Accelerating Cloud Adoption in Federal Government and Regulated Sectors with Agile Governance, Enabled by AWS Service Catalog

1. P U B L I C S E C T O R S U M M I T Washingt on DC, 11 th-12th June, 2019

2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Accelerating Cloud Adoption in Federal Government and Regulated Sectors with Agile Governance, enabled by AWS Service Catalog Speaker Name: Mahdi Sajjadpour Job Title: Principal BD, AWS Service Catalog & Control Tower Company/Org Name: AWS S e s s i o n I D : 3 2 2 0 7 2 Speaker Name: Kaushik Mohanty Job Title: Principal BD, WW Public Sector – AWS Service Catalog & Control Tower Company/Org Name: AWS

3. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Agenda Need for Agile Governance Agile Governance enabled by AWS Service Catalog Do It Right: Simplify, Standardize & Automate Make it Easy: Self-Service via AWS Service Catalog console or ITSM Wrap-Up and Customer Testimonial Q&A

5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Central IT departments that fall behind in establishing cloud governance risk security breaches, denial of service (DoS) attack, loss of control and cloud resources overspend Agility in the Cloud and Governance Control Central IT departments that fall behind in establishing cloud governance risk security breaches, denial of service (DoS) attack, loss of control and cloud resources overspending. Implementing automated governance is part of transforming central IT’s role from fulfilling users’ requests to empowering self-service for teams that need the agility to use cloud services with native tools. Source: ‘Implementing Governance for Public Cloud IaaS’, January 2019, Gartner

7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Business agility and governance control ꟷ GOVERNANCE — AGILITY — Experiment Be productive Respond quickly to change

9. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T AWS Service Catalog: Simplifying Provisioning End UsersOrganizations Curation Compliance Standardization Agility Self-Service Time to Market SpeedSecurity Service Catalog enables organizations to deploy and manage AWS infrastructure and applications that reflect the organization’s security and operational policies

10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Amazon EMR Amazon DynamoDB Amazon Kinesis Data Analytics AWS Marketplace Amazon RDS AWS Lambda AWS IoT Core AWS CloudFormation Amazon Redshift AWS Service Catalog Current state of self-service AWS console I Need a Server Broad Choices…  Requires Security Policy  Time consuming  Incorrectly tagged  Cost over runs Amazon S3 Amazon EC2

11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Self-service with preconfigured compliance  Constrains  Security controls  Parameter validation  IAM assignment  Tag enforcement Standardizes best practices JSON or YAML AWS Services AWS Marketplace third-party products Customer-Created AWS-Based Solution AWS Service Catalog Admin

12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T User’s product list  Compliant with polices  Correctly tagged  Within budget AWS Service Catalog User Amazon Redshift Amazon EC2 Amazon S3 Amazon EC2 New state of self-service

13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T • Control AWS Provisioning => CT/LZ/AVM • Self Service Portal – One Stop Shop => DevOps • Standardized & Automated Deployments => Multi-Act. • Version Control for AWS Users => IT LifeCycle Mgmt. • Enforce Governance & Compliance proactively => G@S • Integrate with ITSM tools => ServiceNow/BMC AWS Service Catalog | Key Use Cases GOV @ SCALE RESEARCH (evolving) Feature => Use Cases

15. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Bristol-Myers Squibb Web Site Kit: 6 weeks of work <30 min If you build it yourself: Team can instantiate it: Maybe miss features / security Already Info-Sec reviewed, ongoing updates REST API Kit: 8 weeks of work <30 min If you build it yourself: Maybe miss features / security & Lots of complexity Already Info-Sec reviewed, ongoing updates Team can instantiate it:

16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T ” “ Wiley Launches Digital Applications in Minutes Using AWS Service Catalog Wiley is a leading global publisher of scientific, technical, medical, and scholarly journals. • Wanted to move several key applications to the cloud to support business innovation • Uses AWS Service Catalog to enable developer self-service and automation • Launches new applications in 5 minutes instead of many weeks • Gives developers self-service capabilities • Enables the creation of new digital publishing platforms Meltem Dincer Vice President of Platform Capabilities, Wiley Using AWS Service Catalog, we are truly a cloud-first company.

17. By using AWS Service Catalog, I can have a new pipeline ready in 10 minutes, instead of needing days to build it manually. – James Martin, Manager of Automation Engineering, 3M Health Information Systems

19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Developer AWS Service Catalog CloudFormation Template Standardized Patterns Application Specific Patterns • Preapproved, verified, secure • Common application pattern • Security/governance enforced • Immediately available • Requires security checks • Specific to application needs • Longer provisioning time • New application pattern Automate with a Path to DevOps

20. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Distribution model for standardized patterns Shared services account AWS Service Catalog admins can import the portfolios (portfolio ID required) LOB account LOB account LOB account Share directly with AWS Service Catalog or via Organizations Hub & spoke

21. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Standardize with Well-Architected Service Catalog product samples AWS CloudFormation templates have governance & best practices built in Amazon EC2 Amazon RDS Amazon SageMaker Amazon S3 Amazon EMR AWS Service Catalog Reference Architecture GitHub repository https://github.com/aws- samples/aws-service- catalog-reference- architectures

22. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Try it out yourself! • AWS Service Catalog Reference Architecture GitHub repository • CodePipeline folder • https://github.com/aws-samples/aws-service-catalog-reference- architectures/tree/master/codepipeline • More labs and sample templates available

23. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T AWS CloudFormation validation pipeline Deploy with AWS CloudFormation Release Automation 1. Commits to master 3. Copy to Amazon S3 and execute AWS CloudFormation 2. TaskCat and cfn_nag End Users provision updated Products

24. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Distribution model: application-specific patterns Publish AWS Service Catalog product to an Application-Specific Portfolio in the Application’s LOB AWS Account(s) LOB Account(s) Application-Specific Portfolio

25. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Automate Account Vending AWS Service Catalog Lambda-backed custom resource Logging account Amazon S3 bucket Master Account New AWS account CloudTrail Stack Config Stack EBS Encryption Stack CLv2 Spoke Admin RoleAmazon VPC (default) Read Only Role AWS Organizations Existing or New OU AWS CloudFormation StackSets Try it out yourself @ https://aws.amazon.com/blogs/mt /automate-account-creation-and- resource-provisioning-using-aws- service-catalog-aws- organizations-and-aws-lambda/

27. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T AWS Service Catalog Brand Your Console Allows customers to upload their logo, choose primary & accent colors into the AWS Service Catalog Console!

28. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Challenges in the Hybrid Organization • Organizations would like to integrate AWS provisioning and management with their ITSM system. • AWS provisioning needs to tie into an organization’s existing ITSM implementation, processes, and workflows. • Lengthy time to integrate AWS with ITSM systems.

29. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T AWS Service Catalog Connector for ServiceNow Self-service for end users: • Provision AWS resources • Manage AWS resources • Integration with existing workflows

30. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Enabling self-service via ITSM Users browse and request AWS services Administrators procure, publish, and govern AWS services Operators monitor and manage AWS services 1 2 3 Amazon EC2 Amazon S3 Amazon RDS Amazon VPC Amazon EMR Amazon SQS Amazon ML AWS Mobile Hub AWS IoT Amazon WorkSpaces 3rd Party ISV Offerings AWS

31. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Browse the AWS Service Catalog products The AWS SC Connector in ServiceNow Request and use

32. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T User experience Browse Products 3 2 1 Portfolio End Users Select Product, Configure Parameters, Request LaunchDeploy Outputs 4 Service Request Workflow—RITM Maps to AWS Service Catalog Portfolio Launch Product Provisioned Product Configuration Item AWS Service Catalog API AWS Service Catalog

33. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Benefits for users Familiar, easy to use, self-service interface to: • Provision or request AWS resource(s) • Manage AWS resource(s): • Self-service update and terminate • Stop, start, reboot Amazon WorkSpaces or Amazon EC2 • Snapshot of Amazon EBS storage volumes • Workflows and approvals automatically triggered

34. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Benefits for enterprises • Reduces time to integrate ServiceNow with AWS • Accelerates AWS onboarding and adoption • Build and leverage existing workflows, approvals, record keeping, and auditing (CMDB) within ServiceNow • Does not require ServiceNow team to learn AWS • Available now, at no cost, in the ServiceNow store

35. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T AWS Service Catalog allows Deloitte's ConvergeHEALTH to provision its solutions in near real-time

36. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Summary: Outcomes customers accomplish! Stay agile Innovate with the speed Empower builders Provide self-service & developer autonomy Establish governance Maintain the security & compliance posture

37. Thank you! © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Speaker Name: Kaushik Mohanty Company Name: AWS Contact Info.: kmohanty@amazon.com (703) 300 8960