Assessing change management and configuration policies
As we covered in Chapter 5, Financial Resource and Change Management Controls, in the cloud, automation is embedded into change management processes. Leveraging automation reduces the opportunity for manual IT control failures. Organizations need to ensure that there are safeguards within the automated process that enforce separation of duties, that the automation workflows are regularly reviewed to ensure they adhere to change controls requirements, and that there is clear visibility and approval for those individuals with access to change the automation workflows or perform approvals as part of the workflows.
Each of the cloud providers has its own set of capabilities that can be used to manage changes. We will look at one capability provided by AWS named AWS Systems Manager | Change Manager.
Change Manager is a tool that can be utilized for managing changes to AWS resources.
To launch Change Manager within AWS Systems Manager, take the following steps:
- Navigate to the AWS cloud portal.
- Select AWS Systems Manager | Change Management | Change Manager.
As you can see on the Change Manager | Overview tab, an organization can create custom templates or change requests, as seen in Figure 10.6:
Figure 10.6 – AWS Systems Manager | Change Manager
3. When you launch Change templates, under the Overview tab, the organization can define required approvals, as seen in Figure 10.7. During an assessment, an IT auditor may want to verify that the approvers are actually authorized by the organization:
Figure 10.7 – Change Manager | Change request approvals
4. On the Change Manager | Requests tab, an IT auditor can review approved or rejected requests, as seen in Figure 10.8:
Figure 10.8 – Change Manager | Requests
Another key feature within AWS Systems Manager | Change Management, is Automation.
With Automation, an organization can define the actions that Systems Manager performs on its AWS resources when an automation runs. An automation template needs to be selected. The automation template defines the automation steps to be performed for a given workflow. In the following screenshot, we have selected Patching workflows to be automated. As you can see, there is an option to automate patches with a rollback in case of any issues:
Figure 10.9 – AWS Systems Manager | Automation
AWS Systems Manager | Change Management, also offers a Change Calendar calendar with which an organization can schedule its changes, as seen in Figure 10.10:
Figure 10.10 – AWS Systems Manager | Change Calendar