Contenu connexe Similaire à Ramping up on AWS (20) Plus de Amazon Web Services (20) Ramping up on AWS1. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Ramping Up on AWS
2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Our Goal for Today…
• Principles
• Organizational Architecture
• Technical/Account Architecture
3. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
First Steps…
One
Account
4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
One
Account
Database
Application
Web / Presentation
Database
Application
Web / Presentation
First Steps…
Your First App
5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
One
Account
Database
Application
Web / Presentation
Database
Application
Web / Presentation
Your First App
Database
Application
Web / Presentation
Database
Application
Web / Presentation
Your Second App
First Steps…
6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Second
Account
First Steps…
7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Rest API
Service
Rest API
Service
Second
Account
Your Third App
Rest API
Service
First Steps…
8. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Rest API
Service
Rest API
Service
Second
Account
Your Third App
Rest API
Service
Rest API
Service
Rest API
Service
Your Fourth App
Rest API
Service
First Steps…
9. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
First Steps…
One
Account
1,000s of
AccountsMany Accounts
10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
First Steps…
One
Account
1,000s of
AccountsMany Accounts
11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Why is one not enough?…
Many Teams
12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Why is one not enough?…
Many Teams Isolation
13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Why is one not enough?…
Many Teams Isolation
Security Controls
14. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Why is one not enough?…
Many Teams Isolation
Security Controls Business Process
15. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Why is one not enough?…
Many Teams Isolation
Security Controls Business Process
Billing
16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Why is one not enough?…
Pros
• Complete security and resources
isolation
• Smaller blast radius
• Simplified billing per account
17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Why is one not enough?…
Pros
• Complete security and resources
isolation
• Smaller blast radius
• Simplified billing per account
Cons
• Aggregation/Distribution
• Setup and operation overhead
• More complex security policies
across accounts
18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Well Architected…
Operational Excellence
Security
Reliability
Performance Efficiency
Cost Optimization
19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Design Principles
• Perform operations as code
20. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Design Principles
• Perform operations as code
• Annotated documentation
21. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Design Principles
• Perform operations as code
• Annotated documentation
• Make frequent, small, reversible changes
22. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Design Principles
• Perform operations as code
• Annotated documentation
• Make frequent, small, reversible changes
• Refine operations procedures frequently
23. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Design Principles
• Perform operations as code
• Annotated documentation
• Make frequent, small, reversible changes
• Refine operations procedures frequently
• Anticipate failure
24. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Design Principles
• Perform operations as code
• Annotated documentation
• Make frequent, small, reversible changes
• Refine operations procedures frequently
• Anticipate failure
• Learn from all operational failures
25. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What Helps?…
Don't let the failures of today be
the reason for the failures of
tomorrow
- Bobby Kennedy
26. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
The Journey Begins
PREPARE
27. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
The Journey Begins
PREPARE OPERATE
28. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
The Journey Begins
PREPARE EVOLVEOPERATE
29. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
How do you prepare…
Set Your Operational Priorities
30. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
How do you prepare?…
Design with Operations in Mind
31. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
How do you prepare?…
Design with Operations in Mind
32. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
How do you prepare?…
Operational Readiness
33. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
How do you prepare?…
Operational Readiness
34. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What Helps?…
• Create the conditions for change
35. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What Helps?…
• Create the conditions for change
• Educate across the organization
36. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What Helps?…
• Create the conditions for change
• Educate across the organization
• Live and breathe collaboration
37. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What Helps?…
• Create the conditions for change
• Educate across the organization
• Live and breathe collaboration
• Embrace (constructive) criticism
38. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What Helps?…
• Create the conditions for change
• Educate across the organization
• Live and breathe collaboration
• Embrace (constructive) criticism
• Build organizational trust
39. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What Helps?…
• Create the conditions for change
• Educate across the organization
• Live and breathe collaboration
• Embrace (constructive) criticism
• Build organizational trust
• Incremental change is powerful
40. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What Helps?…
=
Culture
Values + Behaviors
41. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Practical First Steps?…
Steps in that Evolution
42. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
So where do we begin?…
AWS Organizations Master
Data Center
No connection to DC
Service Control Policies
Consolidated billing
Minimal resources
Limited access
Delete Orgs role!
43. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
So where do we begin?…
Core Accounts
AWS Organizations Master
Data Center
Optional data center
connectivity
Security tools and audit
Cross-account
read/write
Limited access
AWS
CloudTrail
AWS
Config
Logging
Security
44. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
So where do we begin?…
Security
Core Accounts
AWS Organizations Master
Data Center
Managed by network
team
Networking services
AWS Direct Connect
Limited access
Logging
Network
45. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
So where do we begin?…
Security
Core Accounts
AWS Organizations Master
Network
Data Center
Connected to DC
DNS
LDAP/Active Directory
Shared Services VPC
Deployment tools
Golden AMI
Pipeline
Scanning infrastructure
Inactive instances
Improper tags
Snapshot lifecycle
Monitoring
Limited access
Logging
Shared
Services
46. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
So where do we begin?…
Security
Core Accounts
AWS Organizations Master
Shared
Services
Network
Data Center
Reduces access to
Master Organizations
account
Billing reports
Usage metrics and
reporting
Usage optimizations
and RI management
Limited access
Logging
Billing
Tooling
47. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
So where do we begin?…
Security
Core Accounts
AWS Organizations Master
Billing
Tooling
Shared
Services
Network
Data Center
Logging
Regulatory compliance
Read-only access to
needed logs
Limited accessInternal
Audit
48. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
So where do we begin?…
Security
Core Accounts
AWS Organizations Master
Billing
Tooling
Shared
Services
Network
Internal
Audit
Data Center
Logging
No connection to DC
Innovation space
Fixed spending limit
Autonomous
Experimentation
Developer Accounts
Developer
Sandbox
49. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
So where do we begin?…
Developer Accounts
Security
Core Accounts
AWS Organizations Master
Billing
Tooling
Shared
Services
Network
Internal
Audit
Data Center
Logging
Based on level of
needed isolation
Match your
development lifecycle
BU/Product/Resource Accounts
Developer
Sandbox
50. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
So where do we begin?…
Developer Accounts
Security
Core Accounts
AWS Organizations Master
Billing
Tooling
Shared
Services
Network
Internal
Audit
Data Center
Logging
Develop and iterate
quickly
Collaboration space
Stage of SDLC
BU/Product/Resource Accounts
Dev
Developer
Sandbox
51. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
So where do we begin?…
Dev
BU/Product/Resource Accounts
Developer Accounts
Security
Core Accounts
AWS Organizations Master
Billing
Tooling
Shared
Services
Network
Internal
Audit
Data Center
Logging
Connected to DC
Production-like
Staging
QA
Automated
deployments
Pre-Prod
Developer
Sandbox
52. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
So where do we begin?…
Dev Pre-Prod
BU/Product/Resource Accounts
Developer Accounts
Security
Core Accounts
AWS Organizations Master
Billing
Tooling
Shared
Services
Network
Internal
Audit
Data Center
Logging
Connected to DC
Production applications
Promoted from Pre-Prod
Limited access
Prod
Developer
Sandbox
53. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
So where do we begin?…
Dev Pre-Prod
BU/Product/Resource Accounts
Developer Accounts
Security
Core Accounts
AWS Organizations Master
Billing
Tooling
Shared
Services
Network
Internal
Audit
Data Center
Logging
Prod
Grows organically
Shared to the BU/team
Product-specific
common services
Data lake
Common tooling
Common services
Shared
Services
Developer
Sandbox
54. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
So where do we begin?…
Dev Pre-Prod
BU/Product/Resource Accounts
Developer Accounts
Security
Core Accounts
AWS Organizations Master
Billing
Tooling
Shared
Services
Network
Internal
Audit
Data Center
Logging
Prod
Shared
Services
No connection to data
center
New initiatives
Disconnected from
data center
Experimentation
Innovation
Sandbox
Developer
Sandbox
55. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
And finally…
Dev Pre-Prod
BU/Product/Resource Accounts
Developer Accounts
Security
Enterprise Accounts
AWS Organizations Master
Billing
Tooling
Shared
Services
Sandbox
Network
Internal
Audit
Data Center
Logging
Prod
Shared
Services
Orgs: Account management
Logging: Centralized logs
Security: AWS Config Rules,
security tools
Shared services: Directory, DNS,
limit monitoring
Billing Tooling: Cost monitoring
Sandbox: Experiments
Dev: Development
Pre-Prod: Staging
Prod: ProductionDeveloper
Sandbox
56. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Next Steps…
• Everyone is on the same page
• Empower people to succeed
• Go build
https://aws.amazon.com/answers/aws-landing-zone/
57. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Thank you!