SlideShare une entreprise Scribd logo

Simplify & Standardise Your Migration to AWS with a Migration Landing Zone

Amazon Web Services
Amazon Web Services

With customers migrating workloads to AWS, we are starting to see a need for the creation of a prescribed landing zone, which uses native AWS capabilities and meets or exceeds customers' security and compliance objectives. In this session, we will describe an AWS landing zone and explain features for account structuring, user configuration, provisioning, networking and operation automation. The Migration Landing Zone solution is based on AWS native capabilities such as AWS Service Catalog, AWS Identity and Access Management, AWS Config Rules, AWS CloudTrail and AWS Lambda. We will provide an overview of AWS Service Catalog and how it be used to provide self-service infrastructure to applications users, including various options for automation. After this session you will be able to configure an AWS landing zone for successful large scale application migrations. Speaker: Koen Biggelaar, Senior Manager, Solutions Architecture, Amazon Web Services and Mahmoud ElZayet

1  sur  48
Télécharger pour lire hors ligne
Koen vd Biggelaar - Sr Mgr AWS Solutions Architecture Mahmoud ElZayet – Solutions Builder Tuesday 31st October 2017 Simplify & Standardise Your Migration to AWS with a Migration Landing Zone LONDON
Planning a Migration? Key Questions to consider How do we configure our AWS environment What are best practices for Security and Compliance How do we build a Cloud Operating Model How do we develop a business case What types of migration will we use What is our application portfolio What are our key drivers Which partners are we going to use ?
What is an AWS Landing Zone? - A baseline secure multi-account AWS environment configured based on best practices - A starting point for your application migration journey - An environment that allows for iteration & extension over time H
What to Expect from the Session © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. H Understand Build Engage Operate
AWS Cloud Adoption Framework
Application Migration Create Landing Zone Migrate Apps Operate & Optimise H
Landing Zone Journey Domains Direct Connect Start Accounts End User Interaction AutomationService Catalog Central Services Migrate Iterate Operate & Optimise Logging Config Access Identities Federation Network Security Identity & Access Operational Automation What’s Next ? Imaging
Infrastructure Request Current State Typical Enterprise Situation Governance & Service Management Central IT Lines of Business Provisioning Characteristics • Lead times ~days to weeks • Service catalogue of components • Often process-heavy service management
Agility versus Control How to choose? We want agility, so we can innovate in our business I need control, so I can protect our business Business & Business IT Central IT?
Monitor & Respond Landing Zone Templates Policy & Best Practices Landscape Management Current State Opportunity to achieve Agility and Control Automation Lines of Business Central IT Opportunities • Lead times in minutes • Service catalogue of landscapes • Automated service management
Security Guiding Principles Landscapes & Automation Cloud IT Consumers
Start Accounts Network Security Identity & Access Operational Automation What’s Next ?
Account Structure • Don’t overdo on Day One • Use separate accounts for: Security and Compliance Isolation (production non-prod, logging) Cost Allocation Resource Management and Ownership
Account Structure Billing Security and Audit Shared Services Dev & Test Mobile IoT Business Apps Digital Platforms Option: Per AWS Region Production Generic Production Critical Central Accounts Application Accounts Dev & Test Analytics
Application Account(s) Peering Billing Account Security & Audit Account Shared Services Account Logs Billing Billing Account Structure Security & Audit Account Structure Shared Services Account Structure Application Account Structure Security & Audit Account Logs Billing Account Shared Services Account Application Account(s)Consolidated Billing Security & Audit Account Shared Services Account Application Account(s) Billing Account Shared Services Account VPC Peering Billing Account Security & Audit Account Application Account(s) Initial Account Structure Different Perspectives
Manage Multiple Accounts CloudFormation StackSets Stack Set Payer / Adminstrator Account Template Region Stack Target Account: A Stack Target Account: B Account C Account D Account E … Region Stack Target Account: A Stack Target Account: B Account C Account D Account E …
Manage Multiple Accounts AWS Organizations Root OU OU OUOU Stack Set Stack Set Account B Account C Account A Lookup Deploy
Start Accounts Network Security Identity & Access Operational Automation What’s Next ?
Individual VPC Patterns ü Hybrid 2-tier (public and private) ü Internal-only ü Internet-only ü Hybrid 3-tier (Presentation/Application/Data) AWS Quick Start: Scalable VPC PCI DSS
§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§ §§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§ §§§§§§§§§§§§§§§§§§§§§§§§§§§§ ü Leverage existing AWS Direct Connect to route traffic between VPCs ü Offers customers the ability to incorporate transitive routing ü Need to create more than 100 connections per VPC Multiple VPN/DX VIFs Connect Applications running in multiple VPC to your DC AWS Answers: How do I connect multiple VPCs in a single AWS Region?
ü Can create multiple VPCs within the same or different region/account ü Do not require full connectivity between all of their VPCs ü Central shared services VPC ü Multiple VPCs that need access to shared resources but do not each other ü Require fewer than 100 peering connections per VPC §§§§§§§§§§§ §§§§§§§§§§§ §§§§§§§§§§§ §§§§§§§§§§§ §§§§§§§§§§§ §§§§§§§§§§§ §§§§§§§§§§§ §§§§§§§§§§§ §§ Multi-VPC Partially Meshed VPC Peering AWS Answers: How do I share a single VPN connection with multiple VPCs?
§§§§§§§§§§§§§§§§§§§§§§§ §§§§§§§§§§§§§§§§§§§§§§§ §§§§§§§§§§§§§§§§§§§§§§§ §§§§§§§§§§§§§§§§§§§§§ Transit VPC ü Uses customer-managed EC2 VPN instances in a dedicated transit VPC with an IGW ü Implements a transit VPC ü Want more advanced connection types, such as inter-region connectivity, or multi-VPC connectivity to on-premises resources AWS Answers: How do I build a global transit network on AWS?
Start Accounts Network Security Identity & Access Operational Automation What’s Next ?
Set Per-Account Security Baseline Configuration of the security baseline AWS Identity and Access Management (IAM) IAM password and other policies AWS Config Centrally store configuration changes Auditing and Governance Access Control AWS CloudTrail Centrally store audit logs Amazon S3 bucket (security logs) Security Log Account Billing Account Shared Services Application Accounts Application Accounts Application Accounts Application Accounts Security Notifications AWS CloudWatch Alerts Alert and send security notifications AWS Organizations Amazon VPC AWS Directory Service AWS Service Catalog AWS Quick Start: quickstart-compliance-common (Github) AWS Labs Github: aws-config-rules
§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§ §§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§ §§§§§§§§§§§§§§§§§§§§§§§§§§§§ Build Compliance into your AWS accounts • Implement the CIS Foundations Benchmark • Use the UK-OFFICIAL compliance Quick Start • Deploy the AWS Labs CIS Foundation Benchmark Checklist templates AWS Labs Github: aws-security-benchmark AWS Security Blog: Announcing Industry Best Practices for Securing AWS Resources AWS Quick Start: UK-OFFICIAL
Log everything centrally for analysis Centralised logging makes it easy for security teams to consolidate AWS logs and analyze them to detect incidents VPC subnet Amazon EC2 Flow Logs AWS CloudTrail Amazon S3 Amazon CloudWatch AWS Lambda Amazon Elasticsearch Service You can do this by simply using: • Amazon ElasticSearch Service • CloudTrail logs • VPC flow logs • EC2 server logs • AWS Config logsLog Transform Search AWS Answers: How can I implement a centralized logging solution on AWS? What are the native AWS security-logging capabilities?
Choose how to start your compute Private images or import your current ones Launch instance EC2 AMI catalogue Running instance Your instance Hardening and configuration Audit and logging Vulnerability management Malware and IPS Whitelisting and integrity User administration Operating system Configure instance Configure your environment as you like Options to create or import your own ‘gold’ images 1. Import existing VMs to AWS 2. Procure partner AMI from AWS Marketplace 3. Create and save your own custom images 4. Bootstrapping a base AMI AWS Marketplace: CIS Hardened AMIs AWS Devops Blog: How to Create an AMI Builder with AWS CodeBuild and HashiCorp Packer
Start Accounts Network Security Identity & Access Operational Automation What’s Next ?
You get to control who can do what in your AWS environment when and from where Fine-grained control of your AWS cloud with multi-factor authentication Integrate with your existing corporate directory and provide SSO to your customers. Support for SAML 2.0 (like your existing Active Directory) and OpenID compatible Identity Providers (IdPs). You can use AWS managed policies, policies for typical job functions or customer-generated policies using the policy generator and test with the policy simulator AWS account owner Identity and Access Management Control access and segregate duties everywhere
Corporate Data Center Browser interface Identity Store Identity and Access Management Identity Federation AD Group Identity and authentication Mapping to specific IAM role with access policy Access to AWS
Select an Identity Federation Option • Cross-Account Roles with IAM • Cross-Account Roles with AWS Directory Service • SAML Federation • Custom Identity Broker
Example: Cross-Account Roles with AWS Directory Service AWS Answers: How do I manage multiple AWS accounts for security purposes? §§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§ §§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§ §§§§ switch role AWS Directory Service users Shared-services account Sub-accounts (Billing, Security, Application) • Users and groups are managed in one account (Shared-services) using AWS Directory Service • IAM roles in every account is used for fine-grained authorization • Can be integrated with on-premises user directory for authentication
Start Accounts Network Security Identity & Access Operational Automation What’s Next ?
Agility and Control AWS Service Catalog and Marketplace DevelopersOrganizations Standardise Control Govern Agility Self-Service Time to Market …allows organizations to create and manage catalogs of IT services and software on AWS
Key Features Tag Enforcement Portfolio Level IAM access Denial of end-user access to underlying services Constraint CloudFormation Parameters Share Portfolios Version & Re-use Products API, CLI, Console AWS Marketplace to AWS Service Catalog Copy
AWS Ops Automator • Automation Framework • Central Administration • Multi-Account/Multi-Region • Pre-built Actions • Custom Actions (Auto-retry, logging, concurrency…etc.) AWS Answers: https://aws.amazon.com/answers/infrastructure-management/ops-automator/
Tagged EC2 instances for one or more AWS accounts IAM cross account roles controls access to AWS accounts Scheduler role Scheduler configuration table Instance state table EC2 Instance information CloudWatch Logs CloudWatch Metrics CloudWatch rule triggers Scheduler Scheduler Lambda function CloudFormation scheduler stack EC2 instance scheduler A single template deploys all solution components AWS Answers: How do I automatically start and stop my Amazon EC2 instances?/
Logging Buckets Centralised Logging Analytics Cost Optimization Monitor Security Account What have we built so far? High-level Architecture Shared Services Account Billing Account Stack Set Admin Account Stack Sets Stand Alone Templates Scalable VPC Quick Start Cross Account Manager VPC Flow & Instance Logs CloudTrail, Config & IAM Baseline CAM Sub- Account Application Accounts Ops Automator/ Instance Scheduler
Start Accounts Network Security Identity & Access Operational Automation What’s Next ?
Managing to the Portfolio Value Portfolio Tier Requirements Operations Model Approx. % Portfolio* IT Spend Against Portfolio Differentiators High rate of change & innovation; Possibly business-critical, but not always DevOps 15% 60% - 70% Table Stakes Business-critical, but low rate of change. Needs high availability, maximum reliability, and durable DR Automated Efficiency 25% Commodity COTS & commodity, minimal risk, low change, standard downtime & reliability requirements Automated- Traditional 60% 30% - 40% *estimated numbers Provided Under NDA
Increasing Levels of Effort with Increasing Levels of Return Mass migration Re-platform / Refactor Re-architectMaturity Maturity Running Multi-Modal Migrations Value Automation Mass Migration Capex to Opex Cost Out Facilities Closure Consistent Operations Traditional Operations+ Operational Transition Cloud Capable Applications Capex to Opex Nascent Services Cloud COE Managed Services Automated Operations Cloud Aware Applications Serverless Compute Continuous Integration Disruptive Technolog y Maximum Efficiency Advanced Architecture Development and Operations
Sprint 1 Executing Multi-Modal Migrations Program Brown Green Sprint 2 Sprint 3 Sprint 4 Sprint 5 Sprint 6 Sprint 7 Deploy Landing Zone Extend, Integrate and Manage Landing Zone Migration Business Case Discovery Prep Discovery Pipeline Generation Migration Patterns Creation Discovery Greenfield Migrations Innovation Re-Factor Re-Host Complex App (single sprint)
Key Take-Aways • Configuring your AWS environment matching your operations and migration needs, is a key step in your cloud journey • Maximise automation, including cost optimization (i.e. resize instances, on-off schedules) • Check aws.amazon.com/answers for guidance and packaged solutions helping you to build your own Landing Zone • Be agile for your Migrations, not everything can be planned upfront H
Thank you! LONDON
Landing Zone Resources (1/3) Title Link Cost Optimization Monitor https://aws.amazon.com/answers/account-management/cost-optimization- monitor/ Scalable VPC Quick Start https://docs.aws.amazon.com/quickstart/latest/vpc/ PCI DSS Quick Start https://aws.amazon.com/quickstart/architecture/accelerator-pci/ How do I connect multiple VPCs in a single AWS Region? https://aws.amazon.com/answers/networking/aws-single-region-multi-vpc- connectivity/ How do I share a single VPN connection with multiple VPCs? https://aws.amazon.com/answers/networking/aws-multiple-vpc-vpn- connection-sharing/ How do I build a global transit network on AWS? https://aws.amazon.com/answers/networking/aws-global-transit-network/ Microsoft Active Directory https://aws.amazon.com/quickstart/architecture/active-directory-ds/ How do I ensure I set up my AWS account securely? https://aws.amazon.com/answers/security/aws-secure-account-setup/ How do I setup AWS Identity and Account Management (IAM) for my organization? https://aws.amazon.com/answers/security/aws-iam-in-practice/
Landing Zone Resources (2/3) Title Link Compliance Quick Start https://github.com/aws-quickstart/quickstart-compliance-common CIS Security Benchmark https://github.com/awslabs/aws-security-benchmark Security Blog: Announcing Industry Best Practices for Securing AWS Resources https://aws.amazon.com/blogs/security/announcing-industry-best-practices- for-securing-aws-resources/ UK-OFFICIAL Compliance Quick Start https://aws.amazon.com/quickstart/architecture/accelerator-uk-official/ How can I implement a centralized logging solution on AWS? https://aws.amazon.com/answers/logging/centralized-logging/ What are the native AWS security-logging capabilities? https://aws.amazon.com/answers/logging/aws-native-security-logging- capabilities/ CIS Hardened AMIs https://aws.amazon.com/marketplace/seller-profile?id=6b3b0dc2-c6f4-487b- 8f29-9edba5f39eed How to Create an AMI Builder with AWS CodeBuild and HashiCorp Packer https://aws.amazon.com/blogs/devops/how-to-create-an-ami-builder-with-aws- codebuild-and-hashicorp-packer/ How should I manage multiple AWS accounts for security purposes? https://aws.amazon.com/answers/account-management/aws-multi-account- security-strategy/
Landing Zone Resources (3/3) Title Link User Access Management Module http://www.awslandingzone.com/modules/landing-zone-user-access.pptx How do I monitor the cross-region replication of my Amazon S3 objects? https://aws.amazon.com/answers/infrastructure-management/crr-monitor/ AWS Ops Automator https://github.com/awslabs/aws-ops-automator DynamoDB Continuous Backup Utility https://github.com/awslabs/dynamodb-continuous-backup How do I automatically start and stop my Amazon EC2 instances? https://aws.amazon.com/answers/infrastructure-management/ec2-scheduler/ How do I receive notifications as I approach AWS service limits? https://aws.amazon.com/answers/account-management/limit-monitor/
Deck Guidelines Fonts, sizes, colors, and layouts are all pre-built in this template. Color palette Please do not use gradients, shadows, or outlines on shape elements. Limit color use for chart graphics to grayscale plus one accent color.

Recommandé

Aws landing zone
Aws landing zoneAws landing zone
Aws landing zoneIgor Ivanovic
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 
Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Amazon Web Services
 
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018Amazon Web Services
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing ZoneAmazon Web Services
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
 
AWS Control Tower introduces Terraform account provisioning and customization
AWS Control Tower introduces Terraform account provisioning and customizationAWS Control Tower introduces Terraform account provisioning and customization
AWS Control Tower introduces Terraform account provisioning and customizationDhaval Soni
 
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...Amazon Web Services
 

Recommandé

Aws landing zone
Aws landing zoneAws landing zone
Aws landing zoneIgor Ivanovic
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 
Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Amazon Web Services
 
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018Amazon Web Services
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing ZoneAmazon Web Services
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
 
AWS Control Tower introduces Terraform account provisioning and customization
AWS Control Tower introduces Terraform account provisioning and customizationAWS Control Tower introduces Terraform account provisioning and customization
AWS Control Tower introduces Terraform account provisioning and customizationDhaval Soni
 
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...Amazon Web Services
 
Architecting Security & Governance across Your AWS Landing Zone - SEC301 - An...
Architecting Security & Governance across Your AWS Landing Zone - SEC301 - An...Architecting Security & Governance across Your AWS Landing Zone - SEC301 - An...
Architecting Security & Governance across Your AWS Landing Zone - SEC301 - An...Amazon Web Services
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerAmazon Web Services
 
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...Amazon Web Services
 
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Amazon Web Services
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsAmazon Web Services
 
AWS Technical Essentials Day
AWS Technical Essentials DayAWS Technical Essentials Day
AWS Technical Essentials DayAmazon Web Services
 
AWS Security and SecOps
AWS Security and SecOpsAWS Security and SecOps
AWS Security and SecOpsShiva Narayanaswamy
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAMAmazon Web Services
 
AWS solution Architect Associate study material
AWS solution Architect Associate study materialAWS solution Architect Associate study material
AWS solution Architect Associate study materialNagesh Ramamoorthy
 
Deep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech TalksDeep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech TalksAmazon Web Services
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerGerald Bachlmayr
 
An Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - WebinarAn Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - WebinarAmazon Web Services
 
Automating AWS security and compliance
Automating AWS security and compliance Automating AWS security and compliance
Automating AWS security and compliance John Varghese
 
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019Amazon Web Services
 
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Amazon Web Services
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
 
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Amazon Web Services
 
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...Amazon Web Services
 
Introduction to Azure Blueprints
Introduction to Azure BlueprintsIntroduction to Azure Blueprints
Introduction to Azure BlueprintsCheah Eng Soon
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWSAmazon Web Services
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneAmazon Web Services
 
Track 5 Session 2_SEC01 多重帳戶安全策略與方針.pptx
Track 5 Session 2_SEC01 多重帳戶安全策略與方針.pptxTrack 5 Session 2_SEC01 多重帳戶安全策略與方針.pptx
Track 5 Session 2_SEC01 多重帳戶安全策略與方針.pptxAmazon Web Services
 

Contenu connexe

Tendances

Architecting Security & Governance across Your AWS Landing Zone - SEC301 - An...
Architecting Security & Governance across Your AWS Landing Zone - SEC301 - An...Architecting Security & Governance across Your AWS Landing Zone - SEC301 - An...
Architecting Security & Governance across Your AWS Landing Zone - SEC301 - An...Amazon Web Services
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerAmazon Web Services
 
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...Amazon Web Services
 
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Amazon Web Services
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsAmazon Web Services
 
AWS solution Architect Associate study material
AWS solution Architect Associate study materialAWS solution Architect Associate study material
AWS solution Architect Associate study materialNagesh Ramamoorthy
 
Deep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech TalksDeep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech TalksAmazon Web Services
 
An Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - WebinarAn Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - WebinarAmazon Web Services
 
Automating AWS security and compliance
Automating AWS security and compliance Automating AWS security and compliance
Automating AWS security and compliance John Varghese
 
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019Amazon Web Services
 
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Amazon Web Services
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
 
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Amazon Web Services
 
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...Amazon Web Services
 
Introduction to Azure Blueprints
Introduction to Azure BlueprintsIntroduction to Azure Blueprints
Introduction to Azure BlueprintsCheah Eng Soon
 

Tendances (20)

Architecting Security & Governance across Your AWS Landing Zone - SEC301 - An...
Architecting Security & Governance across Your AWS Landing Zone - SEC301 - An...Architecting Security & Governance across Your AWS Landing Zone - SEC301 - An...
Architecting Security & Governance across Your AWS Landing Zone - SEC301 - An...
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control Tower
 
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
 
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS Migrations
 
AWS Technical Essentials Day
AWS Technical Essentials DayAWS Technical Essentials Day
AWS Technical Essentials Day
 
AWS Security and SecOps
AWS Security and SecOpsAWS Security and SecOps
AWS Security and SecOps
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
 
AWS solution Architect Associate study material
AWS solution Architect Associate study materialAWS solution Architect Associate study material
AWS solution Architect Associate study material
 
Deep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech TalksDeep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech Talks
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control Tower
 
An Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - WebinarAn Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - Webinar
 
Automating AWS security and compliance
Automating AWS security and compliance Automating AWS security and compliance
Automating AWS security and compliance
 
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019
 
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best Practices
 
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
 
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
 
Introduction to Azure Blueprints
Introduction to Azure BlueprintsIntroduction to Azure Blueprints
Introduction to Azure Blueprints
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWS
 

Similaire à Simplify & Standardise Your Migration to AWS with a Migration Landing Zone

Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneAmazon Web Services
 
Track 5 Session 2_SEC01 多重帳戶安全策略與方針.pptx
Track 5 Session 2_SEC01 多重帳戶安全策略與方針.pptxTrack 5 Session 2_SEC01 多重帳戶安全策略與方針.pptx
Track 5 Session 2_SEC01 多重帳戶安全策略與方針.pptxAmazon Web Services
 
Launch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech TalksLaunch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech TalksAmazon Web Services
 
Best Practices for getting Started on AWS
Best Practices for getting Started on AWSBest Practices for getting Started on AWS
Best Practices for getting Started on AWSAmazon Web Services
 
Following Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdfFollowing Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdfAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS Security Getting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Getting started with aws security toronto rs
Getting started with aws security toronto rsGetting started with aws security toronto rs
Getting started with aws security toronto rsAmazon Web Services
 
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Amazon Web Services
 
Running Hybrid Cloud Patterns on AWS
Running Hybrid Cloud Patterns on AWSRunning Hybrid Cloud Patterns on AWS
Running Hybrid Cloud Patterns on AWSShiva Narayanaswamy
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
ARC325_Managing Multiple AWS Accounts at Scale
ARC325_Managing Multiple AWS Accounts at ScaleARC325_Managing Multiple AWS Accounts at Scale
ARC325_Managing Multiple AWS Accounts at ScaleAmazon Web Services
 
AWS Identity, Directory, and Access Services: An Overview
AWS Identity, Directory, and Access Services: An Overview AWS Identity, Directory, and Access Services: An Overview
AWS Identity, Directory, and Access Services: An Overview Amazon Web Services
 
SID201 Overview of AWS Identity, Directory, and Access Services
SID201 Overview of AWS Identity, Directory, and Access Services SID201 Overview of AWS Identity, Directory, and Access Services
SID201 Overview of AWS Identity, Directory, and Access ServicesAmazon Web Services
 
AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...
AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...
AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...Amazon Web Services
 

Similaire à Simplify & Standardise Your Migration to AWS with a Migration Landing Zone (20)

Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing Zone
 
Track 5 Session 2_SEC01 多重帳戶安全策略與方針.pptx
Track 5 Session 2_SEC01 多重帳戶安全策略與方針.pptxTrack 5 Session 2_SEC01 多重帳戶安全策略與方針.pptx
Track 5 Session 2_SEC01 多重帳戶安全策略與方針.pptx
 
Benefits of Cloud Computing
Benefits of Cloud ComputingBenefits of Cloud Computing
Benefits of Cloud Computing
 
Launch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech TalksLaunch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
 
Getting Started with AWS
Getting Started with AWSGetting Started with AWS
Getting Started with AWS
 
Demystifying identity on AWS
Demystifying identity on AWSDemystifying identity on AWS
Demystifying identity on AWS
 
Best Practices for getting Started on AWS
Best Practices for getting Started on AWSBest Practices for getting Started on AWS
Best Practices for getting Started on AWS
 
Following Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdfFollowing Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdf
 
Getting Started with AWS Security
Getting Started with AWS Security Getting Started with AWS Security
Getting Started with AWS Security
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Getting started with aws security toronto rs
Getting started with aws security toronto rsGetting started with aws security toronto rs
Getting started with aws security toronto rs
 
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
 
Running Hybrid Cloud Patterns on AWS
Running Hybrid Cloud Patterns on AWSRunning Hybrid Cloud Patterns on AWS
Running Hybrid Cloud Patterns on AWS
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
ARC325_Managing Multiple AWS Accounts at Scale
ARC325_Managing Multiple AWS Accounts at ScaleARC325_Managing Multiple AWS Accounts at Scale
ARC325_Managing Multiple AWS Accounts at Scale
 
AWS Deployment Best Practices
AWS Deployment Best PracticesAWS Deployment Best Practices
AWS Deployment Best Practices
 
AWS Identity, Directory, and Access Services: An Overview
AWS Identity, Directory, and Access Services: An Overview AWS Identity, Directory, and Access Services: An Overview
AWS Identity, Directory, and Access Services: An Overview
 
SID201 Overview of AWS Identity, Directory, and Access Services
SID201 Overview of AWS Identity, Directory, and Access Services SID201 Overview of AWS Identity, Directory, and Access Services
SID201 Overview of AWS Identity, Directory, and Access Services
 
AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...
AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...
AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...
 

Plus de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Plus de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Simplify & Standardise Your Migration to AWS with a Migration Landing Zone

  • 1. Koen vd Biggelaar - Sr Mgr AWS Solutions Architecture Mahmoud ElZayet – Solutions Builder Tuesday 31st October 2017 Simplify & Standardise Your Migration to AWS with a Migration Landing Zone LONDON
  • 2. Planning a Migration? Key Questions to consider How do we configure our AWS environment What are best practices for Security and Compliance How do we build a Cloud Operating Model How do we develop a business case What types of migration will we use What is our application portfolio What are our key drivers Which partners are we going to use ?
  • 3. What is an AWS Landing Zone? - A baseline secure multi-account AWS environment configured based on best practices - A starting point for your application migration journey - An environment that allows for iteration & extension over time H
  • 4. What to Expect from the Session © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. H Understand Build Engage Operate
  • 5. AWS Cloud Adoption Framework
  • 6. Application Migration Create Landing Zone Migrate Apps Operate & Optimise H
  • 7. Landing Zone Journey Domains Direct Connect Start Accounts End User Interaction AutomationService Catalog Central Services Migrate Iterate Operate & Optimise Logging Config Access Identities Federation Network Security Identity & Access Operational Automation What’s Next ? Imaging
  • 8. Infrastructure Request Current State Typical Enterprise Situation Governance & Service Management Central IT Lines of Business Provisioning Characteristics • Lead times ~days to weeks • Service catalogue of components • Often process-heavy service management
  • 9. Agility versus Control How to choose? We want agility, so we can innovate in our business I need control, so I can protect our business Business & Business IT Central IT?
  • 10. Monitor & Respond Landing Zone Templates Policy & Best Practices Landscape Management Current State Opportunity to achieve Agility and Control Automation Lines of Business Central IT Opportunities • Lead times in minutes • Service catalogue of landscapes • Automated service management
  • 12. Start Accounts Network Security Identity & Access Operational Automation What’s Next ?
  • 13. Account Structure • Don’t overdo on Day One • Use separate accounts for: Security and Compliance Isolation (production non-prod, logging) Cost Allocation Resource Management and Ownership
  • 14. Account Structure Billing Security and Audit Shared Services Dev & Test Mobile IoT Business Apps Digital Platforms Option: Per AWS Region Production Generic Production Critical Central Accounts Application Accounts Dev & Test Analytics
  • 15. Application Account(s) Peering Billing Account Security & Audit Account Shared Services Account Logs Billing Billing Account Structure Security & Audit Account Structure Shared Services Account Structure Application Account Structure Security & Audit Account Logs Billing Account Shared Services Account Application Account(s)Consolidated Billing Security & Audit Account Shared Services Account Application Account(s) Billing Account Shared Services Account VPC Peering Billing Account Security & Audit Account Application Account(s) Initial Account Structure Different Perspectives
  • 16. Manage Multiple Accounts CloudFormation StackSets Stack Set Payer / Adminstrator Account Template Region Stack Target Account: A Stack Target Account: B Account C Account D Account E … Region Stack Target Account: A Stack Target Account: B Account C Account D Account E …
  • 17. Manage Multiple Accounts AWS Organizations Root OU OU OUOU Stack Set Stack Set Account B Account C Account A Lookup Deploy
  • 18. Start Accounts Network Security Identity & Access Operational Automation What’s Next ?
  • 19. Individual VPC Patterns ü Hybrid 2-tier (public and private) ü Internal-only ü Internet-only ü Hybrid 3-tier (Presentation/Application/Data) AWS Quick Start: Scalable VPC PCI DSS
  • 20. §§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§ §§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§ §§§§§§§§§§§§§§§§§§§§§§§§§§§§ ü Leverage existing AWS Direct Connect to route traffic between VPCs ü Offers customers the ability to incorporate transitive routing ü Need to create more than 100 connections per VPC Multiple VPN/DX VIFs Connect Applications running in multiple VPC to your DC AWS Answers: How do I connect multiple VPCs in a single AWS Region?
  • 21. ü Can create multiple VPCs within the same or different region/account ü Do not require full connectivity between all of their VPCs ü Central shared services VPC ü Multiple VPCs that need access to shared resources but do not each other ü Require fewer than 100 peering connections per VPC §§§§§§§§§§§ §§§§§§§§§§§ §§§§§§§§§§§ §§§§§§§§§§§ §§§§§§§§§§§ §§§§§§§§§§§ §§§§§§§§§§§ §§§§§§§§§§§ §§ Multi-VPC Partially Meshed VPC Peering AWS Answers: How do I share a single VPN connection with multiple VPCs?
  • 22. §§§§§§§§§§§§§§§§§§§§§§§ §§§§§§§§§§§§§§§§§§§§§§§ §§§§§§§§§§§§§§§§§§§§§§§ §§§§§§§§§§§§§§§§§§§§§ Transit VPC ü Uses customer-managed EC2 VPN instances in a dedicated transit VPC with an IGW ü Implements a transit VPC ü Want more advanced connection types, such as inter-region connectivity, or multi-VPC connectivity to on-premises resources AWS Answers: How do I build a global transit network on AWS?
  • 23. Start Accounts Network Security Identity & Access Operational Automation What’s Next ?
  • 24. Set Per-Account Security Baseline Configuration of the security baseline AWS Identity and Access Management (IAM) IAM password and other policies AWS Config Centrally store configuration changes Auditing and Governance Access Control AWS CloudTrail Centrally store audit logs Amazon S3 bucket (security logs) Security Log Account Billing Account Shared Services Application Accounts Application Accounts Application Accounts Application Accounts Security Notifications AWS CloudWatch Alerts Alert and send security notifications AWS Organizations Amazon VPC AWS Directory Service AWS Service Catalog AWS Quick Start: quickstart-compliance-common (Github) AWS Labs Github: aws-config-rules
  • 25. §§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§ §§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§ §§§§§§§§§§§§§§§§§§§§§§§§§§§§ Build Compliance into your AWS accounts • Implement the CIS Foundations Benchmark • Use the UK-OFFICIAL compliance Quick Start • Deploy the AWS Labs CIS Foundation Benchmark Checklist templates AWS Labs Github: aws-security-benchmark AWS Security Blog: Announcing Industry Best Practices for Securing AWS Resources AWS Quick Start: UK-OFFICIAL
  • 26. Log everything centrally for analysis Centralised logging makes it easy for security teams to consolidate AWS logs and analyze them to detect incidents VPC subnet Amazon EC2 Flow Logs AWS CloudTrail Amazon S3 Amazon CloudWatch AWS Lambda Amazon Elasticsearch Service You can do this by simply using: • Amazon ElasticSearch Service • CloudTrail logs • VPC flow logs • EC2 server logs • AWS Config logsLog Transform Search AWS Answers: How can I implement a centralized logging solution on AWS? What are the native AWS security-logging capabilities?
  • 27. Choose how to start your compute Private images or import your current ones Launch instance EC2 AMI catalogue Running instance Your instance Hardening and configuration Audit and logging Vulnerability management Malware and IPS Whitelisting and integrity User administration Operating system Configure instance Configure your environment as you like Options to create or import your own ‘gold’ images 1. Import existing VMs to AWS 2. Procure partner AMI from AWS Marketplace 3. Create and save your own custom images 4. Bootstrapping a base AMI AWS Marketplace: CIS Hardened AMIs AWS Devops Blog: How to Create an AMI Builder with AWS CodeBuild and HashiCorp Packer
  • 28. Start Accounts Network Security Identity & Access Operational Automation What’s Next ?
  • 29. You get to control who can do what in your AWS environment when and from where Fine-grained control of your AWS cloud with multi-factor authentication Integrate with your existing corporate directory and provide SSO to your customers. Support for SAML 2.0 (like your existing Active Directory) and OpenID compatible Identity Providers (IdPs). You can use AWS managed policies, policies for typical job functions or customer-generated policies using the policy generator and test with the policy simulator AWS account owner Identity and Access Management Control access and segregate duties everywhere
  • 30. Corporate Data Center Browser interface Identity Store Identity and Access Management Identity Federation AD Group Identity and authentication Mapping to specific IAM role with access policy Access to AWS
  • 31. Select an Identity Federation Option • Cross-Account Roles with IAM • Cross-Account Roles with AWS Directory Service • SAML Federation • Custom Identity Broker
  • 32. Example: Cross-Account Roles with AWS Directory Service AWS Answers: How do I manage multiple AWS accounts for security purposes? §§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§ §§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§ §§§§ switch role AWS Directory Service users Shared-services account Sub-accounts (Billing, Security, Application) • Users and groups are managed in one account (Shared-services) using AWS Directory Service • IAM roles in every account is used for fine-grained authorization • Can be integrated with on-premises user directory for authentication
  • 33. Start Accounts Network Security Identity & Access Operational Automation What’s Next ?
  • 34. Agility and Control AWS Service Catalog and Marketplace DevelopersOrganizations Standardise Control Govern Agility Self-Service Time to Market …allows organizations to create and manage catalogs of IT services and software on AWS
  • 35. Key Features Tag Enforcement Portfolio Level IAM access Denial of end-user access to underlying services Constraint CloudFormation Parameters Share Portfolios Version & Re-use Products API, CLI, Console AWS Marketplace to AWS Service Catalog Copy
  • 36. AWS Ops Automator • Automation Framework • Central Administration • Multi-Account/Multi-Region • Pre-built Actions • Custom Actions (Auto-retry, logging, concurrency…etc.) AWS Answers: https://aws.amazon.com/answers/infrastructure-management/ops-automator/
  • 37. Tagged EC2 instances for one or more AWS accounts IAM cross account roles controls access to AWS accounts Scheduler role Scheduler configuration table Instance state table EC2 Instance information CloudWatch Logs CloudWatch Metrics CloudWatch rule triggers Scheduler Scheduler Lambda function CloudFormation scheduler stack EC2 instance scheduler A single template deploys all solution components AWS Answers: How do I automatically start and stop my Amazon EC2 instances?/
  • 38. Logging Buckets Centralised Logging Analytics Cost Optimization Monitor Security Account What have we built so far? High-level Architecture Shared Services Account Billing Account Stack Set Admin Account Stack Sets Stand Alone Templates Scalable VPC Quick Start Cross Account Manager VPC Flow & Instance Logs CloudTrail, Config & IAM Baseline CAM Sub- Account Application Accounts Ops Automator/ Instance Scheduler
  • 39. Start Accounts Network Security Identity & Access Operational Automation What’s Next ?
  • 40. Managing to the Portfolio Value Portfolio Tier Requirements Operations Model Approx. % Portfolio* IT Spend Against Portfolio Differentiators High rate of change & innovation; Possibly business-critical, but not always DevOps 15% 60% - 70% Table Stakes Business-critical, but low rate of change. Needs high availability, maximum reliability, and durable DR Automated Efficiency 25% Commodity COTS & commodity, minimal risk, low change, standard downtime & reliability requirements Automated- Traditional 60% 30% - 40% *estimated numbers Provided Under NDA
  • 41. Increasing Levels of Effort with Increasing Levels of Return Mass migration Re-platform / Refactor Re-architectMaturity Maturity Running Multi-Modal Migrations Value Automation Mass Migration Capex to Opex Cost Out Facilities Closure Consistent Operations Traditional Operations+ Operational Transition Cloud Capable Applications Capex to Opex Nascent Services Cloud COE Managed Services Automated Operations Cloud Aware Applications Serverless Compute Continuous Integration Disruptive Technolog y Maximum Efficiency Advanced Architecture Development and Operations
  • 42. Sprint 1 Executing Multi-Modal Migrations Program Brown Green Sprint 2 Sprint 3 Sprint 4 Sprint 5 Sprint 6 Sprint 7 Deploy Landing Zone Extend, Integrate and Manage Landing Zone Migration Business Case Discovery Prep Discovery Pipeline Generation Migration Patterns Creation Discovery Greenfield Migrations Innovation Re-Factor Re-Host Complex App (single sprint)
  • 43. Key Take-Aways • Configuring your AWS environment matching your operations and migration needs, is a key step in your cloud journey • Maximise automation, including cost optimization (i.e. resize instances, on-off schedules) • Check aws.amazon.com/answers for guidance and packaged solutions helping you to build your own Landing Zone • Be agile for your Migrations, not everything can be planned upfront H
  • 45. Landing Zone Resources (1/3) Title Link Cost Optimization Monitor https://aws.amazon.com/answers/account-management/cost-optimization- monitor/ Scalable VPC Quick Start https://docs.aws.amazon.com/quickstart/latest/vpc/ PCI DSS Quick Start https://aws.amazon.com/quickstart/architecture/accelerator-pci/ How do I connect multiple VPCs in a single AWS Region? https://aws.amazon.com/answers/networking/aws-single-region-multi-vpc- connectivity/ How do I share a single VPN connection with multiple VPCs? https://aws.amazon.com/answers/networking/aws-multiple-vpc-vpn- connection-sharing/ How do I build a global transit network on AWS? https://aws.amazon.com/answers/networking/aws-global-transit-network/ Microsoft Active Directory https://aws.amazon.com/quickstart/architecture/active-directory-ds/ How do I ensure I set up my AWS account securely? https://aws.amazon.com/answers/security/aws-secure-account-setup/ How do I setup AWS Identity and Account Management (IAM) for my organization? https://aws.amazon.com/answers/security/aws-iam-in-practice/
  • 46. Landing Zone Resources (2/3) Title Link Compliance Quick Start https://github.com/aws-quickstart/quickstart-compliance-common CIS Security Benchmark https://github.com/awslabs/aws-security-benchmark Security Blog: Announcing Industry Best Practices for Securing AWS Resources https://aws.amazon.com/blogs/security/announcing-industry-best-practices- for-securing-aws-resources/ UK-OFFICIAL Compliance Quick Start https://aws.amazon.com/quickstart/architecture/accelerator-uk-official/ How can I implement a centralized logging solution on AWS? https://aws.amazon.com/answers/logging/centralized-logging/ What are the native AWS security-logging capabilities? https://aws.amazon.com/answers/logging/aws-native-security-logging- capabilities/ CIS Hardened AMIs https://aws.amazon.com/marketplace/seller-profile?id=6b3b0dc2-c6f4-487b- 8f29-9edba5f39eed How to Create an AMI Builder with AWS CodeBuild and HashiCorp Packer https://aws.amazon.com/blogs/devops/how-to-create-an-ami-builder-with-aws- codebuild-and-hashicorp-packer/ How should I manage multiple AWS accounts for security purposes? https://aws.amazon.com/answers/account-management/aws-multi-account- security-strategy/
  • 47. Landing Zone Resources (3/3) Title Link User Access Management Module http://www.awslandingzone.com/modules/landing-zone-user-access.pptx How do I monitor the cross-region replication of my Amazon S3 objects? https://aws.amazon.com/answers/infrastructure-management/crr-monitor/ AWS Ops Automator https://github.com/awslabs/aws-ops-automator DynamoDB Continuous Backup Utility https://github.com/awslabs/dynamodb-continuous-backup How do I automatically start and stop my Amazon EC2 instances? https://aws.amazon.com/answers/infrastructure-management/ec2-scheduler/ How do I receive notifications as I approach AWS service limits? https://aws.amazon.com/answers/account-management/limit-monitor/
  • 48. Deck Guidelines Fonts, sizes, colors, and layouts are all pre-built in this template. Color palette Please do not use gradients, shadows, or outlines on shape elements. Limit color use for chart graphics to grayscale plus one accent color.