Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Slack's transition away from a single AWS account

40 views

Published on

Slack's transition away from a single AWS account conducted at AWS Community Day, Bangalore 2019

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Slack's transition away from a single AWS account

  1. 1. From One to Many: Slack’s transition away from a single AWS account Andrew Martin | 21st July 2019
  2. 2. Why?
  3. 3. Driving Factors - Service Ownership
  4. 4. Driving Factors - Service Ownership - Blast Radius Reduction
  5. 5. Driving Factors - Service Ownership - Blast Radius Reduction - Service & Rate Limit Reduction
  6. 6. Driving Factors - Service Ownership - Blast Radius Reduction - Service & Rate Limit Reduction - Cost Management / Cost Tracking
  7. 7. How?
  8. 8. Tools
  9. 9. Tools
  10. 10. Tools
  11. 11. Tools
  12. 12. Tools
  13. 13. Tools
  14. 14. Early Assumptions
  15. 15. Failed Early Assumptions
  16. 16. Failed Early Assumptions - IAM User management would be easy
  17. 17. Failed Early Assumptions - IAM User management would be easy - Teams would find moving simple
  18. 18. Failed Early Assumptions - IAM User management would be easy - Teams would find moving simple - Accounts would be easy to create & destroy
  19. 19. Biggest Wins
  20. 20. Biggest Wins - Terraform - Achieve account conformity with ease - Quickly apply new changes - Changes are captured in DVCS
  21. 21. module "service-team-a" { source = "../../../modules/aws/managed-accounts" account_name = "service-team-a" account_owner = "@service-team" account_tags = "account_type:sandbox,share_amis:true" } Biggest Wins - Terraform
  22. 22. Biggest Wins - SSO - Simplifies access for end users - Improve on/offboarding process - Simplify access reviews
  23. 23. "aperson": { "groups_memberships": [ "Service-Team-A" ] } "Service-Team-A": { "accounts": [ { "account_alias": "service-team-a-sandbox", "assumable_role": "read-only" } ] }, Biggest Wins - SSO
  24. 24. Pain Points
  25. 25. Pain Points - Deleting accounts
  26. 26. Pain Points - Deleting accounts - Tracking resources
  27. 27. Pain Points - Deleting accounts - Tracking resources - Cross account access
  28. 28. The Future….
  29. 29. Future - Resource Sharing (RAM) - Shared VPCs - DNS Zones - AMIs
  30. 30. Future - Resource Sharing (RAM) - Shared VPCs - DNS Zones - AMIs - Improving onboarding / offboarding
  31. 31. Future - Resource Sharing (RAM) - Shared VPCs - DNS Zones - AMIs - Improving onboarding / offboarding - Improving IAM for service teams

×