AWS re:Invent 2023
Whats New with Aws Governance and Compliance Cop340

Title

AWS re:Invent 2023 - What’s new with AWS governance and compliance (COP340)

Summary

  • Sid, the product lead for AWS Governance, and Andres, the solution architect team lead for CloudOps, discuss new features in AWS Governance and Compliance.
  • They use a narrative involving three characters: Richard (cloud architect), Maria (cloud ops manager), and Nikki (compliance manager) to illustrate the challenges and solutions in cloud governance.
  • Richard focuses on setting up a well-governed environment using AWS Control Tower, which now supports all 28 commercial regions and two US GovCloud regions. Control Tower's Landing Zone APIs have been launched, allowing programmatic creation, update, reset, or deletion of landing zones.
  • Maria deals with operations at scale, using AWS Config for resource tracking and exclusion, periodic recording, and natural language processing for advanced queries. CloudTrail Lake has been enhanced with support for non-AWS sources and zero ETL analysis in Amazon Athena, along with new pricing options.
  • Nikki is concerned with ensuring and demonstrating compliance. AWS Audit Manager now includes a best practices framework for generative AI on Amazon Bedrock. AWS Control Tower has added 65 new controls for digital sovereignty, allowing region deny settings at the OU level.
  • AWS Artifact now offers on-demand access to third-party compliance reports and email notifications for updates.
  • The session emphasizes that proper governance tools can accelerate innovation rather than slow it down.

Insights

  • The expansion of AWS Control Tower to all commercial and GovCloud regions signifies AWS's commitment to providing governance solutions globally.
  • The introduction of Landing Zone APIs for Control Tower reflects a shift towards Infrastructure as Code (IaC) practices, enabling automation and scalability in cloud governance.
  • AWS Config's new features, such as resource exclusion and periodic recording, indicate a focus on optimizing resource tracking for cost and performance efficiency.
  • The integration of natural language processing in AWS Config's advanced queries demonstrates AWS's investment in making cloud governance more accessible and user-friendly.
  • CloudTrail Lake's enhancements, including support for non-AWS sources and zero ETL analysis in Athena, show AWS's recognition of the need for comprehensive audit capabilities that encompass both AWS and non-AWS data sources.
  • The new pricing model for CloudTrail Lake suggests AWS is responding to customer feedback for more flexible and cost-effective options for audit data retention.
  • AWS Audit Manager's new framework for generative AI and the additional controls in AWS Control Tower for digital sovereignty highlight AWS's responsiveness to emerging technologies and regulatory requirements.
  • AWS Artifact's new features for third-party report access and notifications indicate an effort to streamline compliance processes for AWS customers.
  • Overall, the session underscores AWS's strategy to enhance governance and compliance services to support customers' evolving needs in a dynamic regulatory landscape.
Whats New with Aws File Storage Stg219Whats New with Aws Observability and Operations Cop339