Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Ramping up on AWS

103 views

Published on

How do I grow with my organization and meet my organization's needs? How do I rise to the new challenges before me? In this session we discuss the differences in preparing to operate in the cloud, what your operational priorities need to be, how to start designing for operations, and building your operational readiness. We will walk you through the process of how to launch your new life in the cloud. You will learn to make the early choices that lay the foundations for a successful adoption of cloud services. At the end of this session you will understand the key considerations when planning your personal journey to the cloud. This session is for leaders, operations, service owners and anyone interested in how to get started in the cloud to ensure successful business outcomes.

  • Be the first to comment

  • Be the first to like this

Ramping up on AWS

  1. 1. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Ramping Up on AWS
  2. 2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Our Goal for Today… • Principles • Organizational Architecture • Technical/Account Architecture
  3. 3. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. First Steps… One Account
  4. 4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. One Account Database Application Web / Presentation Database Application Web / Presentation First Steps… Your First App
  5. 5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. One Account Database Application Web / Presentation Database Application Web / Presentation Your First App Database Application Web / Presentation Database Application Web / Presentation Your Second App First Steps…
  6. 6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Second Account First Steps…
  7. 7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Rest API Service Rest API Service Second Account Your Third App Rest API Service First Steps…
  8. 8. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Rest API Service Rest API Service Second Account Your Third App Rest API Service Rest API Service Rest API Service Your Fourth App Rest API Service First Steps…
  9. 9. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. First Steps… One Account 1,000s of AccountsMany Accounts
  10. 10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. First Steps… One Account 1,000s of AccountsMany Accounts
  11. 11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Why is one not enough?… Many Teams
  12. 12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Why is one not enough?… Many Teams Isolation
  13. 13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Why is one not enough?… Many Teams Isolation Security Controls
  14. 14. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Why is one not enough?… Many Teams Isolation Security Controls Business Process
  15. 15. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Why is one not enough?… Many Teams Isolation Security Controls Business Process Billing
  16. 16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Why is one not enough?… Pros • Complete security and resources isolation • Smaller blast radius • Simplified billing per account
  17. 17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Why is one not enough?… Pros • Complete security and resources isolation • Smaller blast radius • Simplified billing per account Cons • Aggregation/Distribution • Setup and operation overhead • More complex security policies across accounts
  18. 18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Well Architected… Operational Excellence Security Reliability Performance Efficiency Cost Optimization
  19. 19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Design Principles • Perform operations as code
  20. 20. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Design Principles • Perform operations as code • Annotated documentation
  21. 21. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Design Principles • Perform operations as code • Annotated documentation • Make frequent, small, reversible changes
  22. 22. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Design Principles • Perform operations as code • Annotated documentation • Make frequent, small, reversible changes • Refine operations procedures frequently
  23. 23. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Design Principles • Perform operations as code • Annotated documentation • Make frequent, small, reversible changes • Refine operations procedures frequently • Anticipate failure
  24. 24. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Design Principles • Perform operations as code • Annotated documentation • Make frequent, small, reversible changes • Refine operations procedures frequently • Anticipate failure • Learn from all operational failures
  25. 25. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. What Helps?… Don't let the failures of today be the reason for the failures of tomorrow - Bobby Kennedy
  26. 26. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. The Journey Begins PREPARE
  27. 27. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. The Journey Begins PREPARE OPERATE
  28. 28. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. The Journey Begins PREPARE EVOLVEOPERATE
  29. 29. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. How do you prepare… Set Your Operational Priorities
  30. 30. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. How do you prepare?… Design with Operations in Mind
  31. 31. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. How do you prepare?… Design with Operations in Mind
  32. 32. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. How do you prepare?… Operational Readiness
  33. 33. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. How do you prepare?… Operational Readiness
  34. 34. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. What Helps?… • Create the conditions for change
  35. 35. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. What Helps?… • Create the conditions for change • Educate across the organization
  36. 36. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. What Helps?… • Create the conditions for change • Educate across the organization • Live and breathe collaboration
  37. 37. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. What Helps?… • Create the conditions for change • Educate across the organization • Live and breathe collaboration • Embrace (constructive) criticism
  38. 38. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. What Helps?… • Create the conditions for change • Educate across the organization • Live and breathe collaboration • Embrace (constructive) criticism • Build organizational trust
  39. 39. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. What Helps?… • Create the conditions for change • Educate across the organization • Live and breathe collaboration • Embrace (constructive) criticism • Build organizational trust • Incremental change is powerful
  40. 40. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. What Helps?… = Culture Values + Behaviors
  41. 41. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Practical First Steps?… Steps in that Evolution
  42. 42. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. So where do we begin?… AWS Organizations Master Data Center No connection to DC Service Control Policies Consolidated billing Minimal resources Limited access Delete Orgs role!
  43. 43. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. So where do we begin?… Core Accounts AWS Organizations Master Data Center Optional data center connectivity Security tools and audit Cross-account read/write Limited access AWS CloudTrail AWS Config Logging Security
  44. 44. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. So where do we begin?… Security Core Accounts AWS Organizations Master Data Center Managed by network team Networking services AWS Direct Connect Limited access Logging Network
  45. 45. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. So where do we begin?… Security Core Accounts AWS Organizations Master Network Data Center Connected to DC DNS LDAP/Active Directory Shared Services VPC Deployment tools Golden AMI Pipeline Scanning infrastructure Inactive instances Improper tags Snapshot lifecycle Monitoring Limited access Logging Shared Services
  46. 46. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. So where do we begin?… Security Core Accounts AWS Organizations Master Shared Services Network Data Center Reduces access to Master Organizations account Billing reports Usage metrics and reporting Usage optimizations and RI management Limited access Logging Billing Tooling
  47. 47. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. So where do we begin?… Security Core Accounts AWS Organizations Master Billing Tooling Shared Services Network Data Center Logging Regulatory compliance Read-only access to needed logs Limited accessInternal Audit
  48. 48. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. So where do we begin?… Security Core Accounts AWS Organizations Master Billing Tooling Shared Services Network Internal Audit Data Center Logging No connection to DC Innovation space Fixed spending limit Autonomous Experimentation Developer Accounts Developer Sandbox
  49. 49. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. So where do we begin?… Developer Accounts Security Core Accounts AWS Organizations Master Billing Tooling Shared Services Network Internal Audit Data Center Logging Based on level of needed isolation Match your development lifecycle BU/Product/Resource Accounts Developer Sandbox
  50. 50. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. So where do we begin?… Developer Accounts Security Core Accounts AWS Organizations Master Billing Tooling Shared Services Network Internal Audit Data Center Logging Develop and iterate quickly Collaboration space Stage of SDLC BU/Product/Resource Accounts Dev Developer Sandbox
  51. 51. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. So where do we begin?… Dev BU/Product/Resource Accounts Developer Accounts Security Core Accounts AWS Organizations Master Billing Tooling Shared Services Network Internal Audit Data Center Logging Connected to DC Production-like Staging QA Automated deployments Pre-Prod Developer Sandbox
  52. 52. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. So where do we begin?… Dev Pre-Prod BU/Product/Resource Accounts Developer Accounts Security Core Accounts AWS Organizations Master Billing Tooling Shared Services Network Internal Audit Data Center Logging Connected to DC Production applications Promoted from Pre-Prod Limited access Prod Developer Sandbox
  53. 53. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. So where do we begin?… Dev Pre-Prod BU/Product/Resource Accounts Developer Accounts Security Core Accounts AWS Organizations Master Billing Tooling Shared Services Network Internal Audit Data Center Logging Prod Grows organically Shared to the BU/team Product-specific common services Data lake Common tooling Common services Shared Services Developer Sandbox
  54. 54. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. So where do we begin?… Dev Pre-Prod BU/Product/Resource Accounts Developer Accounts Security Core Accounts AWS Organizations Master Billing Tooling Shared Services Network Internal Audit Data Center Logging Prod Shared Services No connection to data center New initiatives Disconnected from data center Experimentation Innovation Sandbox Developer Sandbox
  55. 55. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. And finally… Dev Pre-Prod BU/Product/Resource Accounts Developer Accounts Security Enterprise Accounts AWS Organizations Master Billing Tooling Shared Services Sandbox Network Internal Audit Data Center Logging Prod Shared Services Orgs: Account management Logging: Centralized logs Security: AWS Config Rules, security tools Shared services: Directory, DNS, limit monitoring Billing Tooling: Cost monitoring Sandbox: Experiments Dev: Development Pre-Prod: Staging Prod: ProductionDeveloper Sandbox
  56. 56. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Next Steps… • Everyone is on the same page • Empower people to succeed • Go build https://aws.amazon.com/answers/aws-landing-zone/
  57. 57. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank you!

×