AWS Config VS AWS Organizations

Periodic Audits and Compliance Checks: Use AWS Config and AWS Security Hub for continuous compliance tracking. Run AWS Inspector on periodic security checks of any identified vulnerabilities and always for mitigation. - Source: dev.to / 26 days ago

AWS has a lot of controls built in, but what if you need more? AWS Config allows you to create your own rules. These rules can then inspect your resources and determine if they are compliant. This is useful when you want to enforce certain configuration settings. Giving you an overview of how compliant your workloads are. - Source: dev.to / 3 months ago

AWS Config is a service that provides a detailed inventory of all of the resources in your AWS account, along with their configuration settings. By using AWS Config, you can easily identify any resources that are not configured correctly, such as those that are not compliant with your security policies. Additionally, AWS Config provides change management capabilities, allowing you to see when changes were made to... Source: about 1 year ago

AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. With AWS Config, you can review changes to your resources and maintain an inventory of your AWS resources. - Source: dev.to / about 1 year ago

Once you have enforced the rule to set up MFA through your IdP, make sure to set up an AWS Config rule to ensure that your users have followed through and taken the steps to set it up. You can use one of the pre-built AWS Config MFA-based rules and get alerted via email if a user is non-compliant. - Source: dev.to / over 1 year ago

If you are working in a multi-account setup which should be the case if you run more than one workload in more than one SDLC stage, it is a best practice to use AWS Organizations to govern and manage your AWS accounts. Going further into the best practices, it is a a recommendation to have a separate Security or Audit AWS Account to manage your security services on the organizational scale. In that case, you... - Source: dev.to / 2 months ago

The solution here requires you to be using AWS Organizations to create AWS accounts for your developers. - Source: dev.to / 10 months ago

At this scale, operations can take a lot of time, because there are multiple operational tasks that we need to do when AWS accounts are leaving the AWS Organization or Teams are nuking the AWS account, StackSets Instances get drifted, because not all required resources for compliance can be secured ( SCP Limitations ), existing AWS accounts are joining the AWS Organization and all mandatory StackSets needs to be... - Source: dev.to / 11 months ago

AWS Organizations. (n.d.). Retrieved April 25, 2023, from https://aws.amazon.com/organizations/. - Source: dev.to / about 1 year ago

No doubt about it, AWS SSO (or should I say IAM Identity Centre?) is a great addition to the overall access management and security in AWS. But, as you mature in the cloud with a touch of AWS Organizations and dash of well-architected framework you'll soon have many AWS accounts and managing all of those accounts kind of sucks. - Source: dev.to / about 1 year ago