfigurations, and provides specific remediation guidance so teams can address issues before they impact operations. Checks can be scheduled or run on demand, and SSM for SAP Configuration Manager is available in all commercial AWS Regions.

Automate Disabling AD Users from GuardDuty Findings

🔐 This AWS Security Blog post explains how to use Amazon GuardDuty to detect suspicious activity and automatically disable accounts in AWS Managed Microsoft AD. It walks through deploying a managed directory and a directory-administration EC2 instance, configuring AWS Systems Manager Run Command documents, and orchestrating those actions with AWS Step Functions triggered by Amazon EventBridge. The guide includes required permissions, testing steps using GuardDuty’s test domains, and notes on extending the automation to reset passwords or send notifications.

AWS Security Incident Response: Accelerating IR Lifecycle

🛡️ AWS Security Incident Response is a Tier 1, AWS-native service launched in December 2024 to accelerate detection, triage, and containment of security incidents. It integrates with Amazon GuardDuty, AWS Security Hub, and AWS Systems Manager, supports partner integrations, and enables escalation to AWS CIRT. The service centralizes findings, automates monitoring and intelligent triage to reduce false positives, and offers prebuilt containment playbooks and APIs to compress MTTR and coordinate cross-account response.