Operational Excellence

24 Times Used
22 MAY 2019
Check AWS WorkSpaces Operational State

Workflow to report whether any AWS Workspaces are in an 'Unhealthy State'. Report is sent once every day, and can be configured according to the use case.

View Template
Notify if an unreasonably high number of cache cluster nodes are provisioned

Make sure the number of ElastiCache cluster cache nodes provisioned in your AWS account has not reached the limit set by your organization. Monitoring and setting limits will assist you to handle your resources better and avoid unforeseen costs in your AWS bill.

View Template
Send report of EC2 Instances which are using previous generation instance type

Using instances of the current generations provides better hardware performance (faster CPUs, increased memory and network throughput), better virtualization technology (HVM) and lower costs. You should consider upgrading your EC2 machines if using old generations.

View Template
Check if Lambda Runtime Environment Version is the latest

This workflow checks if the lambda functions' runtime environment is updated to the latest version and reports the ones that are not updated to the latest version.

View Template
Notify if any of the EC2 Instances are running in EC2-Classic

Running instances in EC2-VPC instead of EC2-Classic provides better flexibility and control over security, traffic routing and availability.

View Template
Send report of EC2 Instances older than 150 days

It is an AWS best practice to stop and relaunch your old EC2 instances, so that they are reallocated to updated and more reliable hardware. Instances older than 150 days are recommended to be updated.

View Template
Send report of EC2 Instances which are using IAM access keys

It is an AWS best practice to use IAM Roles over IAM Access Keys to sign AWS API requests, as Roles provide more flexibility to manage permissions. This workflow sends a report of EC2 instances which are not using IAM Roles.

View Template
Send report of Over-utilized EC2 nodes

This workflow sends a periodic report of EC2 instances that are over-utilized (default 90%). Instances that are over-utilized may cause slower application response. You can consider upgrading these machines.

View Template
Notify if AWS CloudTrail is not Enabled

AWS CloudTrail can help you achieve compliance and improve security by logging API calls and changes to your cloud resources.

View Template
Prevent duplicate entries in AWS CloudTrail logs

In order to prevent duplicate records in log occurrences for global AWS services such as IAM, STS or Cloudfront, ensure that only one trail in a multi-region logging setup has the 'Include Global Services' function enabled.

View Template
Send report of security groups with empty descriptions

It is an AWS best practice to give a description for your security groups. It helps in quickly getting more insight into the configuration of your security group. You should define the purpose and identity of the IP address to each rule. This workflow sends a report of security groups which do not have descriptions to any of the rules.

View Template
Send report of under-utilised EC2 machines

This workflows send a report of under-utilised(default 40%) EC2 instances. You can save cost by downsizing under-utilised EC2 instances.

View Template
CloudTrail multi-region logging

Global tracking of your AWS API Calls will assist you to better manage your AWS account and your infrastructure security.

View Template
Enable version upgrade for redshift cluster if not already enabled

This workflow enables Version Upgrade feature on your Redshift cluster. AWS Redshift engine upgrades will occur automatically so the data warehouse service engine can get the newest features, bug fixes or the latest security patches released.

View Template
Notify If any EC2 instance in your account is not Launched using approved/golden AMIs

It is an AWS best practice to launch EC2 machine from an approved/golden AMI. Approved AMI is an image of an EC2 Instance containing all the necessary software and settings configured for your application; which helps in scaling, and quick & secure deployment.

View Template
Enable global service events tracking in AWS CloudTrail

With API tracking for global services, such as IAM, STS and CloudFront, you can have complete visibility over all of your AWS infrastructure. Having CloudTrail logging enabled for regional and global AWS services will assist you to ensure compliance and troubleshoot operational or safety issues within your AWS account.

View Template
Notify if API Gateway Endpoints are public

Notifies if any Api Gateway endpoint is accessible via internet.

View Template
Ensure AWS CloudTrail logging for global events is enabled

With API tracking for global services, such as IAM, STS and CloudFront, you can have complete visibility over all of your AWS infrastructure. Having CloudTrail logging enabled for regional and global AWS services will assist you to ensure compliance and troubleshoot operational or safety issues within your AWS account.

View Template
Notify if any AWS AMIs are publicly shared

AWS AMIS created by you might contain sensitive information like your application or its data that should not be exposed outside your organisation. This workflow notifies if any of the AWS AMIs are publicly shared.

View Template
Activate all features of organisation using service control policies (SCPs)

Ensure that all features within your Amazon organizations are enabled to gain full control over the use of AWS services and actions across multiple AWS accounts using Service Control Policies.

View Template
Use AWS Organisations

Ensure that Amazon Organizations must be in use to gain oversight on the usage of AWS services across multiple AWS accounts

View Template
Expired ACM Certificates

Having expired ACM certificates lying around is not a AWS best practice and can potentially affect your application, in case they are picked during deployment.

View Template
Notify If number of EC2 Instances are more than 50

This workflow periodically finds if number of instances in your account are more than the limit set by you (default limit is 50) and sends a Email or Slack notification.

View Template
ACM Certificates Pending Validation

Notifies you of ACM Certificates Pending Validation, every hour. This will help you to minimize interruption to your applications or services.

View Template
AWS Automation Builder by TotalCloud - The easiest and fastest way to automate AWS | Product Hunt Embed