12. RDS -> S3
• There should be an ingress rule here too
• “I’m going to open this up to the pub real quick”
13. Common Utils
• Common VPC Peered to all other “App” VPCs
• Output Security Info, CIDRs, etc (sick of IPV4 stuff yet?)
• Jenkins (workers in specific SGs)
• Log Shipping
14. IAM
• Users (Devs and Machine Users)
• Groups / Products
• Roles & Policies
• Controlling Dev and Machine access to
Specific ENVs
15. CloudFront
• CDNs with Bucket origins
• Static Assets are Deployed to Buckets
• Certs are pushed out to CDNs through Cert
Manager
• CORS policies
20. Results
• The more we control, the less configuration drift
there is
• Output and Import all the things; tight grasp on
ACLs
• Deploy times ~ 5 Minutes
• Build Time ~5 Minutes