SlideShare a Scribd company logo

Using AWS to Achieve Both Autonomy and Governance at 3M

Download as PPTX, PDF
Casey Lee
Casey Lee

There is a constant tension between empowering teams to be agile through autonomy and enforcing governance policies to maintain regulatory compliance. Hear from Nathan Scott, Senior Consultant at AWS and James Martin, Automation Engineering Manager at 3M on how they have achieved both autonomy and governance through self-service automation tools on AWS. Learn how to avoid pitfalls with building the CI/CD team, right sizing and how to address. This session will also feature a demo from Casey Lee, Chief Architect at Stelligent on the tools used to accomplish this for 3M, including AWS Service Catalog, AWS CloudFormation, AWS CodePipeline and Cloud Custodian, an open source tool for managing AWS accounts.

Software
1 of 55
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Using AWS to Achieve Both Autonomy and Governance at 3M N a t h a n S c o t t , S e n i o r C o n s u l t a n t , C l o u d A r c h i t e c t , A W S J a m e s M a r t i n , M a n a g e r , A u t o m a t i o n E n g i n e e r i n g , 3 M C a s e y L e e , C h i e f A r c h i t e c t , S t e l l i g e n t AWS re:INVENT D E V 3 3 2 N o v e m b e r 2 8 , 2 0 1 7
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The problem We have to move FAST, give us access… Individual business and development teams needed the ability to move fast and self-serve to capture market opportunities Not so fast, there are rules… The organization as a whole needs governance to ensure security compliance and minimize risk
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What to expect We will hear firsthand from About • How we solved the problem and achieved balance between autonomy and governace at 3M
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What to expect Topics • People, process, technology • Governance requirements • Solution approach using: • Continuous delivery • Self-service model • Monitoring of resources
5 Historical business Our legacy 1983–2011 Helping healthcare organizations get complete and accurate reimbursement and mitigate compliance risks Streamlining and simplifying the process of documenting the patient’s encounter in a hospital Working with hospitals to efficiently access, compile, code, classify, report, store, and exchange health information
6 Leading in a changing landscape Our present course and future Analyzing the cost, quality, and outcomes data of both patients and populations over time and across the healthcare continuum Ensuring providers capture the full burden of illness of their patients to deliver effective care management and receive accurate and complete payment Measuring performance and effectiveness among payer and provider networks to deliver higher quality outcomes at lower total costs
73M Confidential. 3M HIS grouper applications 22 states (27 grouper adoptions) through 1983–2006 11 additional states (37 grouper adoptions) 2007–2010 6 additional states (33 grouper adoptions) 2011–Q3 2012 • Industry-recognized expertise in payment methodologies and patient classification • 24 states have adopted APR DRGs for payment, including the eight largest Medicaid programs in the country • The APR DRG adoption by payers typically yields over 75% downstream penetration with providers • Lays a foundation for further payment products 87% of the US population is covered by 3M patient classification systems
8 Not moving fast enough Lift and shift got us out of the traditional data center, but… Lots of software is getting built with nowhere to go, so it’s time to evolve again.
9 Development bottlenecks Development time Manual testing Manual QA Manual deployment
10 Desired bottlenecks Development time Manual testing Manual QA Manual deployment
Deployment pipeline Feedback loop plan monitor build test release Developers Customers Based on slideshare.net/AmazonWebServices/dvo202-devops-at-amazon-a-look-at-our-tools-processes Continuous delivery
12 The path to continuous delivery
13 Building the automation team Automation engineering team • Deep knowledge of AWS services • Comfortable talking to other development teams • Understands the complete development lifecycle—from commit to deploy
14 Choosing the right technology • Focus on the problem at hand • Don’t try to predict the future • Use native AWS services/AWS Lambda/software as a service (Saas) services
15 Working with security • Gain buy-in early • Security from the start • Security as consumers • Freedom (with guard rails) • Sensitive data
16 • Find a simple application • Just enough to prove your pipeline • Rinse, repeat The right services and teams
17 The right services and teams Find the hungry team that • Wants the power • Is willing to do the work • Has a champion • Has the business need
18 Embed with the AppDev team • Establish success criteria • Works closely with application team • Participates in the team’s sprint cycle • Helps AppDev team consume the pipeline process and tools AppDev team Automation engineering
19 Establishing a CI/CD process at scale Problems • Complex components • Special snowflakes • Limited governance
20 The pipeline factory Goals • Reduce barrier to entry • Reduce snowflakes • Reduce setup time • Enforce security controls
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Solution Self-serviceContinuous delivery Monitor
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Solution Self-serviceContinuous delivery Monitor
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Continuous delivery
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Continuous delivery
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS CodePipeline Continuous delivery
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS CodeCommit Continuous delivery
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. mavenJob(jobName) { triggers { scm('* * * * *') } rootPOM('pom.xml') goals('clean') goals('compile') goals('pmd:pmd') goals('findbugs:findbugs') goals('package') } Continuous delivery
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Jenkins Continuous delivery
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Approved? Continuous delivery
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS CloudFormation Continuous delivery
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS CodeDeploy Continuous delivery
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automated testing Continuous delivery
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Blue/green switch Continuous delivery ELB Old ASG New ASG
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Solution Self-serviceContinuous delivery Monitor
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Self-service
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. docs.aws.amazon.com/servicecatalog/latest/adminguide/admin-overview-workflow.html AWS Service Catalog
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Self-service
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo Self-service
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Self-service
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ProdBuckets: Type: Custom::CloudFormationStack DeletionPolicy: Retain Properties: ServiceToken: arn:aws:... AssumeRole: arn:aws:iam:... TemplateURL: https://s3.amazonaws.com/.../buckets.yml Parameters: TeamName: !Ref TeamName CIAccount: !Ref CIAccount TestAccount: !Ref TestAccount ProdAccount: !Ref ProdAccount Self-service
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Self-service
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Solution Self-serviceContinuous delivery Monitor
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Monitor—cfn_nag https://github.com/stelligent/cfn_nag
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. https://github.com/capitalone/cloud-custodian Monitor—Cloud Custodian
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. - name: s3-global-access mode: type: cloudtrail events: - event: PutBucketACL resource: s3 filters: - type: global-grants allow_website: false actions: - delete-global-grants - remove-website-hosting - type: notify to: - resource-owner Monitor—Cloud Custodian
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. - name: cost-center-absent-ec2 mode: type: periodic schedule: cron(30 * * * ? *) resource: ec2 filters: - and: - tag:Cost Center: absent - tag:Team: absent actions: - stop - type: mark-for-op op: terminate days: 2 Monitor—Cloud Custodian
Pipeline Invokes Governor stack AWSGovernor AWSGovernor TestTypeCatalog Organization Level Tests Policy Service 1. Execute CloudFormation 2. Run AWSGovernor 3. Describe stack resources 4. Get all registered tests 5. Run organization tests 6. Run product tests 7. Report success or failure Pipeline Deploys App Infra/Code Tools Account Security Account Product Level Test 1 2 3 4 5 6 7 Governor Production Account
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Monitor—pipeline dashboard
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Monitor—pipeline dashboard
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ServerlessFunc: Type: 'AWS::Serverless::Function' Properties: Handler: handler.pipeline_event Runtime: python3.6 CodeUri: ../app Events: PipelineEventRule: Type: CloudWatchEvent Properties: Pattern: source: - "aws.codepipeline" detail-type: - "CodePipeline Pipeline Execution State Change" - "CodePipeline Stage Execution State Change" - "CodePipeline Action Execution State Change" Monitor—pipeline dashboard
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. DashboardFunc: Type: 'AWS::Serverless::Function' Properties: Handler: handler.dashboard_event Runtime: python3.6 CodeUri: ../app Events: DashboardEventRule: Type: Schedule Properties: Schedule: "cron(*/5 * * * ? *)" Monitor—pipeline dashboard
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What we learned Autonomy • Achieved through continuous delivery and self- service • All infrastructure defined as code • All deployments done via a pipeline • Pipeline is triggered via commit • Only manual step is approve/reject • Use ServiceCatalog to enable self service
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What we learned Governance • Achieved through self-service and monitoring • CloudFormation all the things • ServiceCatalog for CloudFormation governance • CloudFormation static analysis with cfn_nag • Cloud Custodian to assess and enforce compliance • Monitor pipeline metrics
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Resources https://stelligent.com/dev332
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you!

Recommended

Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...Amazon Web Services
 
GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...
GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...
GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...Amazon Web Services
 
Automate Best Practices and Operational Health for AWS Resources with AWS Tru...
Automate Best Practices and Operational Health for AWS Resources with AWS Tru...Automate Best Practices and Operational Health for AWS Resources with AWS Tru...
Automate Best Practices and Operational Health for AWS Resources with AWS Tru...Amazon Web Services
 
Cloud Adoption in Regulated Financial Services - SID328 - re:Invent 2017
Cloud Adoption in Regulated Financial Services - SID328 - re:Invent 2017Cloud Adoption in Regulated Financial Services - SID328 - re:Invent 2017
Cloud Adoption in Regulated Financial Services - SID328 - re:Invent 2017Amazon Web Services
 
LFS305_Automated Policy Enforcement for Real-Time Operations, Security, and C...
LFS305_Automated Policy Enforcement for Real-Time Operations, Security, and C...LFS305_Automated Policy Enforcement for Real-Time Operations, Security, and C...
LFS305_Automated Policy Enforcement for Real-Time Operations, Security, and C...Amazon Web Services
 
GPSBUS204_Building a Profitable Next Generation AWS MSP Practice
GPSBUS204_Building a Profitable Next Generation AWS MSP PracticeGPSBUS204_Building a Profitable Next Generation AWS MSP Practice
GPSBUS204_Building a Profitable Next Generation AWS MSP PracticeAmazon Web Services
 
Building end-to-end IT Lifecycle Mgmt & Workflows with AWS Service Catalog - ...
Building end-to-end IT Lifecycle Mgmt & Workflows with AWS Service Catalog - ...Building end-to-end IT Lifecycle Mgmt & Workflows with AWS Service Catalog - ...
Building end-to-end IT Lifecycle Mgmt & Workflows with AWS Service Catalog - ...Amazon Web Services
 
ENT210-How to Get from Zero to Hundreds of AWS-Certified Engineers
ENT210-How to Get from Zero to Hundreds of AWS-Certified EngineersENT210-How to Get from Zero to Hundreds of AWS-Certified Engineers
ENT210-How to Get from Zero to Hundreds of AWS-Certified EngineersAmazon Web Services
 

Recommended

Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...Amazon Web Services
 
GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...
GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...
GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...Amazon Web Services
 
Automate Best Practices and Operational Health for AWS Resources with AWS Tru...
Automate Best Practices and Operational Health for AWS Resources with AWS Tru...Automate Best Practices and Operational Health for AWS Resources with AWS Tru...
Automate Best Practices and Operational Health for AWS Resources with AWS Tru...Amazon Web Services
 
Cloud Adoption in Regulated Financial Services - SID328 - re:Invent 2017
Cloud Adoption in Regulated Financial Services - SID328 - re:Invent 2017Cloud Adoption in Regulated Financial Services - SID328 - re:Invent 2017
Cloud Adoption in Regulated Financial Services - SID328 - re:Invent 2017Amazon Web Services
 
LFS305_Automated Policy Enforcement for Real-Time Operations, Security, and C...
LFS305_Automated Policy Enforcement for Real-Time Operations, Security, and C...LFS305_Automated Policy Enforcement for Real-Time Operations, Security, and C...
LFS305_Automated Policy Enforcement for Real-Time Operations, Security, and C...Amazon Web Services
 
GPSBUS204_Building a Profitable Next Generation AWS MSP Practice
GPSBUS204_Building a Profitable Next Generation AWS MSP PracticeGPSBUS204_Building a Profitable Next Generation AWS MSP Practice
GPSBUS204_Building a Profitable Next Generation AWS MSP PracticeAmazon Web Services
 
Building end-to-end IT Lifecycle Mgmt & Workflows with AWS Service Catalog - ...
Building end-to-end IT Lifecycle Mgmt & Workflows with AWS Service Catalog - ...Building end-to-end IT Lifecycle Mgmt & Workflows with AWS Service Catalog - ...
Building end-to-end IT Lifecycle Mgmt & Workflows with AWS Service Catalog - ...Amazon Web Services
 
ENT210-How to Get from Zero to Hundreds of AWS-Certified Engineers
ENT210-How to Get from Zero to Hundreds of AWS-Certified EngineersENT210-How to Get from Zero to Hundreds of AWS-Certified Engineers
ENT210-How to Get from Zero to Hundreds of AWS-Certified EngineersAmazon Web Services
 
AI & Deep Learning At Amazon
AI & Deep Learning At AmazonAI & Deep Learning At Amazon
AI & Deep Learning At AmazonAmazon Web Services
 
GPSTEC306-Continuous Compliance for Healthcare and Life Sciences
GPSTEC306-Continuous Compliance for Healthcare and Life SciencesGPSTEC306-Continuous Compliance for Healthcare and Life Sciences
GPSTEC306-Continuous Compliance for Healthcare and Life SciencesAmazon Web Services
 
Modernize and Move your Microsoft Applications on AWS
Modernize and Move your Microsoft Applications on AWSModernize and Move your Microsoft Applications on AWS
Modernize and Move your Microsoft Applications on AWSAmazon Web Services
 
NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...
NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...
NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...Amazon Web Services
 
Getting Started with AWS
Getting Started with AWSGetting Started with AWS
Getting Started with AWSAmazon Web Services
 
GPSBUS202_Driving Customer Value with Big Data Analytics
GPSBUS202_Driving Customer Value with Big Data AnalyticsGPSBUS202_Driving Customer Value with Big Data Analytics
GPSBUS202_Driving Customer Value with Big Data AnalyticsAmazon Web Services
 
WPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdf
WPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdfWPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdf
WPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdfAmazon Web Services
 
GPSBUS223-Starting Out with the AWS Partner Network
GPSBUS223-Starting Out with the AWS Partner NetworkGPSBUS223-Starting Out with the AWS Partner Network
GPSBUS223-Starting Out with the AWS Partner NetworkAmazon Web Services
 
ENT203-Building a Solid Business Case for Cloud Migration.pdf
ENT203-Building a Solid Business Case for Cloud Migration.pdfENT203-Building a Solid Business Case for Cloud Migration.pdf
ENT203-Building a Solid Business Case for Cloud Migration.pdfAmazon Web Services
 
How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017
How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017
How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017Amazon Web Services
 
Preparing Your Team for a Cloud Transformation - AWS Online Tech Talks
Preparing Your Team for a Cloud Transformation - AWS Online Tech TalksPreparing Your Team for a Cloud Transformation - AWS Online Tech Talks
Preparing Your Team for a Cloud Transformation - AWS Online Tech TalksAmazon Web Services
 
ThreatResponse
ThreatResponseThreatResponse
ThreatResponseAmazon Web Services
 
GPSTEC318-IoT Security from Manufacturing to Maintenance
GPSTEC318-IoT Security from Manufacturing to MaintenanceGPSTEC318-IoT Security from Manufacturing to Maintenance
GPSTEC318-IoT Security from Manufacturing to MaintenanceAmazon Web Services
 
Building Content Recommendation Systems Using Apache MXNet and Gluon - MCL402...
Building Content Recommendation Systems Using Apache MXNet and Gluon - MCL402...Building Content Recommendation Systems Using Apache MXNet and Gluon - MCL402...
Building Content Recommendation Systems Using Apache MXNet and Gluon - MCL402...Amazon Web Services
 
Migration of Microsoft Workloads to AWS
Migration of Microsoft Workloads to AWSMigration of Microsoft Workloads to AWS
Migration of Microsoft Workloads to AWSAmazon Web Services
 
Security & Compliance in the cloud
Security & Compliance in the cloudSecurity & Compliance in the cloud
Security & Compliance in the cloudAmazon Web Services
 
GPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWSGPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWSAmazon Web Services
 
Moving from the Shadows to the Throne - SID310 - re:Invent 2017
Moving from the Shadows to the Throne - SID310 - re:Invent 2017Moving from the Shadows to the Throne - SID310 - re:Invent 2017
Moving from the Shadows to the Throne - SID310 - re:Invent 2017Amazon Web Services
 
DVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
DVC304_Compliance and Top Security Threats in the Cloud—Are You ProtectedDVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
DVC304_Compliance and Top Security Threats in the Cloud—Are You ProtectedAmazon Web Services
 
ENT315_Landing Zones
ENT315_Landing ZonesENT315_Landing Zones
ENT315_Landing ZonesAmazon Web Services
 
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Amazon Web Services
 
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Amazon Web Services
 

More Related Content

What's hot

GPSTEC306-Continuous Compliance for Healthcare and Life Sciences
GPSTEC306-Continuous Compliance for Healthcare and Life SciencesGPSTEC306-Continuous Compliance for Healthcare and Life Sciences
GPSTEC306-Continuous Compliance for Healthcare and Life SciencesAmazon Web Services
 
Modernize and Move your Microsoft Applications on AWS
Modernize and Move your Microsoft Applications on AWSModernize and Move your Microsoft Applications on AWS
Modernize and Move your Microsoft Applications on AWSAmazon Web Services
 
NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...
NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...
NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...Amazon Web Services
 
GPSBUS202_Driving Customer Value with Big Data Analytics
GPSBUS202_Driving Customer Value with Big Data AnalyticsGPSBUS202_Driving Customer Value with Big Data Analytics
GPSBUS202_Driving Customer Value with Big Data AnalyticsAmazon Web Services
 
WPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdf
WPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdfWPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdf
WPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdfAmazon Web Services
 
GPSBUS223-Starting Out with the AWS Partner Network
GPSBUS223-Starting Out with the AWS Partner NetworkGPSBUS223-Starting Out with the AWS Partner Network
GPSBUS223-Starting Out with the AWS Partner NetworkAmazon Web Services
 
ENT203-Building a Solid Business Case for Cloud Migration.pdf
ENT203-Building a Solid Business Case for Cloud Migration.pdfENT203-Building a Solid Business Case for Cloud Migration.pdf
ENT203-Building a Solid Business Case for Cloud Migration.pdfAmazon Web Services
 
How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017
How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017
How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017Amazon Web Services
 
Preparing Your Team for a Cloud Transformation - AWS Online Tech Talks
Preparing Your Team for a Cloud Transformation - AWS Online Tech TalksPreparing Your Team for a Cloud Transformation - AWS Online Tech Talks
Preparing Your Team for a Cloud Transformation - AWS Online Tech TalksAmazon Web Services
 
GPSTEC318-IoT Security from Manufacturing to Maintenance
GPSTEC318-IoT Security from Manufacturing to MaintenanceGPSTEC318-IoT Security from Manufacturing to Maintenance
GPSTEC318-IoT Security from Manufacturing to MaintenanceAmazon Web Services
 
Building Content Recommendation Systems Using Apache MXNet and Gluon - MCL402...
Building Content Recommendation Systems Using Apache MXNet and Gluon - MCL402...Building Content Recommendation Systems Using Apache MXNet and Gluon - MCL402...
Building Content Recommendation Systems Using Apache MXNet and Gluon - MCL402...Amazon Web Services
 
Migration of Microsoft Workloads to AWS
Migration of Microsoft Workloads to AWSMigration of Microsoft Workloads to AWS
Migration of Microsoft Workloads to AWSAmazon Web Services
 
Security & Compliance in the cloud
Security & Compliance in the cloudSecurity & Compliance in the cloud
Security & Compliance in the cloudAmazon Web Services
 
GPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWSGPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWSAmazon Web Services
 
Moving from the Shadows to the Throne - SID310 - re:Invent 2017
Moving from the Shadows to the Throne - SID310 - re:Invent 2017Moving from the Shadows to the Throne - SID310 - re:Invent 2017
Moving from the Shadows to the Throne - SID310 - re:Invent 2017Amazon Web Services
 
DVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
DVC304_Compliance and Top Security Threats in the Cloud—Are You ProtectedDVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
DVC304_Compliance and Top Security Threats in the Cloud—Are You ProtectedAmazon Web Services
 

What's hot (20)

AI & Deep Learning At Amazon
AI & Deep Learning At AmazonAI & Deep Learning At Amazon
AI & Deep Learning At Amazon
 
GPSTEC306-Continuous Compliance for Healthcare and Life Sciences
GPSTEC306-Continuous Compliance for Healthcare and Life SciencesGPSTEC306-Continuous Compliance for Healthcare and Life Sciences
GPSTEC306-Continuous Compliance for Healthcare and Life Sciences
 
Modernize and Move your Microsoft Applications on AWS
Modernize and Move your Microsoft Applications on AWSModernize and Move your Microsoft Applications on AWS
Modernize and Move your Microsoft Applications on AWS
 
NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...
NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...
NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...
 
Getting Started with AWS
Getting Started with AWSGetting Started with AWS
Getting Started with AWS
 
GPSBUS202_Driving Customer Value with Big Data Analytics
GPSBUS202_Driving Customer Value with Big Data AnalyticsGPSBUS202_Driving Customer Value with Big Data Analytics
GPSBUS202_Driving Customer Value with Big Data Analytics
 
WPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdf
WPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdfWPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdf
WPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdf
 
GPSBUS223-Starting Out with the AWS Partner Network
GPSBUS223-Starting Out with the AWS Partner NetworkGPSBUS223-Starting Out with the AWS Partner Network
GPSBUS223-Starting Out with the AWS Partner Network
 
ENT203-Building a Solid Business Case for Cloud Migration.pdf
ENT203-Building a Solid Business Case for Cloud Migration.pdfENT203-Building a Solid Business Case for Cloud Migration.pdf
ENT203-Building a Solid Business Case for Cloud Migration.pdf
 
How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017
How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017
How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017
 
Preparing Your Team for a Cloud Transformation - AWS Online Tech Talks
Preparing Your Team for a Cloud Transformation - AWS Online Tech TalksPreparing Your Team for a Cloud Transformation - AWS Online Tech Talks
Preparing Your Team for a Cloud Transformation - AWS Online Tech Talks
 
ThreatResponse
ThreatResponseThreatResponse
ThreatResponse
 
GPSTEC318-IoT Security from Manufacturing to Maintenance
GPSTEC318-IoT Security from Manufacturing to MaintenanceGPSTEC318-IoT Security from Manufacturing to Maintenance
GPSTEC318-IoT Security from Manufacturing to Maintenance
 
Building Content Recommendation Systems Using Apache MXNet and Gluon - MCL402...
Building Content Recommendation Systems Using Apache MXNet and Gluon - MCL402...Building Content Recommendation Systems Using Apache MXNet and Gluon - MCL402...
Building Content Recommendation Systems Using Apache MXNet and Gluon - MCL402...
 
Migration of Microsoft Workloads to AWS
Migration of Microsoft Workloads to AWSMigration of Microsoft Workloads to AWS
Migration of Microsoft Workloads to AWS
 
Security & Compliance in the cloud
Security & Compliance in the cloudSecurity & Compliance in the cloud
Security & Compliance in the cloud
 
GPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWSGPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWS
 
Moving from the Shadows to the Throne - SID310 - re:Invent 2017
Moving from the Shadows to the Throne - SID310 - re:Invent 2017Moving from the Shadows to the Throne - SID310 - re:Invent 2017
Moving from the Shadows to the Throne - SID310 - re:Invent 2017
 
DVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
DVC304_Compliance and Top Security Threats in the Cloud—Are You ProtectedDVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
DVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
 
ENT315_Landing Zones
ENT315_Landing ZonesENT315_Landing Zones
ENT315_Landing Zones
 

Similar to Using AWS to Achieve Both Autonomy and Governance at 3M

Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Amazon Web Services
 
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Amazon Web Services
 
Continuous Compliance on AWS at Scale - SID313 - re:Invent 2017
Continuous Compliance on AWS at Scale - SID313 - re:Invent 2017Continuous Compliance on AWS at Scale - SID313 - re:Invent 2017
Continuous Compliance on AWS at Scale - SID313 - re:Invent 2017Amazon Web Services
 
Achieving Continuous Compliance with CTP and AWS
Achieving Continuous Compliance with CTP and AWS Achieving Continuous Compliance with CTP and AWS
Achieving Continuous Compliance with CTP and AWS Amazon Web Services
 
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...Amazon Web Services
 
AWS X-Ray: Debugging Applications at Scale - AWS Online Tech Talks
AWS X-Ray: Debugging Applications at Scale - AWS Online Tech TalksAWS X-Ray: Debugging Applications at Scale - AWS Online Tech Talks
AWS X-Ray: Debugging Applications at Scale - AWS Online Tech TalksAmazon Web Services
 
AWS re:Invent 2017 | CloudHealth Tech Session
AWS re:Invent 2017 | CloudHealth Tech SessionAWS re:Invent 2017 | CloudHealth Tech Session
AWS re:Invent 2017 | CloudHealth Tech SessionCloudHealth by VMware
 
FSV308-Culture Shift How to Move a Global Financial Services Organization to ...
FSV308-Culture Shift How to Move a Global Financial Services Organization to ...FSV308-Culture Shift How to Move a Global Financial Services Organization to ...
FSV308-Culture Shift How to Move a Global Financial Services Organization to ...Amazon Web Services
 
AWS reInvent 2017 recap - Optimizing Costs as You Scale on AWS
AWS reInvent 2017 recap - Optimizing Costs as You Scale on AWSAWS reInvent 2017 recap - Optimizing Costs as You Scale on AWS
AWS reInvent 2017 recap - Optimizing Costs as You Scale on AWSAmazon Web Services
 
DevOps, CI/CD, cost management, and security on AWS
DevOps, CI/CD, cost management, and security on AWSDevOps, CI/CD, cost management, and security on AWS
DevOps, CI/CD, cost management, and security on AWSTom Laszewski
 
SID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategySID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategyAmazon Web Services
 
AWS Marketplace on Reaching Enterprises
AWS Marketplace on Reaching EnterprisesAWS Marketplace on Reaching Enterprises
AWS Marketplace on Reaching EnterprisesAmazon Web Services
 
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Amazon Web Services
 
Serverless and DevOps
Serverless and DevOpsServerless and DevOps
Serverless and DevOpsChris Munns
 
Leveraging a Cloud Policy Framework - From Zero to Well Governed - ENT318 - r...
Leveraging a Cloud Policy Framework - From Zero to Well Governed - ENT318 - r...Leveraging a Cloud Policy Framework - From Zero to Well Governed - ENT318 - r...
Leveraging a Cloud Policy Framework - From Zero to Well Governed - ENT318 - r...Amazon Web Services
 
From Monolithic to Modern Apps: Best Practices
From Monolithic to Modern Apps: Best PracticesFrom Monolithic to Modern Apps: Best Practices
From Monolithic to Modern Apps: Best PracticesTom Laszewski
 
FSV306_Getting to Yes—Minimal Viable Cloud with Maximum Security
FSV306_Getting to Yes—Minimal Viable Cloud with Maximum SecurityFSV306_Getting to Yes—Minimal Viable Cloud with Maximum Security
FSV306_Getting to Yes—Minimal Viable Cloud with Maximum SecurityAmazon Web Services
 
Accelerating Your Cloud Migration Journey with MAP
Accelerating Your Cloud Migration Journey with MAPAccelerating Your Cloud Migration Journey with MAP
Accelerating Your Cloud Migration Journey with MAPAmazon Web Services
 

Similar to Using AWS to Achieve Both Autonomy and Governance at 3M (20)

Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
 
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
 
Continuous Compliance on AWS at Scale - SID313 - re:Invent 2017
Continuous Compliance on AWS at Scale - SID313 - re:Invent 2017Continuous Compliance on AWS at Scale - SID313 - re:Invent 2017
Continuous Compliance on AWS at Scale - SID313 - re:Invent 2017
 
Achieving Continuous Compliance with CTP and AWS
Achieving Continuous Compliance with CTP and AWS Achieving Continuous Compliance with CTP and AWS
Achieving Continuous Compliance with CTP and AWS
 
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...
 
AWS X-Ray: Debugging Applications at Scale - AWS Online Tech Talks
AWS X-Ray: Debugging Applications at Scale - AWS Online Tech TalksAWS X-Ray: Debugging Applications at Scale - AWS Online Tech Talks
AWS X-Ray: Debugging Applications at Scale - AWS Online Tech Talks
 
AWS re:Invent 2017 | CloudHealth Tech Session
AWS re:Invent 2017 | CloudHealth Tech SessionAWS re:Invent 2017 | CloudHealth Tech Session
AWS re:Invent 2017 | CloudHealth Tech Session
 
FSV308-Culture Shift How to Move a Global Financial Services Organization to ...
FSV308-Culture Shift How to Move a Global Financial Services Organization to ...FSV308-Culture Shift How to Move a Global Financial Services Organization to ...
FSV308-Culture Shift How to Move a Global Financial Services Organization to ...
 
AWS reInvent 2017 recap - Optimizing Costs as You Scale on AWS
AWS reInvent 2017 recap - Optimizing Costs as You Scale on AWSAWS reInvent 2017 recap - Optimizing Costs as You Scale on AWS
AWS reInvent 2017 recap - Optimizing Costs as You Scale on AWS
 
DevOps, CI/CD, cost management, and security on AWS
DevOps, CI/CD, cost management, and security on AWSDevOps, CI/CD, cost management, and security on AWS
DevOps, CI/CD, cost management, and security on AWS
 
SID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategySID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account Strategy
 
AWS Marketplace on Reaching Enterprises
AWS Marketplace on Reaching EnterprisesAWS Marketplace on Reaching Enterprises
AWS Marketplace on Reaching Enterprises
 
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
 
Getting started with AWS
Getting started with AWSGetting started with AWS
Getting started with AWS
 
Amazon Macie Demo
Amazon Macie DemoAmazon Macie Demo
Amazon Macie Demo
 
Serverless and DevOps
Serverless and DevOpsServerless and DevOps
Serverless and DevOps
 
Leveraging a Cloud Policy Framework - From Zero to Well Governed - ENT318 - r...
Leveraging a Cloud Policy Framework - From Zero to Well Governed - ENT318 - r...Leveraging a Cloud Policy Framework - From Zero to Well Governed - ENT318 - r...
Leveraging a Cloud Policy Framework - From Zero to Well Governed - ENT318 - r...
 
From Monolithic to Modern Apps: Best Practices
From Monolithic to Modern Apps: Best PracticesFrom Monolithic to Modern Apps: Best Practices
From Monolithic to Modern Apps: Best Practices
 
FSV306_Getting to Yes—Minimal Viable Cloud with Maximum Security
FSV306_Getting to Yes—Minimal Viable Cloud with Maximum SecurityFSV306_Getting to Yes—Minimal Viable Cloud with Maximum Security
FSV306_Getting to Yes—Minimal Viable Cloud with Maximum Security
 
Accelerating Your Cloud Migration Journey with MAP
Accelerating Your Cloud Migration Journey with MAPAccelerating Your Cloud Migration Journey with MAP
Accelerating Your Cloud Migration Journey with MAP
 

More from Casey Lee

2022 SF Summit - Improving Developer Experience with CDK
2022 SF Summit - Improving Developer Experience with CDK2022 SF Summit - Improving Developer Experience with CDK
2022 SF Summit - Improving Developer Experience with CDKCasey Lee
 
AWS Summit DC 2021: Improve the developer experience with AWS CDK
AWS Summit DC 2021: Improve the developer experience with AWS CDKAWS Summit DC 2021: Improve the developer experience with AWS CDK
AWS Summit DC 2021: Improve the developer experience with AWS CDKCasey Lee
 
The Last Bottleneck of Continuous Delivery
The Last Bottleneck of Continuous DeliveryThe Last Bottleneck of Continuous Delivery
The Last Bottleneck of Continuous DeliveryCasey Lee
 
AWS DOs and DONTs
AWS DOs and DONTsAWS DOs and DONTs
AWS DOs and DONTsCasey Lee
 
AWS re:Invent 2018
AWS re:Invent 2018 AWS re:Invent 2018
AWS re:Invent 2018 Casey Lee
 
Continuous Delivery on AWS with Zero Downtime
Continuous Delivery on AWS with Zero DowntimeContinuous Delivery on AWS with Zero Downtime
Continuous Delivery on AWS with Zero DowntimeCasey Lee
 
Container based CI/CD on GitHub Actions
Container based CI/CD on GitHub ActionsContainer based CI/CD on GitHub Actions
Container based CI/CD on GitHub ActionsCasey Lee
 
WORKSHOP: Microservices as Containers on AWS
WORKSHOP: Microservices as Containers on AWSWORKSHOP: Microservices as Containers on AWS
WORKSHOP: Microservices as Containers on AWSCasey Lee
 
Microservices as Containers on AWS . . . for Fun and Profit
Microservices as Containers on AWS . . . for Fun and ProfitMicroservices as Containers on AWS . . . for Fun and Profit
Microservices as Containers on AWS . . . for Fun and ProfitCasey Lee
 
Serverless Delivery
Serverless DeliveryServerless Delivery
Serverless DeliveryCasey Lee
 
Top10 Characteristics of Awesome Apps
Top10 Characteristics of Awesome AppsTop10 Characteristics of Awesome Apps
Top10 Characteristics of Awesome AppsCasey Lee
 

More from Casey Lee (11)

2022 SF Summit - Improving Developer Experience with CDK
2022 SF Summit - Improving Developer Experience with CDK2022 SF Summit - Improving Developer Experience with CDK
2022 SF Summit - Improving Developer Experience with CDK
 
AWS Summit DC 2021: Improve the developer experience with AWS CDK
AWS Summit DC 2021: Improve the developer experience with AWS CDKAWS Summit DC 2021: Improve the developer experience with AWS CDK
AWS Summit DC 2021: Improve the developer experience with AWS CDK
 
The Last Bottleneck of Continuous Delivery
The Last Bottleneck of Continuous DeliveryThe Last Bottleneck of Continuous Delivery
The Last Bottleneck of Continuous Delivery
 
AWS DOs and DONTs
AWS DOs and DONTsAWS DOs and DONTs
AWS DOs and DONTs
 
AWS re:Invent 2018
AWS re:Invent 2018 AWS re:Invent 2018
AWS re:Invent 2018
 
Continuous Delivery on AWS with Zero Downtime
Continuous Delivery on AWS with Zero DowntimeContinuous Delivery on AWS with Zero Downtime
Continuous Delivery on AWS with Zero Downtime
 
Container based CI/CD on GitHub Actions
Container based CI/CD on GitHub ActionsContainer based CI/CD on GitHub Actions
Container based CI/CD on GitHub Actions
 
WORKSHOP: Microservices as Containers on AWS
WORKSHOP: Microservices as Containers on AWSWORKSHOP: Microservices as Containers on AWS
WORKSHOP: Microservices as Containers on AWS
 
Microservices as Containers on AWS . . . for Fun and Profit
Microservices as Containers on AWS . . . for Fun and ProfitMicroservices as Containers on AWS . . . for Fun and Profit
Microservices as Containers on AWS . . . for Fun and Profit
 
Serverless Delivery
Serverless DeliveryServerless Delivery
Serverless Delivery
 
Top10 Characteristics of Awesome Apps
Top10 Characteristics of Awesome AppsTop10 Characteristics of Awesome Apps
Top10 Characteristics of Awesome Apps
 

Recently uploaded

Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 

Recently uploaded (20)

Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 

Using AWS to Achieve Both Autonomy and Governance at 3M

  • 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Using AWS to Achieve Both Autonomy and Governance at 3M N a t h a n S c o t t , S e n i o r C o n s u l t a n t , C l o u d A r c h i t e c t , A W S J a m e s M a r t i n , M a n a g e r , A u t o m a t i o n E n g i n e e r i n g , 3 M C a s e y L e e , C h i e f A r c h i t e c t , S t e l l i g e n t AWS re:INVENT D E V 3 3 2 N o v e m b e r 2 8 , 2 0 1 7
  • 2. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The problem We have to move FAST, give us access… Individual business and development teams needed the ability to move fast and self-serve to capture market opportunities Not so fast, there are rules… The organization as a whole needs governance to ensure security compliance and minimize risk
  • 3. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What to expect We will hear firsthand from About • How we solved the problem and achieved balance between autonomy and governace at 3M
  • 4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What to expect Topics • People, process, technology • Governance requirements • Solution approach using: • Continuous delivery • Self-service model • Monitoring of resources
  • 5. 5 Historical business Our legacy 1983–2011 Helping healthcare organizations get complete and accurate reimbursement and mitigate compliance risks Streamlining and simplifying the process of documenting the patient’s encounter in a hospital Working with hospitals to efficiently access, compile, code, classify, report, store, and exchange health information
  • 6. 6 Leading in a changing landscape Our present course and future Analyzing the cost, quality, and outcomes data of both patients and populations over time and across the healthcare continuum Ensuring providers capture the full burden of illness of their patients to deliver effective care management and receive accurate and complete payment Measuring performance and effectiveness among payer and provider networks to deliver higher quality outcomes at lower total costs
  • 7. 73M Confidential. 3M HIS grouper applications 22 states (27 grouper adoptions) through 1983–2006 11 additional states (37 grouper adoptions) 2007–2010 6 additional states (33 grouper adoptions) 2011–Q3 2012 • Industry-recognized expertise in payment methodologies and patient classification • 24 states have adopted APR DRGs for payment, including the eight largest Medicaid programs in the country • The APR DRG adoption by payers typically yields over 75% downstream penetration with providers • Lays a foundation for further payment products 87% of the US population is covered by 3M patient classification systems
  • 8. 8 Not moving fast enough Lift and shift got us out of the traditional data center, but… Lots of software is getting built with nowhere to go, so it’s time to evolve again.
  • 9. 9 Development bottlenecks Development time Manual testing Manual QA Manual deployment
  • 10. 10 Desired bottlenecks Development time Manual testing Manual QA Manual deployment
  • 11. Deployment pipeline Feedback loop plan monitor build test release Developers Customers Based on slideshare.net/AmazonWebServices/dvo202-devops-at-amazon-a-look-at-our-tools-processes Continuous delivery
  • 12. 12 The path to continuous delivery
  • 13. 13 Building the automation team Automation engineering team • Deep knowledge of AWS services • Comfortable talking to other development teams • Understands the complete development lifecycle—from commit to deploy
  • 14. 14 Choosing the right technology • Focus on the problem at hand • Don’t try to predict the future • Use native AWS services/AWS Lambda/software as a service (Saas) services
  • 15. 15 Working with security • Gain buy-in early • Security from the start • Security as consumers • Freedom (with guard rails) • Sensitive data
  • 16. 16 • Find a simple application • Just enough to prove your pipeline • Rinse, repeat The right services and teams
  • 17. 17 The right services and teams Find the hungry team that • Wants the power • Is willing to do the work • Has a champion • Has the business need
  • 18. 18 Embed with the AppDev team • Establish success criteria • Works closely with application team • Participates in the team’s sprint cycle • Helps AppDev team consume the pipeline process and tools AppDev team Automation engineering
  • 19. 19 Establishing a CI/CD process at scale Problems • Complex components • Special snowflakes • Limited governance
  • 20. 20 The pipeline factory Goals • Reduce barrier to entry • Reduce snowflakes • Reduce setup time • Enforce security controls
  • 21. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Solution Self-serviceContinuous delivery Monitor
  • 22. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Solution Self-serviceContinuous delivery Monitor
  • 23. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Continuous delivery
  • 24. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Continuous delivery
  • 25. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS CodePipeline Continuous delivery
  • 26. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS CodeCommit Continuous delivery
  • 27. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. mavenJob(jobName) { triggers { scm('* * * * *') } rootPOM('pom.xml') goals('clean') goals('compile') goals('pmd:pmd') goals('findbugs:findbugs') goals('package') } Continuous delivery
  • 28. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Jenkins Continuous delivery
  • 29. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Approved? Continuous delivery
  • 30. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS CloudFormation Continuous delivery
  • 31. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS CodeDeploy Continuous delivery
  • 32. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automated testing Continuous delivery
  • 33. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Blue/green switch Continuous delivery ELB Old ASG New ASG
  • 34. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Solution Self-serviceContinuous delivery Monitor
  • 35. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Self-service
  • 36. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. docs.aws.amazon.com/servicecatalog/latest/adminguide/admin-overview-workflow.html AWS Service Catalog
  • 37. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Self-service
  • 38. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo Self-service
  • 39. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Self-service
  • 40. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ProdBuckets: Type: Custom::CloudFormationStack DeletionPolicy: Retain Properties: ServiceToken: arn:aws:... AssumeRole: arn:aws:iam:... TemplateURL: https://s3.amazonaws.com/.../buckets.yml Parameters: TeamName: !Ref TeamName CIAccount: !Ref CIAccount TestAccount: !Ref TestAccount ProdAccount: !Ref ProdAccount Self-service
  • 41. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Self-service
  • 42. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Solution Self-serviceContinuous delivery Monitor
  • 43. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Monitor—cfn_nag https://github.com/stelligent/cfn_nag
  • 44. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. https://github.com/capitalone/cloud-custodian Monitor—Cloud Custodian
  • 45. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. - name: s3-global-access mode: type: cloudtrail events: - event: PutBucketACL resource: s3 filters: - type: global-grants allow_website: false actions: - delete-global-grants - remove-website-hosting - type: notify to: - resource-owner Monitor—Cloud Custodian
  • 46. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. - name: cost-center-absent-ec2 mode: type: periodic schedule: cron(30 * * * ? *) resource: ec2 filters: - and: - tag:Cost Center: absent - tag:Team: absent actions: - stop - type: mark-for-op op: terminate days: 2 Monitor—Cloud Custodian
  • 47. Pipeline Invokes Governor stack AWSGovernor AWSGovernor TestTypeCatalog Organization Level Tests Policy Service 1. Execute CloudFormation 2. Run AWSGovernor 3. Describe stack resources 4. Get all registered tests 5. Run organization tests 6. Run product tests 7. Report success or failure Pipeline Deploys App Infra/Code Tools Account Security Account Product Level Test 1 2 3 4 5 6 7 Governor Production Account
  • 48. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Monitor—pipeline dashboard
  • 49. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Monitor—pipeline dashboard
  • 50. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ServerlessFunc: Type: 'AWS::Serverless::Function' Properties: Handler: handler.pipeline_event Runtime: python3.6 CodeUri: ../app Events: PipelineEventRule: Type: CloudWatchEvent Properties: Pattern: source: - "aws.codepipeline" detail-type: - "CodePipeline Pipeline Execution State Change" - "CodePipeline Stage Execution State Change" - "CodePipeline Action Execution State Change" Monitor—pipeline dashboard
  • 51. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. DashboardFunc: Type: 'AWS::Serverless::Function' Properties: Handler: handler.dashboard_event Runtime: python3.6 CodeUri: ../app Events: DashboardEventRule: Type: Schedule Properties: Schedule: "cron(*/5 * * * ? *)" Monitor—pipeline dashboard
  • 52. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What we learned Autonomy • Achieved through continuous delivery and self- service • All infrastructure defined as code • All deployments done via a pipeline • Pipeline is triggered via commit • Only manual step is approve/reject • Use ServiceCatalog to enable self service
  • 53. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What we learned Governance • Achieved through self-service and monitoring • CloudFormation all the things • ServiceCatalog for CloudFormation governance • CloudFormation static analysis with cfn_nag • Cloud Custodian to assess and enforce compliance • Monitor pipeline metrics
  • 54. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Resources https://stelligent.com/dev332
  • 55. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you!

Editor's Notes

  1. Been in business for 30+ years Develop products and services that help our customers produce accurate documentation and medical coding to improve quality of care and reduce cost.
  2. The US is moving from a fee-for-service based medical care to big data driven population health Measuring performance and effectiveness of care Determining actions to take on that performance for improvement
  3. 24 states have our adopted our systems 87 % of the population is covered by our systems 1% of the Gross Domestic Product is being risk adjusted with 3M HIS methodologies (products and services) Lots of records Lots of dollars
  4. Bottleneck=The amount of time it takes to do the action and waiting on the availability of the team. How long it took to get to production on some of our deployments
  5. Get software into the hands of customers as fast as possible.
  6. Rob Brigham
  7. Building the CI/CD platform team Choosing the right technology Security Find the right service Find a hungry team Embed with the team Establishing a Feedback loop
  8. Needed a balance of engineer types and consulting engineer types If you don’t have it in house, bring in consultants and rotate FTEs into the team
  9. Don't try to over engineer to solve all types of delivery Don’t try to figure out what you are going to need, figure out what you do need Know that your CI/CD platform is iterative, like any product it will get better over time Use native AWS services/Lambda/SaaS over instance-based infrastructure when possible
  10. Security involved in the cu CI/CD needs to have security baked into the process Start building the platform with the Security team to gain buy-in early Help the security team become consumers of the platform so they can be champions Regulated Data Development with Guardrails Sensitive Data requires unique control frameworks that must be implemented.
  11. Find an easy to deploy service Small, stateless, a web app? Get that thing to production don’t worry about containers, microservices, just yet. Keep trying new services, wait for patterns to develop, iterate
  12. Find an easy to deploy service Find a team that is eager Some teams want in just because it’s the hot new thing http://lghttp.32478.nexcesscdn.net/80E972/organiclifestylemagazine/wp-content/uploads/2015/02/Hungry.jpg
  13. Explain the teams on the graphs Explain the bullet points Onboarding team works closely with the Automation Engineering Team Communicates App Team challenges to Automation Engineering Team Acts as champion for App Team issues to make sure they are captured for future Teams and Pipeline Factory enhancements Hands the steering wheel when app team is ready
  14. Consistent CICD Pipelines and process at scale
  15. James covered challenges and the approach to addressing 3 parts to solution Pipelines – every commit can make its way to production with minimal human intervention  (SPEED/AGILITY) Self service – teams can create and manage their own pipelines  (AUTONOMY) Monitor – guardrails to keep people from hurting themselves  (REPUTATION & COMPLIANCE)
  16. Restate problem – manual handoff Some automation, but still requires support from a centralized team
  17. Use CodePipeline for automating deployment workflow ### All deployments must be done via pipeline ### Triggered by commit Single pipeline per deployable application/service ### Only yes/no input All infrastructure defined as CFN by developer ### Everything in code
  18. Stages… Actions… Integrations (CodeCommit, CodeBuild, CodeDeploy, Jenkins) !!!UPDATE notes
  19. 2 repos – one for app, one for IaC…allows separate of roles inside a team Pipeline is trigged when either one changes
  20. ### Define all Jenkins jobs as JobDSL in the IaC repository Every pipeline execution runs the DSL
  21. Source is built, unit tested and packaged We’ll come back to CfnNag later….
  22. 3 stages…one per environment (automated testing, manual testing, production) ### Only manual step is between each env...approve/reject
  23. Launch infrastructure via CloudFormation templates defined in the IaC repo ASGs, ELBs, DBs
  24. Deploy app that was built previously to new infrastructure
  25. * Run end to end tests…selenium, resteasy, postman/newman
  26. Blue green switch at the ELB to the new ASG !!!UPDATE – blue/green
  27. New problem…how to allow self-service to provision pipelines? Don’t want to allow folks to create manually Needed a pipeline factory!
  28. Least privilege - Control who can create pipelines via IAM. Govern – Pipeline is creating exactly as intended as users can only create whats in the approved template. Versioned - Changes can be versioned allowing users to consume changes to pipelines at their own pace Declarative > Imperative - Easier to manage as CloudFormation does a great job of converging incremental changes. Simply declare the desired state of your resources and CFN will make it happen…rather than you having to write the code to do that hard stuff ### CloudFormation is king – easier to version and apply incremental changes ### CloudFormation service role – a role that only is used by service catalog/cloudformation that has all the access…can’t be assumed by users ### ServiceCatalog to provide self service with governance
  29. Demo script…(to be recorded) Create team via SC Login to Jenkins View list of created stacks (cross account) Create pipeline via SC View CodePipeline View Jenkins View CodeCommit Watch pipeline succeed
  30. Service Catalog creates top level stack Custom resource backed by lambda function, creates nested stacks in other accounts using IAM role Can reattach to existing stack, useful for KMS keys and S3 buckets ### Retain important resources – buckets, keys, databases
  31. Custom resource One per account, uses AssumeRole to jump accounts Shared template for all accounts, versioned DeletionPolicy…retained and reattached
  32. Self service documentation How to get started How to solve common problems Changelog and migration documentation
  33. Teams create the CFN for their ELBs, ASGs, Route53, RDS The cfn-nag tool looks for patterns in CloudFormation templates that may indicate insecure infrastructure. ELBs that are open to outside Security group rules that are too permissive (wildcards) Access logs that aren't enabled Encryption that isn't enabled ### static analysis before deployment
  34. Rules defined via custodian DSL Deployed as lambda functions Perform notification and remediation
  35. Look for public buckets Automatically remove grants and website hosting Notify the resource owner ### setup processes to assess and enforce policy compliance !!! Mode/type
  36. Look for instance missing ”Cost Center” or “Team” tags Stop the instance Notify resource owner
  37. Teams can define their own tests (functional or non-functional) as lambda functions Modify S3 bucket ACL -> failed build IAM role trust policy with non-HIS account -> failed build Permissive security groups !!! UPDATE - icon Dynamic testing framework for infrastructure and application level functional and non functional tests Verify Infrastructure aligns with AWS Best Practices (AWS Security Epics) and your own organizational governance Application Level Functional Tests (Call my endpoints and assert the response) Non-Functional Tests (Terminate instances in auto-scaling group, verify resiliency ) Framework allows for dynamically testing AWS best practices like (AWS Security Epics) Framework capable of running cross account tests, in multiple accounts Security Tests (Organizational / BU Level) are run in SecOps, but test infra in other accounts Application Tests (Product Level) Created by the app team are executed in the deployment account(s) Framework that can be directly integrated with the pipeline or used independently with minor changes Embraces DevSecOps allowing the security team and the application teams to build security into the development process Organization Level Test – Test define to verify enterprise or business unit requirements Product Level Test – Test written by the product team to verify security, functional, and non-functional requirements
  38. Single CW dashboard showing metrics for each pipeline SuccessCount FailureCount CycleTime RedTime GreenTime ### monitor health of pipelines !!!UPDATE – new picture
  39. Triggered by each CW event Recorded as CW metric, pipeline/stage/action as dimensions Dashboard, built nightly via lambda that queries CW metrics !!!UPDATE - typo
  40. SAM Defines both the function and the event rule
  41. SAM Runs nightly !!!UPDATE - cron schedule
  42. Continuous Delivery ### Everything in code ### Deployed via pipeline ### Triggered by commit ### Only manual step is between each env...approve/reject Self Service ### ServiceCatalog to provide self service with governance !!! UPDATE – add bullet point
  43. Self Service ### CloudFormation is king – easier to version and apply incremental changes ### CloudFormation service role – a role that only is used by service catalog/cloudformation that has all the access…can’t be assumed by users ### ServiceCatalog to provide self service with governance ### Retain important resources – buckets, keys, databases Monitor ### static analysis before deployment ### setup process as guardrails that assess and enforce policy compliance ### monitor pipeline health !!! UPDATE – add bullet point