• Stars
    star
    334
  • Rank 126,264 (Top 3 %)
  • Language
    Python
  • License
    Apache License 2.0
  • Created over 4 years ago
  • Updated 8 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Automated Security Response on AWS is an add-on solution that works with AWS Security Hub to provide a ready-to-deploy architecture and a library of automated playbooks. The solution makes it easier for AWS Security Hub customers to resolve common security findings and to improve their security posture in AWS.

Automated Security Response on AWS

🚀 Solution Landing Page | 🚧 Feature request | 🐛 Bug Report

Automated Security Response (ASR) on AWS is a solution that enables AWS Security Hub customers to remediate findings with a single click using sets of predefined response and remediation actions called Playbooks. The remediations are implemented as AWS Systems Manager automation documents. The solution includes remediations for issues such as unused access keys, open security groups, weak account password policies, VPC flow logging configurations, and public S3 buckets. Remediations can also be configured to trigger automatically when findings appear in AWS Security Hub.

The solution includes the playbook remediations for some of the security controls defined as part of the following standards:

  • AWS Foundational Security Best Practices (FSBP) v1.0.0
  • Center for Internet Security (CIS) AWS Foundations Benchmark v1.2.0
  • Center for Internet Security (CIS) AWS Foundations Benchmark v1.4.0
  • Payment Card Industry (PCI) Data Security Standard (DSS) v3.2.1

A Playbook called Security Control is included that allows operation with AWS Security Hub's Consolidated Control Findings feature.

Note: To deploy the solution without building from the source code, use the CloudFormation templates linked from the Solution Landing Page.

Architecture Diagram

Customizing the Solution

Detailed instructions for creating a new automated remediation in an existing Playbook can be found in the Implementation Guide. Instructions for creating an entirely new Playbook are below.

Note: If you choose to continue, please be aware that reading and adjusting the source code will be necessary.

Prerequisites for Customization

  • a Linux client with the following software
    • AWS CLI v2
    • Python 3.7+ with pip
    • AWS CDK 1.155.0+
    • Node.js with npm
  • source code downloaded from GitHub
  • two S3 buckets (minimum): 1 global and 1 for each region where you will deploy
    • An Amazon S3 Bucket for solution templates - accessed globally via https.
    • An Amazon S3 Bucket for source code - regional.

Obtaining Source Code

Building from GitHub source will allow you to modify the solution to suit your specific needs. The process consists of downloading the source from GitHub, creating buckets to be used for deployment, building the solution, and uploading the artifacts needed for deployment.

Clone or download the repository to a local directory on your linux client. Note: if you intend to modify the solution you may wish to create your own fork of the GitHub repo and work from that. This allows you to check in any changes you make to your private copy of the solution.

Git Clone example:

git clone https://github.com/aws-solutions/aws-security-hub-automated-response-and-remediation.git

Download Zip example:

wget https://github.com/aws-solutions/aws-security-hub-automated-response-and-remediation/archive/main.zip

Custom Playbooks

Go to source/playbooks in the solution source downloaded above. In this folder is a Playbook skeleton, NEWPLAYBOOK. Copy this entire folder and its contents as a new folder under source/playbooks. The naming convention is the security standard abbreviation followed by the version number, as they appear in the StandardsControlArn in the AWS Standard Finding Format for the security control.

Example

For PCI-DSS, we used "PCI" for the standard abbreviation. The version is 321: PCI321

"StandardsControlArn": "arn:aws:securityhub:us-east-1:111111111111:control/pci-dss/v/3.2.1/PCI.IAM.7"

For CIS AWS Foundations Benchmark, we use "CIS". The version is 120: CIS120

"StandardsControlArn": "arn:aws:securityhub:us-east-1:111111111111:control/cis-aws-foundations-benchmark/v/1.2.0/2.4"

Unless noted, all of the following changes are within the folder you just created for your new playbook.

  1. Rename the typescript file in bin to match the (lower case) name of your new playbook. Ex. pci321.ts
  2. Update cdk.json with the new file name
  3. Rename the test typescript in the test subfolder similarly. Ex. pci321_stack.test.ts
  4. Update the description.txt, README.md, and support.txt, following the example within.
  5. Rename ssmdocs/scripts/newplaybook_parse_input.py as desired. This script parses the finding data. You will likely not need to modify it, as it's fairly robust. See other Playbooks for examples of its use.

Configure the Playbook

Edit bin/<standard>.ts. The following 3 lines are critical to definition of the Playbook. These values enable ASR to map from the StandardsControlArn in a finding to your remediations.

const standardShortName = "NPB";
const standardLongName = "New Playbook";
const standardVersion = "1.1.1"; // DO NOT INCLUDE 'V'

standardShortName can be as you wish. General recommendation is to make it short and meaningful. Ex. PCI, CIS, AFSBP. This is the name used in many labels throughout the solution. standardLongName must match the StandardsControlArn, as pci-dss in the above example. standardVersion must match the StandardsControlArn version, as .../v/3.2.1/... in the above example.

Having established these values, your runbooks in /ssmdocs will be named: -.yaml

As you write your SSM runbooks, you will add them to the stack in the following code, where control must match the field from the StandardsControlArn:

const remediations: IControl[] = [{ control: "RDS.6" }];

Create the Remediations

Remediations are executed using SSM Automation Runbooks. Each control has a specific runbook. ASR Runbooks must follow the naming convention in the /ssmdocs folder:

-.yaml

Follow examples from other Playbooks. Your ASR runbook must parse the finding data, extract the fields needed for remediation, and execute a remediation runbook, passing the role name.

Remediation runbooks are defined in the /source/remediation_runbooks and /source/solution_deploy/remediation_runbooks-stack.ts. The remediation examples provided with the solution are fairly robust and self-documenting. Each definition creates an IAM role and an SSM runbook that is called by the ASR runbook.

Build and Deploy

AWS Solutions use two buckets: a bucket for global access to templates, which is accessed via HTTPS, and regional buckets for access to assets within the region, such as Lambda code. You will need:

  • One global bucket that is access via the http end point. AWS CloudFormation templates are stored here. It must end with "-reference. Ex. "mybucket-reference"
  • One regional bucket for each region where you plan to deploy using the name of the global bucket as the root, and suffixed with the region name. Ex. "mybucket-us-east-1"
  • Your buckets should be encrypted and disallow public access

Note: When creating your buckets, ensure they are not publicly accessible. Use random bucket names. Disable public access. Use KMS encryption. And verify bucket ownership before uploading.

Build the solution

First ensure that you've run npm install in the source folder.

Next from the deployment folder in your cloned repo, run build-s3-dist.sh, passing the root name of your bucket (ex. mybucket) and the version you are building (ex. v1.0.0). We recommend using a semver version based on the version downloaded from GitHub (ex. GitHub: v1.0.0, your build: v1.0.0.mybuild)

chmod +x build-s3-dist.sh
build-s3-dist.sh -b <bucketname> -v <version>

Run Unit Tests

Some Python unit tests execute AWS API calls. The calls that create, read, or modify resources are stubbed, but some calls to APIs that do not require any permissions execute against the real AWS APIs (e.g. STS GetCallerIdentity). The recommended way to run the unit tests is to configure your credentials for a no-access console role.

cd ./deployment
chmod +x ./run-unit-tests.sh
./run-unit-tests.sh

Confirm that all unit tests pass.

Upload to your buckets

Note: Verify bucket ownership before uploading.

By default, the templates created by build-s3-dist.sh expect the software to be stored in aws-security-hub-automated-response-and-remediation/v<version>. If in doubt, view the template.

Use a tool such as the AWS S3 CLI "sync" command to upload your templates to the reference bucket and code to the regional bucket.

Deploy

See the Automated Security Response on AWS Implementation Guide for deployment instructions, using the link to the SolutionDeployStack.template from your bucket, rather than the one for AWS Solutions. Ex. https://mybucket-reference.s3.amazonaws.com/aws-security-hub-automated-response-and-remediation/v1.3.0.mybuild/aws-sharr-deploy.template

Directory structure

|-.github/                [ GitHub pull request template, issue templates, and workflows ]
|-deployment/             [ Scripts used to build, test, and upload templates for the solution ]
|-simtest/                [ Tool and sample data used to simulate findings for testing ]
|-source/                 [ Solution source code and tests ]
  |-LambdaLayers/         [ Common functions used by the Orchestrator and custom resource providers ]
  |-lib/                  [ Solution CDK ]
    |-appregistry/        [ Resources for integration with Service Catalog AppRegistry ]
    |-cdk-helper/         [ CDK helper functions ]
    |-member/             [ Member stack helper functions ]
    |-tags/               [ Resource tagging helper functions ]
  |-Orchestrator/         [ Orchestrator Step Function Lambda Functions ]
  |-playbooks/            [ Playbooks ]
    |-AFSBP/              [ AWS FSBP v1.0.0 playbook ]
    |-CIS120/             [ CIS v1.2.0 playbook ]
    |-CIS140/             [ CIS v1.4.0 playbook ]
    |-common/             [ Common scripts used by multiple playbooks ]
    |-NEWPLAYBOOK/        [ Example playbook ]
      |-bin/              [ Playbook CDK App ]
      |-ssmdocs/          [ Control runbooks ]
    |-PCI321/             [ PCI-DSS v3.2.1 playbook ]
    |-SC/                 [ Security Control playbook ]
  |-remediation_runbooks/ [ Shared remediation runbooks ]
    |-scripts/            [ Scripts used by remediation runbooks ]
  |-solution_deploy/      [ Solution CDK App and custom resource providers ]
    |-bin/                [ Solution CDK App ]
    |-source/             [ Custom resource providers ]
  |-test/                 [ CDK and SSM document unit tests ]

Collection of operational metrics

This solution collects anonymous operational metrics to help AWS improve the quality of features of the solution. For more information, including how to disable this capability, please see the Implementation Guide

License

Distributed under the Apache License Version 2.0. For more information, see LICENSE.txt.

More Repositories

1

serverless-image-handler

A solution to dynamically handle images on the fly, utilizing SharpJS
TypeScript
1,254
star
2

aws-waf-security-automations

This solution automatically deploys a single web access control list (web ACL) with a set of AWS WAF rules designed to filter common web-based attacks.
Python
821
star
3

workload-discovery-on-aws

Workload Discovery on AWS is a solution to visualize AWS Cloud workloads. With it you can build, customize, and share architecture diagrams of your workloads based on live data from AWS. The solution maintains an inventory of the AWS resources across your accounts and regions, mapping their relationships and displaying them in the user interface.
JavaScript
712
star
4

instance-scheduler-on-aws

A cross-account and cross-region solution that allows customers to automatically start and stop EC2 and RDS Instances
Python
504
star
5

video-on-demand-on-aws

An automated reference implementation leveraging AWS Step Functions and AWS Media Services to deploy a scalable fault tolerant Video on demand workflow
JavaScript
489
star
6

quota-monitor-for-aws

This solution leverages AWS Trusted Advisor and Service Quotas to monitor AWS resource usage and raise alerts.
TypeScript
404
star
7

aws-data-lake-solution

A deployable reference implementation intended to address pain points around conceptualizing data lake architectures that automatically configures the core AWS services necessary to easily tag, search, share, and govern specific subsets of data across a business or with other external businesses.
JavaScript
371
star
8

qnabot-on-aws

AWS QnABot is a multi-channel, multi-language conversational interface (chatbot) that responds to your customer's questions, answers, and feedback. The solution allows you to deploy a fully functional chatbot across multiple channels including chat, voice, SMS and Amazon Alexa.
JavaScript
369
star
9

aws-control-tower-customizations

The Customizations for AWS Control Tower solution combines AWS Control Tower and other highly-available, trusted AWS services to help customers more quickly set up a secure, multi-account AWS environment using AWS best practices.
Python
343
star
10

distributed-load-testing-on-aws

Distributed Load Testing on AWS
JavaScript
313
star
11

live-streaming-on-aws

The live stream solution is a reference deployment that demonstrates how to deliver highly available live streaming video through an integrated workflow between Elemental Cloud and AWS.
JavaScript
280
star
12

aws-centralized-logging

TypeScript
253
star
13

media-insights-on-aws

A serverless framework to accelerate the development of applications that discover next-generation insights in your video, audio, text, and image resources by utilizing AWS Machine Learning and Media services.
Python
242
star
14

document-understanding-solution

Example of integrating & using Amazon Textract, Amazon Comprehend, Amazon Comprehend Medical, Amazon Kendra to automate the processing of documents for use cases such as enterprise search and discovery, control and compliance, and general business process workflow.
JavaScript
232
star
15

performance-dashboard-on-aws

A simple cost-effective web application to build and publish dashboards.
TypeScript
174
star
16

iot-device-simulator

The IoT Device Simulator solution is a Graphical User Interface (GUI) based engine designed to enable customers to get started quickly assessing AWS IoT services without an existing pool of devices. The IoT Device Simulator helps effortlessly create and simulate thousands of connected devices that are defined by the customer.
TypeScript
147
star
17

mlops-workload-orchestrator

The MLOps Workload Orchestrator solution helps you streamline and enforce architecture best practices for machine learning (ML) model productionization. This solution is an extendable framework that provides a standard interface for managing ML pipelines for AWS ML services and third-party services.
Python
138
star
18

data-transfer-hub

Seamless User Interface for replicating data into AWS.
TypeScript
132
star
19

video-on-demand-on-aws-foundation

How to implement a video-on-demand workflow on AWS leveraging AWS Lambda, AWS Elemental MediaConvert, Amazon s3 and Amazon CloudWatch. Source code for Video on Demand on AWS Foundation solution.
JavaScript
112
star
20

live-streaming-on-aws-with-amazon-s3

Live streaming on AWS with Amazon S3 automatically configures AWS Elemental MediaLive, Amazon S3 and Amazon CloudFront to ingest, encode, package and deliver a single source live stream through the AWS Cloud. The Solution provides 3 Encoding profiles to support 1080p through 288p HTTP live streaming (HLS) outputs.
JavaScript
108
star
21

aws-ops-automator

A solution for automated and scheduled execution of actions on selected AWS resources, including an updated EBS Snapshot Scheduler
Python
102
star
22

network-orchestration-for-aws-transit-gateway

The Network Orchestration for AWS Transit Gateway solution automates the process of setting up and managing transit networks in distributed AWS environments. It creates a web interface to help control, audit, and approve (transit) network changes.
Python
101
star
23

efs-backup

EFS backup solution performs backup from source EFS to destination EFS. It utilizes fpsync utils (fpart + rysnc) for efficient incremental backups on the file system.
Python
95
star
24

centralized-logging-with-opensearch

Build your own log analytics platform on OpenSearch in 20 minutes
Python
94
star
25

content-analysis-on-aws

As of August 30, 2023, this AWS Solution is no longer available. Existing deployments will continue to run. The functionality provided by Content Analysis on AWS will be superseded with functionality in Media2Cloud on AWS and Content Localization on AWS. We encourage you to explore these solutions.
Vue
93
star
26

virtual-waiting-room-on-aws

Virtual Waiting Room on AWS solution helps absorb and control incoming user requests to your website during an unusually large burst of traffic, usually due to a large-scale event.
Python
88
star
27

streaming-data-solution-for-amazon-kinesis-and-amazon-msk

A solutions that automatically configures the AWS services necessary to easily capture, store, process, and deliver streaming data. This solution helps you solve for real-time streaming use cases like capturing high volume application logs, analyzing clickstream data, continuously delivering to a data lake, and more.
TypeScript
87
star
28

aws-connected-vehicle-solution

The AWS Connected Vehicle Solution is a reference implementation that provides a foundation for automotive product transformations for connected vehicle services, autonomous driving, electric powertrains, and shared mobility.
JavaScript
87
star
29

media-services-application-mapper

Media Services Application Mapper is a browser-based tool that allows operators to visualize the structure and logical connections among AWS Media Services and supporting services in the cloud. The tool can be used as a top-down resource monitoring tool when integrated with CloudWatch.
JavaScript
82
star
30

generative-ai-application-builder-on-aws

Generative AI Application Builder on AWS facilitates the development, rapid experimentation, and deployment of generative artificial intelligence (AI) applications without requiring deep experience in AI. The solution includes integrations with Amazon Bedrock and its included LLMs, such as Amazon Titan, and pre-built connectors for 3rd-party LLMs.
TypeScript
81
star
31

media2cloud-on-aws

Media2Cloud on AWS solution is designed to demonstrate a serverless ingest framework that can quickly setup a baseline ingest workflow for placing video assets and associated metadata under management control of an AWS customer.
JavaScript
80
star
32

simple-file-manager-for-amazon-efs

Serverless web application to manage data in your Amazon EFS Filesystem
Python
74
star
33

automated-data-analytics-on-aws

The Automated Data Analytics on AWS solution provides an end-to-end data platform for ingesting, transforming, managing and querying datasets. This helps analysts and business users manage and gain insights from data without deep technical experience using Amazon Web Services (AWS).
TypeScript
73
star
34

real-time-web-analytics-with-kinesis

AWS Solution with a CloudFormation template used to deploy an Kinesis Analytics application, optional web server for generating web usage data, and Cognito authenticated dashboard for viewing web analytics in real-time.
JavaScript
69
star
35

cost-optimizer-for-amazon-workspaces

This solution analyzes all of your Amazon WorkSpaces usage data and automatically converts the WorkSpace to the most cost-effective billing option (hourly or monthly), depending on your individual usage. Use this with a single account, or with AWS Organizations across multiple accounts, to help you monitor your WorkSpace usage and optimize costs.
Python
69
star
36

multi-region-application-architecture

TypeScript
67
star
37

aws-devops-monitoring-dashboard

The DevOps Monitoring Dashboard on AWS solution is a reference implementation that automates the process for monitoring and visualizing performance and operational metrics in continuous integration/continuous delivery (CI/CD) pipeline following AWS best practices.
JavaScript
64
star
38

real-time-iot-device-monitoring-with-kinesis

AWS Solution with a CloudFormation template for an ingestion mechanism for analytics about device connectivity and activity (i.e. sensor readings), as well as a dashboard for visualizing this data.
CSS
64
star
39

edit-in-the-cloud-on-aws

This step-by-step guide details how to deploy an edit host, storage, and connectivity on AWS.
PowerShell
62
star
40

discovering-hot-topics-using-machine-learning

The Discovering Hot Topics Using Machine Learning solution helps brand-conscious customers understand the most popular topics being actively discussed by ingesting digital assets and performing near real-time inferences and analytics
JavaScript
62
star
41

cloud-migration-factory-on-aws

The Cloud Migration Factory on AWS solution is designed to coordinate and automate manual processes for large-scale migrations. This solution helps enterprises improve performance and prevents long cutover windows by providing an orchestration platform for migrating workloads to AWS at scale.
Python
57
star
42

cognito-user-profiles-export-reference-architecture

A reference architecture for exporting user profiles, group details, and group memberships from an Amazon Cognito User Pool to an Amazon DynamoDB global table using AWS Step Functions and AWS Lambda.
JavaScript
49
star
43

automated-forensic-orchestrator-for-amazon-ec2

Automated Forensics Orchestrator for Amazon EC2 is a self-service AWS Solution implementation that enterprise customers can deploy to quickly set up and configure an automated orchestration workflow that enables their Security Operations Centre (SOC) to capture and examine data from EC2 instances and attached volumes as evidence for forensic analysis, in the event of a potential security breach. It will orchestrate the forensics process from the point at which a threat is first detected, enable isolation of the affected EC2 instances and data volumes, capture memory and disk images to secure storage, and trigger automated actions or tools for investigation and analysis of such artefacts. All the while, the solution will notify and report on its progress, status, and findings. It will enable SOC to continuously discover and analyze patterns of fraudulent activities across multi-account and multi-region environments. The solution will leverage native AWS services and be underpinned by a highly available, resilient, and serverless architecture, security, and operational monitoring features. Digital forensics is a 4 step process of triaging, acquisition, analysis and reporting. Automated Forensics framework provides capability to enterprise to act on security event by imaging or acquisition of breached resource for examination and generate forensic report about the security breach. In the event of a security breach, it will enable customers to easily to capture and examine required targeted data for forsensic’s storage and analysis. This solution framework enables security operations centre to discover and analyse patterns of fraudulent activities. The automated forensics solution will provide a multi-account and a multi-region [“solution”] built using native AWS services.
Python
47
star
44

serverless-bot-framework

A solution which enables a multilingual conversational platform, facilitating the creation of applications using voice and text
Python
43
star
45

liveness-detection-framework

A framework that helps you implement liveness detection mechanisms into your applications by means of an extensible architecture on AWS.
TypeScript
43
star
46

real-time-insights-account-activity

An application and real-time dashboard providing insights into AWS account activity.
CSS
42
star
47

improving-forecast-accuracy-with-machine-learning

The Improving Forecast Accuracy with Machine Learning solution generates, tests, compares, and iterates on Amazon Forecast forecasts. The solution automatically produces forecasts and generates visualization dashboards for Amazon QuickSight or Amazon SageMaker Jupyter Notebooks—providing a quick, easy, drag-and-drop interface that displays time series input and forecasted output.
Python
42
star
48

aws-crr-monitor

A solution for near real-time monitoring of replication of objects in Amazon S3 between a source bucket and a destination bucket across multiple regions.
Python
39
star
49

real-time-live-sports-updates-using-aws-appsync

The Real-Time Live Sports Updates Using AWS AppSync solution is designed to help media and entertainment customers to deliver real-time live sports updates to web and mobile application via AppSync subscriptions. By leveraging the reference architecture implemented in this solution, M&E companies will be able to deliver sports scores, track live game/match info, send fantasty sports updtates.
JavaScript
38
star
50

application-monitoring-with-amazon-cloudwatch

Deploy a solution that provides a preconfigured dashboard so that you can instantly monitor key performance metrics and logs for your Apache, NGINX and Puma workloads running on Amazon EC2.
TypeScript
34
star
51

real-time-analytics-spark-streaming

A solution describing data-processing design pattern for streaming data through Kinesis and Spark Streaming at real-time.
Shell
34
star
52

firewall-automation-for-network-traffic-on-aws

Firewall Automation for Network Traffic on AWS configures the AWS resources needed to filter network traffic. This solution saves you time by automating the process of provisioning a centralized AWS Network Firewall to inspect traffic between your Amazon VPCs.
TypeScript
33
star
53

content-localization-on-aws

Automatically generate multi-language subtitles using AWS AI/ML services. Machine generated subtitles can be edited to improve accuracy and downstream tracks will automatically be regenerated based on the edits. Built on Media Insights Engine (https://github.com/awslabs/aws-media-insights-engine)
Vue
33
star
54

fhir-works-on-aws

A serverless implementation of the FHIR standard that enables users to focus more on their business needs/uniqueness rather than the FHIR specification.
TypeScript
29
star
55

smart-product-solution

The Smart Product Solution is a customer deployable reference architecture to help manufacturers to jumpstart development of innovative connected/smart product services.
JavaScript
28
star
56

research-service-workbench-on-aws

A mono-repository containing many tools and libraries to spark innovation
TypeScript
28
star
57

machine-learning-for-telecommunications

A base solution that helps to generate insights from their data. The solution provides a framework for an end-to-end machine learning process including ad-hoc data exploration, data processing and feature engineering, and modeling training and evaluation. This baseline will provide the foundation for industry specific data to be applied and models created to release industry specific ML solutions.
Jupyter Notebook
27
star
58

aws-firewall-manager-automations-for-aws-organizations

The Automations For AWS Firewall Manager solution is intended for customers looking to easily manage consistent security posture across their entire AWS Organization. The solution uses AWS Firewall Manager Service.
TypeScript
27
star
59

maintaining-personalized-experiences-with-machine-learning

The Maintaining Personalized Experiences with Machine Learning solution provides an automated pipeline to maintain resources in Amazon Personalize. This pipeline allows you to keep up to date with your user’s most recent activity while sustaining and improving the relevance of recommendations
Python
24
star
60

account-assessment-for-aws-organizations

Account Assessment for AWS Organizations programmatically scans all AWS accounts in an AWS Organization for identity-based and resource-based policies with Organization-based conditions.
Python
23
star
61

media-exchange-on-aws

MediaExchange On AWS
TypeScript
22
star
62

enhanced-document-understanding-on-aws

Enhanced Document Understanding on AWS delivers an easy-to-use web application that ingests and analyzes documents, extracts content, identifies and redacts sensitive customer information, and creates search indexes from the analyzed data.
JavaScript
22
star
63

secure-media-delivery-at-the-edge-on-aws

TypeScript
20
star
64

amazon-s3-glacier-refreezer

The Amazon S3 Glacier Re:Freezer is a serverless solution that automatically copies entire Amazon S3 Glacier vault archives to a defined destination Amazon Simple Storage Service (Amazon S3 bucket) and S3 storage class.
JavaScript
20
star
65

verifiable-controls-evidence-store

This repository contains the source code of the Verifiable Controls Evidence Store solution
TypeScript
18
star
66

amazon-marketing-cloud-uploader-from-aws

Easily upload first-party signals into Amazon Marketing Cloud (AMC) for evaluating and planning advertising campaigns
Python
18
star
67

digital-evidence-archive-on-aws

TypeScript
17
star
68

multi-region-infrastructure-deployment

JavaScript
17
star
69

machine-to-cloud-connectivity-framework

Machine to Cloud Connectivity Framework is a reference implementation that enables connectivity between equipment supporting Open Protocol Communication Data Access (OPC DA), Open Protocol Communication Unified Architecture (OPC UA), OSI Pi, and Modbus TCP protocol.
TypeScript
16
star
70

application-pattern-orchestrator-on-aws

Application Pattern Orchestrator (APO) is an AWS Solution that helps customers to establish and manage an internal catalog of reusable, repeatable, well-architected, secure-by-design, and production-ready cloud infrastructure patterns for use by application development and engineering teams throughout their organisations.
TypeScript
15
star
71

dynamic-object-and-rule-extensions-for-anfw

Solution to specify elastic and dynamic cloud resources as objects that can be easily referenced within AWS Network Firewall rules
TypeScript
15
star
72

operations-conductor

[Deprecated] This solution helps customers reduce operational complexity and enables administrators to quickly create manual, event-based or time-based triggers for managing resources.
TypeScript
14
star
73

data-connectors-for-aws-clean-rooms

Simplify the process of selecting application sources and preparing data for collaborating in AWS Clean Rooms
Python
13
star
74

amazon-virtual-andon

Deploy a solution that provides a scalable Andon system to help optimize processes, support the transition to predictive maintenance, and prevent issues.
TypeScript
13
star
75

connected-mobility-solution-on-aws

Accelerate development and deployment of connected vehicle assets with purpose-built, deployment-ready accelerators, and an Automotive Cloud Developer Portal (ACDP)
Python
12
star
76

aws-connected-mobility-solution

7
star
77

scalable-analytics-using-apache-druid-on-aws

Scalable analytics using Apache Druid on AWS is a solution offered by AWS that enables customers to quickly and efficiently deploy, operate and manage a cost-effective, highly available, resilient, and fault tolerant hosting environment for Apache Druid analytics databases on AWS.
TypeScript
7
star
78

migration-assistant-for-amazon-opensearch

Upgrade, Migrate, and Compare OpenSearch Clusters
TypeScript
6
star
79

audience-uploader-from-aws-clean-rooms

Audience Uploader from AWS Clean Rooms deploys the resources required to enable users to upload privacy-protected data to 3rd party platform to add users to a specific segment.
Python
5
star
80

amazon-marketing-cloud-insights-on-aws

Amazon Marketing Cloud Insights on AWS helps advertisers and agencies running campaigns on Amazon Ads to easily deploy AWS services to store, query, analyze, and visualize reporting from the AMC API
Python
4
star
81

machine-downtime-monitor-on-aws

Machine Downtime Monitor on AWS is a self-service, cloud solution that customers can utilize to monitor their machines for breakdowns on factory floors. The solution connects to machines on a factory floor via the OPC-DA protocol and provides a near real-time view of machines statuses across lines and factories. The solution deploys Amazon Kinesis stream and provides a flexible model to configure how machine data should be interpreted, based on customers’ needs.
TypeScript
4
star