Most business owners want to stay agile and be able to build new services and applications. They want to achieve this while being in a position to establish some level of governance, ensuring everything follows their compliance rules and regulations. The AWS control tower has three pillars: enable, provision, and operate. The control tower allows you to govern and do security operations easily, and at the same time, provide self-service capabilities to your end-users.
Here is how to scale things and provide users with a consistent experience:
This pillar focuses on services like database organization and nativist control tower. These can be considered as building a foundation on which you can adopt AWS quickly and at scale.
The first thing you should do is build an AWS landing zone that will determine how you set up your environment. Think of how many accounts you need to be able to govern in your AWS environment and scale it out.
Next, centralize identity and access, so your cloud admins can log in to your different accounts and effectively manage the environment from a central location. You will also want to establish guardrails and automate compliant account provisioning so you can create new accounts easily. It is important to do this while managing the environment continuously by detecting and mitigating guardrails violations as well as taking action automatically.
There are two types of guardrails: preventive guardrails that prevent policy violations and protective guardrails that detect policy violations. A guardrail can be mandatory, strongly recommended, or elective.
Provisioning AWS with governance
When it comes to provisioning, you can think of this as the service you will be providing to the end-user. Here, you will want to deliver the same kind of experience to your different customers.
Automate compliant account provisioning
When the AWS control tower allows you to create accounts, you will want to ensure that the end-user enjoys a consistent experience. Creating consistency of your standards across the environment is known as standardized account provisioning. By using Cal Factory, you will be able to specify the organizational unit that an AWS account belongs to, after which it will automatically enforce all the guardrails associated to the account.
Enable secure self-service provisioning
Delivering great services will not be complete without enabling secure self-service provisioning. To provide more resources and expand how you do your best practices, you should create a portfolio of service catalog products in the control tower master account. These can then be distributed to your provision or workload accounts so that end-users can take advantage of opportunities.
Agility and control
To operate with agility and control, you will have to consider a few things. First, you will need to monitor the environment and see where specific resources are running. Second, you will want to audit how your environment is set up, focusing on resource configurations, user access, and policy enforcement. Next, it would be critical to take operational action on resources. The good news is that the control tower gives you a dashboard through which you can continuously monitor how your guardrails are doing and take the necessary action.
In the end, you want to do some tests to establish whether everything works, ensure that you have pushed a workable product, the template is valid, and that the product works the way you expect it to work.
There is a lot that goes into enabling AWS adoption at scale with automation and governance in place. Intraway is committed to providing agile solutions designed to streamline business processes and promote the quality of experience. Contact us today to learn more.