SlideShare a Scribd company logo

WdW - superwerker.pdf

Manuel Vogel
Manuel Vogel

This document discusses setting up a solid AWS foundation using the superwerker open source solution. Superwerker automates the setup of a multi-account AWS environment with security, governance and cost management best practices. It provides benefits like immediate startup, low maintenance costs and pre-configured security controls. The solution establishes key AWS services like Control Tower, Security Hub, GuardDuty and AWS Backup across multiple AWS accounts organized by function. It aims to help startups and SMBs focus on their business by automating the time-consuming process of properly setting up and managing an AWS environment.

Engineering
1 of 49
Download to read offline
WdW - kreuzwerker Remote, September 8th, 2022 Setting up a solid foundation for your AWS environment based on Security & Governance
© kreuzwerker 2022 Intro 2
© kreuzwerker 2022 About me 3 Manuel Vogel Head of Solution Architecture manuel.vogel@kreuzwerker.de - Coding since 2008 - In love with DevOps and automation - Surfing and Yoga since 2015 - Minimalism and mindfulness certified, Cloud-native Engineer 󰞐 FinOps Practitioner 💵 , Kubernetes Terraform Talking about things that inspire me, Coding, Boxing, Yoga, dancing
© kreuzwerker 2022 4
© kreuzwerker 2022 History 5 2010 2013 2017 2019 2020 Founding kreuzwerker GmbH Founding kreuzwerker Polska, Warsaw Founding kreuzwerker AG, Zurich Opening of the branch office in Munich Founding kreuzwerker Frankfurt GmbH
© kreuzwerker 2022 6 Locations
© kreuzwerker 2022 Our AWS Business Offerings 7 Cloud Engineering Data Engineering Custom SW Development AWS Managed Services FinOps Practice (AWS Reselling)
© kreuzwerker 2022 Customer Examples - Startups / DNB 8
© kreuzwerker 2022 © kreuzwerker 2022 Agenda 9 Why a solid foundation or Landing Zone (LZ) superwerker jumpstart (LZ) benefits design principles internals
© kreuzwerker 2022 © kreuzwerker 2022 This sounds very amazing, so let’s start building on AWS 🚀 10 🏁 󰝅󰝄
© kreuzwerker 2022 Expectation 11 1. Idea 2. Create AWS Account 3. Start building!
© kreuzwerker 2022 Expectation zoomed in 12
© kreuzwerker 2022 But in reality ... Multi-account or not? Which foundational AWS services should be enabled? How to ensure a secure AWS setup? How to keep costs under control? How to keep up to date with the pace of AWS? How to detect incidents and events, how to handle them? 13
© kreuzwerker 2022 Manual governance in AWS at scale ... ⚡ 14 ❓ Account management - how to automate policies? - how to automate identity federation? - how to do account automation? ❓ Security and compliance - identity & access automation? - security automation? - policy enforcement? ❓ Budget & Cost management: - planning and enforcement? 🤯
© kreuzwerker 2022 Building an AWS Foundation usually ends up ... Pay consultants OR Custom-build inhouse Do nothing OR 15
© kreuzwerker 2022 Problems with custom-built AWS foundations Expensive “Time to AWS” slowed down Best practices not known 16 Insecure: Easy to overlook basic security services
© kreuzwerker 2022 Comparison Consultants / custom-built Do nothing superwerker Zero upfront cost ❌ ✅ ✅ Immediate start ❌ ✅ ✅ Near-zero maintenance costs ❌ ❌ ✅ Open source ❌ ❌ ✅ Security controls enabled ❓ ❌ ✅ Stay up-to-date with best practices ❓ ❌ ✅ 17
© kreuzwerker 2022 © kreuzwerker 2022 Landing Zone with 18 🛬🛬🛬
© kreuzwerker 2022 What exactly is a Landing Zone? 🤔 19 A Landing Zone is a well-architected multi-account AWS environment that is scalable and secure ✅
© kreuzwerker 2022 The superwerker open source solution automates the setup of an AWS Cloud environment with prescriptive AWS Best Practices. 20 It enables Startups and SMBs to focus on their core business. By saving setup and maintenance time and money
© kreuzwerker 2022 superwerker benefits Free and open-source official AWS Quick Start Off-the-shelf AWS experience (fully automated setup) Secure AWS environment in hours instead of weeks Bundled and codified experience of two AWS Advanced Partners 21
© kreuzwerker 2022 superwerker design guidelines End-to-end tests with real AWS accounts and resources Forward compatibility and adoption Low total cost of ownership: only serverless AWS services are used Documented with Architecture Design Records (ADR) 22
© kreuzwerker 2022 What’s included in superwerker? In the initial release, superwerker enables the following AWS services and features in a fully automated way: Control Tower Base for a future-proof multi-account setup Security Hub Org-wide ensure established security standards GuardDuty Org-wide automatic detection of possible threats breaches AWS Backup Org-wide automated backups Preventive Guardrails protect the infrastructure Billing/Budget Setup Budget Alarms. Secure AWS Account Mailboxes Configure dedicated secure mail domain for AWS Accounts SSM OpsCenter/Items For notifications / incident response handling Quick-start dashboard Quick-Links to e.g. services, SSO setup, notification center 23
© kreuzwerker 2022 The Concept of a Landing Zone 🛬 24 A well-architected multi-account AWS environment that is scalable and secure
© kreuzwerker 2022 The Concept of a Landing Zone 🛬 25 Logging into your accounts via the AWS SSO portal
© kreuzwerker 2022 Organization Management account 26 One account to rule them all….
© kreuzwerker 2022 Why a Multi Account strategy? 🤔 27 They are like resource containers: workload categorization, blast radius reduction, cost allocation and more ✅
© kreuzwerker 2022 AWS Organizations 28
© kreuzwerker 2022 Security OU - Audit (Security Tooling) account 29 Security Tooling account dedicated to operating security services.
© kreuzwerker 2022 Security OU - Log Archive account 30 Collect, monitor and audit all security related logs in one central place.
© kreuzwerker 2022 Infrastructure OU - Network account (planned) 31 The gateway between your business and the broader internet.
© kreuzwerker 2022 Infrastructure OU - Shared Services account 32 Share services between teams and applications. Also planned 󰞐
© kreuzwerker 2022 Sandbox OU 33 Fail fast, fail smart!
© kreuzwerker 2022 AWS Control Tower 34
© kreuzwerker 2022 Secure multi-accounts setup with Control Tower 35
© kreuzwerker 2022 AWS Security Hub 36 Security posture management service that performs security best practice checks, aggregates alerts, and enables automated remediation.
© kreuzwerker 2022 Continuous monitoring of security best practices 37
© kreuzwerker 2022 Amazon GuardDuty 38 Continuous security monitoring and intelligent threat detection
© kreuzwerker 2022 Continuous threat detection 39
© kreuzwerker 2022 AWS Backup 40 Centralize and automate data protection: - across AWS services - in the cloud - and on premises
© kreuzwerker 2022 AWS Budgets 41 Keep your spending in check with custom budget threshold and auto alert notification.
© kreuzwerker 2022 Automated Billing and Budget Setup 42 ✅ Get alerted when overall AWS spend reaches defined thresholds - 100$ / month - rolling update over the last 3 months
© kreuzwerker 2022 https://kreuzwerker.de/ © kreuzwerker 2022 Quick-start dashboard 43
© kreuzwerker 2022 Secure Root Mail Handling AWS accounts need unique email addresses. Access to these email accounts has to be secured properly since they provide full access to the AWS accounts. 44 ✅ superwerker sets up a secure mail (sub-)domain in the DNS namespace of the AWS user ✅ Takes care of generating email addresses for new AWS accounts - E.g. root+22c29f9d33ad@aws.<yourcompany>.com ✅ Consolidates all mail traffic / notifications to Systems Manager OpsCenter
© kreuzwerker 2022 superwerker is available as AWS Quickstart & OSS For updates, please look at the homepage, the Quickstart home and subscribe to our mailing list or join the Slack channel. - www.superwerker.cloud - aws.amazon.com/quickstart/architecture/superwerker - github.com/superwerker/superwerker - Slack: og-aws #superwerker (invite) 45
© kreuzwerker 2022 https://kreuzwerker.de/ © kreuzwerker 2022 46 https://superwerker.cloud/
© kreuzwerker 2022 Key takeaways - AWS gives you maximum flexibility, however setting up the foundation correctly is crucial 🛬 47 - AWS has a lot of services, you simply need to know that they exist and then how to use them, and how to connect them together - We recommend to start your journey with an AWS Partner 󰙢
© kreuzwerker 2022 Thank you! Questions?
kreuzwerker GmbH Ritterstr. 12-14 10969 Berlin www.kreuzwerker.de Fon +49 30 609 838 80 Fax +49 30 609 838 899

Recommended

AWS Immersion Day Zurich, kreuzwerker & AWS, 30. Mai 2022
AWS Immersion Day Zurich, kreuzwerker & AWS, 30. Mai 2022AWS Immersion Day Zurich, kreuzwerker & AWS, 30. Mai 2022
AWS Immersion Day Zurich, kreuzwerker & AWS, 30. Mai 2022
kreuzwerker GmbH
 
kreuzwerker about prowler - make best practises best practises
kreuzwerker about prowler - make best practises best practiseskreuzwerker about prowler - make best practises best practises
kreuzwerker about prowler - make best practises best practises
kreuzwerker GmbH
 
AWS Certified Cloud Practitioner Course S1-S6
AWS Certified Cloud Practitioner Course S1-S6AWS Certified Cloud Practitioner Course S1-S6
AWS Certified Cloud Practitioner Course S1-S6
Neal Davis
 
Do you REALLY know what is going on in your AWS Accounts?
Do you REALLY know what is going on in your AWS Accounts?Do you REALLY know what is going on in your AWS Accounts?
Do you REALLY know what is going on in your AWS Accounts?
Aaron Walker
 
Run your business more efficiently with Windows Server on Azure
Run your business more efficiently with Windows Server on AzureRun your business more efficiently with Windows Server on Azure
Run your business more efficiently with Windows Server on Azure
Inovar Tech
 
Making Serverless a Game Changer for you
Making Serverless a Game Changer for youMaking Serverless a Game Changer for you
Making Serverless a Game Changer for you
kreuzwerker GmbH
 
Aws user group #04 landing zones
Aws user group #04 landing zonesAws user group #04 landing zones
Aws user group #04 landing zones
PolarSeven Pty Ltd
 
Check Point and Accenture Webinar
Check Point and Accenture Webinar Check Point and Accenture Webinar
Check Point and Accenture Webinar
Check Point Software Technologies
 

Recommended

AWS Immersion Day Zurich, kreuzwerker & AWS, 30. Mai 2022
AWS Immersion Day Zurich, kreuzwerker & AWS, 30. Mai 2022AWS Immersion Day Zurich, kreuzwerker & AWS, 30. Mai 2022
AWS Immersion Day Zurich, kreuzwerker & AWS, 30. Mai 2022
kreuzwerker GmbH
 
kreuzwerker about prowler - make best practises best practises
kreuzwerker about prowler - make best practises best practiseskreuzwerker about prowler - make best practises best practises
kreuzwerker about prowler - make best practises best practises
kreuzwerker GmbH
 
AWS Certified Cloud Practitioner Course S1-S6
AWS Certified Cloud Practitioner Course S1-S6AWS Certified Cloud Practitioner Course S1-S6
AWS Certified Cloud Practitioner Course S1-S6
Neal Davis
 
Do you REALLY know what is going on in your AWS Accounts?
Do you REALLY know what is going on in your AWS Accounts?Do you REALLY know what is going on in your AWS Accounts?
Do you REALLY know what is going on in your AWS Accounts?
Aaron Walker
 
Run your business more efficiently with Windows Server on Azure
Run your business more efficiently with Windows Server on AzureRun your business more efficiently with Windows Server on Azure
Run your business more efficiently with Windows Server on Azure
Inovar Tech
 
Making Serverless a Game Changer for you
Making Serverless a Game Changer for youMaking Serverless a Game Changer for you
Making Serverless a Game Changer for you
kreuzwerker GmbH
 
Aws user group #04 landing zones
Aws user group #04 landing zonesAws user group #04 landing zones
Aws user group #04 landing zones
PolarSeven Pty Ltd
 
Check Point and Accenture Webinar
Check Point and Accenture Webinar Check Point and Accenture Webinar
Check Point and Accenture Webinar
Check Point Software Technologies
 
We are Net3 Technology
We are Net3 TechnologyWe are Net3 Technology
We are Net3 Technology
Kate Bissinger
 
VMware Cloud on Amazon Web Services
VMware Cloud on Amazon Web ServicesVMware Cloud on Amazon Web Services
VMware Cloud on Amazon Web Services
MarketingArrowECS_CZ
 
AWS Dev Tips: Learn from the experts
AWS Dev Tips: Learn from the expertsAWS Dev Tips: Learn from the experts
AWS Dev Tips: Learn from the experts
CeciliaTimm2
 
2017DellEMCForum-ConsistentCloudOperations-VMwareCloudonAWS-FV.pdf
2017DellEMCForum-ConsistentCloudOperations-VMwareCloudonAWS-FV.pdf2017DellEMCForum-ConsistentCloudOperations-VMwareCloudonAWS-FV.pdf
2017DellEMCForum-ConsistentCloudOperations-VMwareCloudonAWS-FV.pdf
ShahedHasib1
 
AWS Summit Singapore 2019 | How to Reduce Spend and Improve Efficiency in you...
AWS Summit Singapore 2019 | How to Reduce Spend and Improve Efficiency in you...AWS Summit Singapore 2019 | How to Reduce Spend and Improve Efficiency in you...
AWS Summit Singapore 2019 | How to Reduce Spend and Improve Efficiency in you...
AWS Summits
 
IRJET- Research Paper on AWS Cloud Infrastructure vs Traditional On-Premise
IRJET- Research Paper on AWS Cloud Infrastructure vs Traditional On-PremiseIRJET- Research Paper on AWS Cloud Infrastructure vs Traditional On-Premise
IRJET- Research Paper on AWS Cloud Infrastructure vs Traditional On-Premise
IRJET Journal
 
Azure vm introduction
Azure vm introductionAzure vm introduction
Azure vm introduction
Lalit Rawat
 
Google Domains Registrar Module
Google Domains Registrar ModuleGoogle Domains Registrar Module
Google Domains Registrar Module
savitathakur29
 
Hybrid Cloud Architectures on VMware Cloud on AWS.pdf
Hybrid Cloud Architectures on VMware Cloud on AWS.pdfHybrid Cloud Architectures on VMware Cloud on AWS.pdf
Hybrid Cloud Architectures on VMware Cloud on AWS.pdf
Amazon Web Services
 
How to sell VMware Cloud Director
How to sell VMware Cloud DirectorHow to sell VMware Cloud Director
How to sell VMware Cloud Director
Insight
 
Unified Security through Armor and AWS - DEM05 - Atlanta AWS Summit
Unified Security through Armor and AWS - DEM05 - Atlanta AWS SummitUnified Security through Armor and AWS - DEM05 - Atlanta AWS Summit
Unified Security through Armor and AWS - DEM05 - Atlanta AWS Summit
Amazon Web Services
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Amazon Web Services
 
Benefits of Cloud Computing
Benefits of Cloud ComputingBenefits of Cloud Computing
Benefits of Cloud Computing
Amazon Web Services
 
Head in the Clouds? Let’s get serious about how to benefit from Cloud platfor...
Head in the Clouds? Let’s get serious about how to benefit from Cloud platfor...Head in the Clouds? Let’s get serious about how to benefit from Cloud platfor...
Head in the Clouds? Let’s get serious about how to benefit from Cloud platfor...
Digital Transformation EXPO Event Series
 
SEC209-S-143991-Session-Presentation.f500a51002fec4b9a0f60923b1455fb2272a1767...
SEC209-S-143991-Session-Presentation.f500a51002fec4b9a0f60923b1455fb2272a1767...SEC209-S-143991-Session-Presentation.f500a51002fec4b9a0f60923b1455fb2272a1767...
SEC209-S-143991-Session-Presentation.f500a51002fec4b9a0f60923b1455fb2272a1767...
jopivihine
 
RightScale Webinar: Successfully Deploy Your Windows Workloads
RightScale Webinar: Successfully Deploy Your Windows WorkloadsRightScale Webinar: Successfully Deploy Your Windows Workloads
RightScale Webinar: Successfully Deploy Your Windows Workloads
RightScale
 
Introduction to AWS
Introduction to AWSIntroduction to AWS
Introduction to AWS
OSSCube
 
Disaster Recovery Best Practices and Customer Use Cases: CGS and HealthQuest
Disaster Recovery Best Practices and Customer Use Cases: CGS and HealthQuestDisaster Recovery Best Practices and Customer Use Cases: CGS and HealthQuest
Disaster Recovery Best Practices and Customer Use Cases: CGS and HealthQuest
Amazon Web Services
 
Migrating Your Windows Datacenter to AWS
Migrating Your Windows Datacenter to AWSMigrating Your Windows Datacenter to AWS
Migrating Your Windows Datacenter to AWS
2nd Watch
 
One And Done Multi-Cloud Load Balancing Done Right.pptx
One And Done Multi-Cloud Load Balancing Done Right.pptxOne And Done Multi-Cloud Load Balancing Done Right.pptx
One And Done Multi-Cloud Load Balancing Done Right.pptx
Avi Networks
 
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Dr.Costas Sachpazis
 
The role of big data in decision making.
The role of big data in decision making.The role of big data in decision making.
The role of big data in decision making.
ankuprajapati0525
 

More Related Content

Similar to WdW - superwerker.pdf

We are Net3 Technology
We are Net3 TechnologyWe are Net3 Technology
We are Net3 Technology
Kate Bissinger
 
VMware Cloud on Amazon Web Services
VMware Cloud on Amazon Web ServicesVMware Cloud on Amazon Web Services
VMware Cloud on Amazon Web Services
MarketingArrowECS_CZ
 
AWS Dev Tips: Learn from the experts
AWS Dev Tips: Learn from the expertsAWS Dev Tips: Learn from the experts
AWS Dev Tips: Learn from the experts
CeciliaTimm2
 
2017DellEMCForum-ConsistentCloudOperations-VMwareCloudonAWS-FV.pdf
2017DellEMCForum-ConsistentCloudOperations-VMwareCloudonAWS-FV.pdf2017DellEMCForum-ConsistentCloudOperations-VMwareCloudonAWS-FV.pdf
2017DellEMCForum-ConsistentCloudOperations-VMwareCloudonAWS-FV.pdf
ShahedHasib1
 
AWS Summit Singapore 2019 | How to Reduce Spend and Improve Efficiency in you...
AWS Summit Singapore 2019 | How to Reduce Spend and Improve Efficiency in you...AWS Summit Singapore 2019 | How to Reduce Spend and Improve Efficiency in you...
AWS Summit Singapore 2019 | How to Reduce Spend and Improve Efficiency in you...
AWS Summits
 
IRJET- Research Paper on AWS Cloud Infrastructure vs Traditional On-Premise
IRJET- Research Paper on AWS Cloud Infrastructure vs Traditional On-PremiseIRJET- Research Paper on AWS Cloud Infrastructure vs Traditional On-Premise
IRJET- Research Paper on AWS Cloud Infrastructure vs Traditional On-Premise
IRJET Journal
 
Azure vm introduction
Azure vm introductionAzure vm introduction
Azure vm introduction
Lalit Rawat
 
Google Domains Registrar Module
Google Domains Registrar ModuleGoogle Domains Registrar Module
Google Domains Registrar Module
savitathakur29
 
Hybrid Cloud Architectures on VMware Cloud on AWS.pdf
Hybrid Cloud Architectures on VMware Cloud on AWS.pdfHybrid Cloud Architectures on VMware Cloud on AWS.pdf
Hybrid Cloud Architectures on VMware Cloud on AWS.pdf
Amazon Web Services
 
How to sell VMware Cloud Director
How to sell VMware Cloud DirectorHow to sell VMware Cloud Director
How to sell VMware Cloud Director
Insight
 
Unified Security through Armor and AWS - DEM05 - Atlanta AWS Summit
Unified Security through Armor and AWS - DEM05 - Atlanta AWS SummitUnified Security through Armor and AWS - DEM05 - Atlanta AWS Summit
Unified Security through Armor and AWS - DEM05 - Atlanta AWS Summit
Amazon Web Services
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Amazon Web Services
 
Benefits of Cloud Computing
Benefits of Cloud ComputingBenefits of Cloud Computing
Benefits of Cloud Computing
Amazon Web Services
 
Head in the Clouds? Let’s get serious about how to benefit from Cloud platfor...
Head in the Clouds? Let’s get serious about how to benefit from Cloud platfor...Head in the Clouds? Let’s get serious about how to benefit from Cloud platfor...
Head in the Clouds? Let’s get serious about how to benefit from Cloud platfor...
Digital Transformation EXPO Event Series
 
SEC209-S-143991-Session-Presentation.f500a51002fec4b9a0f60923b1455fb2272a1767...
SEC209-S-143991-Session-Presentation.f500a51002fec4b9a0f60923b1455fb2272a1767...SEC209-S-143991-Session-Presentation.f500a51002fec4b9a0f60923b1455fb2272a1767...
SEC209-S-143991-Session-Presentation.f500a51002fec4b9a0f60923b1455fb2272a1767...
jopivihine
 
RightScale Webinar: Successfully Deploy Your Windows Workloads
RightScale Webinar: Successfully Deploy Your Windows WorkloadsRightScale Webinar: Successfully Deploy Your Windows Workloads
RightScale Webinar: Successfully Deploy Your Windows Workloads
RightScale
 
Introduction to AWS
Introduction to AWSIntroduction to AWS
Introduction to AWS
OSSCube
 
Disaster Recovery Best Practices and Customer Use Cases: CGS and HealthQuest
Disaster Recovery Best Practices and Customer Use Cases: CGS and HealthQuestDisaster Recovery Best Practices and Customer Use Cases: CGS and HealthQuest
Disaster Recovery Best Practices and Customer Use Cases: CGS and HealthQuest
Amazon Web Services
 
Migrating Your Windows Datacenter to AWS
Migrating Your Windows Datacenter to AWSMigrating Your Windows Datacenter to AWS
Migrating Your Windows Datacenter to AWS
2nd Watch
 
One And Done Multi-Cloud Load Balancing Done Right.pptx
One And Done Multi-Cloud Load Balancing Done Right.pptxOne And Done Multi-Cloud Load Balancing Done Right.pptx
One And Done Multi-Cloud Load Balancing Done Right.pptx
Avi Networks
 

Similar to WdW - superwerker.pdf (20)

We are Net3 Technology
We are Net3 TechnologyWe are Net3 Technology
We are Net3 Technology
 
VMware Cloud on Amazon Web Services
VMware Cloud on Amazon Web ServicesVMware Cloud on Amazon Web Services
VMware Cloud on Amazon Web Services
 
AWS Dev Tips: Learn from the experts
AWS Dev Tips: Learn from the expertsAWS Dev Tips: Learn from the experts
AWS Dev Tips: Learn from the experts
 
2017DellEMCForum-ConsistentCloudOperations-VMwareCloudonAWS-FV.pdf
2017DellEMCForum-ConsistentCloudOperations-VMwareCloudonAWS-FV.pdf2017DellEMCForum-ConsistentCloudOperations-VMwareCloudonAWS-FV.pdf
2017DellEMCForum-ConsistentCloudOperations-VMwareCloudonAWS-FV.pdf
 
AWS Summit Singapore 2019 | How to Reduce Spend and Improve Efficiency in you...
AWS Summit Singapore 2019 | How to Reduce Spend and Improve Efficiency in you...AWS Summit Singapore 2019 | How to Reduce Spend and Improve Efficiency in you...
AWS Summit Singapore 2019 | How to Reduce Spend and Improve Efficiency in you...
 
IRJET- Research Paper on AWS Cloud Infrastructure vs Traditional On-Premise
IRJET- Research Paper on AWS Cloud Infrastructure vs Traditional On-PremiseIRJET- Research Paper on AWS Cloud Infrastructure vs Traditional On-Premise
IRJET- Research Paper on AWS Cloud Infrastructure vs Traditional On-Premise
 
Azure vm introduction
Azure vm introductionAzure vm introduction
Azure vm introduction
 
Google Domains Registrar Module
Google Domains Registrar ModuleGoogle Domains Registrar Module
Google Domains Registrar Module
 
Hybrid Cloud Architectures on VMware Cloud on AWS.pdf
Hybrid Cloud Architectures on VMware Cloud on AWS.pdfHybrid Cloud Architectures on VMware Cloud on AWS.pdf
Hybrid Cloud Architectures on VMware Cloud on AWS.pdf
 
How to sell VMware Cloud Director
How to sell VMware Cloud DirectorHow to sell VMware Cloud Director
How to sell VMware Cloud Director
 
Unified Security through Armor and AWS - DEM05 - Atlanta AWS Summit
Unified Security through Armor and AWS - DEM05 - Atlanta AWS SummitUnified Security through Armor and AWS - DEM05 - Atlanta AWS Summit
Unified Security through Armor and AWS - DEM05 - Atlanta AWS Summit
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing Zone
 
Benefits of Cloud Computing
Benefits of Cloud ComputingBenefits of Cloud Computing
Benefits of Cloud Computing
 
Head in the Clouds? Let’s get serious about how to benefit from Cloud platfor...
Head in the Clouds? Let’s get serious about how to benefit from Cloud platfor...Head in the Clouds? Let’s get serious about how to benefit from Cloud platfor...
Head in the Clouds? Let’s get serious about how to benefit from Cloud platfor...
 
SEC209-S-143991-Session-Presentation.f500a51002fec4b9a0f60923b1455fb2272a1767...
SEC209-S-143991-Session-Presentation.f500a51002fec4b9a0f60923b1455fb2272a1767...SEC209-S-143991-Session-Presentation.f500a51002fec4b9a0f60923b1455fb2272a1767...
SEC209-S-143991-Session-Presentation.f500a51002fec4b9a0f60923b1455fb2272a1767...
 
RightScale Webinar: Successfully Deploy Your Windows Workloads
RightScale Webinar: Successfully Deploy Your Windows WorkloadsRightScale Webinar: Successfully Deploy Your Windows Workloads
RightScale Webinar: Successfully Deploy Your Windows Workloads
 
Introduction to AWS
Introduction to AWSIntroduction to AWS
Introduction to AWS
 
Disaster Recovery Best Practices and Customer Use Cases: CGS and HealthQuest
Disaster Recovery Best Practices and Customer Use Cases: CGS and HealthQuestDisaster Recovery Best Practices and Customer Use Cases: CGS and HealthQuest
Disaster Recovery Best Practices and Customer Use Cases: CGS and HealthQuest
 
Migrating Your Windows Datacenter to AWS
Migrating Your Windows Datacenter to AWSMigrating Your Windows Datacenter to AWS
Migrating Your Windows Datacenter to AWS
 
One And Done Multi-Cloud Load Balancing Done Right.pptx
One And Done Multi-Cloud Load Balancing Done Right.pptxOne And Done Multi-Cloud Load Balancing Done Right.pptx
One And Done Multi-Cloud Load Balancing Done Right.pptx
 

Recently uploaded

Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Dr.Costas Sachpazis
 
The role of big data in decision making.
The role of big data in decision making.The role of big data in decision making.
The role of big data in decision making.
ankuprajapati0525
 
Immunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary AttacksImmunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary Attacks
gerogepatton
 
ASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdfASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdf
AhmedHussein950959
 
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdfWater Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation & Control
 
ethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.pptethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.ppt
Jayaprasanna4
 
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
ydteq
 
CME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional ElectiveCME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional Elective
karthi keyan
 
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
zwunae
 
road safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdfroad safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdf
VENKATESHvenky89705
 
Runway Orientation Based on the Wind Rose Diagram.pptx
Runway Orientation Based on the Wind Rose Diagram.pptxRunway Orientation Based on the Wind Rose Diagram.pptx
Runway Orientation Based on the Wind Rose Diagram.pptx
SupreethSP4
 
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdfTop 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Teleport Manpower Consultant
 
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&BDesign and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Sreedhar Chowdam
 
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdfH.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
MLILAB
 
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxCFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
R&R Consult
 
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
Amil Baba Dawood bangali
 
Railway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdfRailway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdf
TeeVichai
 
The Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdfThe Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdf
Pipe Restoration Solutions
 
WATER CRISIS and its solutions-pptx 1234
WATER CRISIS and its solutions-pptx 1234WATER CRISIS and its solutions-pptx 1234
WATER CRISIS and its solutions-pptx 1234
AafreenAbuthahir2
 
block diagram and signal flow graph representation
block diagram and signal flow graph representationblock diagram and signal flow graph representation
block diagram and signal flow graph representation
Divya Somashekar
 

Recently uploaded (20)

Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
 
The role of big data in decision making.
The role of big data in decision making.The role of big data in decision making.
The role of big data in decision making.
 
Immunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary AttacksImmunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary Attacks
 
ASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdfASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdf
 
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdfWater Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdf
 
ethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.pptethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.ppt
 
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
 
CME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional ElectiveCME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional Elective
 
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
 
road safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdfroad safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdf
 
Runway Orientation Based on the Wind Rose Diagram.pptx
Runway Orientation Based on the Wind Rose Diagram.pptxRunway Orientation Based on the Wind Rose Diagram.pptx
Runway Orientation Based on the Wind Rose Diagram.pptx
 
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdfTop 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
 
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&BDesign and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
 
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdfH.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
 
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxCFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
 
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
 
Railway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdfRailway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdf
 
The Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdfThe Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdf
 
WATER CRISIS and its solutions-pptx 1234
WATER CRISIS and its solutions-pptx 1234WATER CRISIS and its solutions-pptx 1234
WATER CRISIS and its solutions-pptx 1234
 
block diagram and signal flow graph representation
block diagram and signal flow graph representationblock diagram and signal flow graph representation
block diagram and signal flow graph representation
 

WdW - superwerker.pdf

  • 1. WdW - kreuzwerker Remote, September 8th, 2022 Setting up a solid foundation for your AWS environment based on Security & Governance
  • 3. © kreuzwerker 2022 About me 3 Manuel Vogel Head of Solution Architecture manuel.vogel@kreuzwerker.de - Coding since 2008 - In love with DevOps and automation - Surfing and Yoga since 2015 - Minimalism and mindfulness certified, Cloud-native Engineer 󰞐 FinOps Practitioner 💵 , Kubernetes Terraform Talking about things that inspire me, Coding, Boxing, Yoga, dancing
  • 5. © kreuzwerker 2022 History 5 2010 2013 2017 2019 2020 Founding kreuzwerker GmbH Founding kreuzwerker Polska, Warsaw Founding kreuzwerker AG, Zurich Opening of the branch office in Munich Founding kreuzwerker Frankfurt GmbH
  • 6. © kreuzwerker 2022 6 Locations
  • 7. © kreuzwerker 2022 Our AWS Business Offerings 7 Cloud Engineering Data Engineering Custom SW Development AWS Managed Services FinOps Practice (AWS Reselling)
  • 8. © kreuzwerker 2022 Customer Examples - Startups / DNB 8
  • 9. © kreuzwerker 2022 © kreuzwerker 2022 Agenda 9 Why a solid foundation or Landing Zone (LZ) superwerker jumpstart (LZ) benefits design principles internals
  • 10. © kreuzwerker 2022 © kreuzwerker 2022 This sounds very amazing, so let’s start building on AWS 🚀 10 🏁 󰝅󰝄
  • 11. © kreuzwerker 2022 Expectation 11 1. Idea 2. Create AWS Account 3. Start building!
  • 13. © kreuzwerker 2022 But in reality ... Multi-account or not? Which foundational AWS services should be enabled? How to ensure a secure AWS setup? How to keep costs under control? How to keep up to date with the pace of AWS? How to detect incidents and events, how to handle them? 13
  • 14. © kreuzwerker 2022 Manual governance in AWS at scale ... ⚡ 14 ❓ Account management - how to automate policies? - how to automate identity federation? - how to do account automation? ❓ Security and compliance - identity & access automation? - security automation? - policy enforcement? ❓ Budget & Cost management: - planning and enforcement? 🤯
  • 15. © kreuzwerker 2022 Building an AWS Foundation usually ends up ... Pay consultants OR Custom-build inhouse Do nothing OR 15
  • 16. © kreuzwerker 2022 Problems with custom-built AWS foundations Expensive “Time to AWS” slowed down Best practices not known 16 Insecure: Easy to overlook basic security services
  • 17. © kreuzwerker 2022 Comparison Consultants / custom-built Do nothing superwerker Zero upfront cost ❌ ✅ ✅ Immediate start ❌ ✅ ✅ Near-zero maintenance costs ❌ ❌ ✅ Open source ❌ ❌ ✅ Security controls enabled ❓ ❌ ✅ Stay up-to-date with best practices ❓ ❌ ✅ 17
  • 18. © kreuzwerker 2022 © kreuzwerker 2022 Landing Zone with 18 🛬🛬🛬
  • 19. © kreuzwerker 2022 What exactly is a Landing Zone? 🤔 19 A Landing Zone is a well-architected multi-account AWS environment that is scalable and secure ✅
  • 20. © kreuzwerker 2022 The superwerker open source solution automates the setup of an AWS Cloud environment with prescriptive AWS Best Practices. 20 It enables Startups and SMBs to focus on their core business. By saving setup and maintenance time and money
  • 21. © kreuzwerker 2022 superwerker benefits Free and open-source official AWS Quick Start Off-the-shelf AWS experience (fully automated setup) Secure AWS environment in hours instead of weeks Bundled and codified experience of two AWS Advanced Partners 21
  • 22. © kreuzwerker 2022 superwerker design guidelines End-to-end tests with real AWS accounts and resources Forward compatibility and adoption Low total cost of ownership: only serverless AWS services are used Documented with Architecture Design Records (ADR) 22
  • 23. © kreuzwerker 2022 What’s included in superwerker? In the initial release, superwerker enables the following AWS services and features in a fully automated way: Control Tower Base for a future-proof multi-account setup Security Hub Org-wide ensure established security standards GuardDuty Org-wide automatic detection of possible threats breaches AWS Backup Org-wide automated backups Preventive Guardrails protect the infrastructure Billing/Budget Setup Budget Alarms. Secure AWS Account Mailboxes Configure dedicated secure mail domain for AWS Accounts SSM OpsCenter/Items For notifications / incident response handling Quick-start dashboard Quick-Links to e.g. services, SSO setup, notification center 23
  • 24. © kreuzwerker 2022 The Concept of a Landing Zone 🛬 24 A well-architected multi-account AWS environment that is scalable and secure
  • 25. © kreuzwerker 2022 The Concept of a Landing Zone 🛬 25 Logging into your accounts via the AWS SSO portal
  • 26. © kreuzwerker 2022 Organization Management account 26 One account to rule them all….
  • 27. © kreuzwerker 2022 Why a Multi Account strategy? 🤔 27 They are like resource containers: workload categorization, blast radius reduction, cost allocation and more ✅
  • 28. © kreuzwerker 2022 AWS Organizations 28
  • 29. © kreuzwerker 2022 Security OU - Audit (Security Tooling) account 29 Security Tooling account dedicated to operating security services.
  • 30. © kreuzwerker 2022 Security OU - Log Archive account 30 Collect, monitor and audit all security related logs in one central place.
  • 31. © kreuzwerker 2022 Infrastructure OU - Network account (planned) 31 The gateway between your business and the broader internet.
  • 32. © kreuzwerker 2022 Infrastructure OU - Shared Services account 32 Share services between teams and applications. Also planned 󰞐
  • 33. © kreuzwerker 2022 Sandbox OU 33 Fail fast, fail smart!
  • 34. © kreuzwerker 2022 AWS Control Tower 34
  • 35. © kreuzwerker 2022 Secure multi-accounts setup with Control Tower 35
  • 36. © kreuzwerker 2022 AWS Security Hub 36 Security posture management service that performs security best practice checks, aggregates alerts, and enables automated remediation.
  • 37. © kreuzwerker 2022 Continuous monitoring of security best practices 37
  • 38. © kreuzwerker 2022 Amazon GuardDuty 38 Continuous security monitoring and intelligent threat detection
  • 39. © kreuzwerker 2022 Continuous threat detection 39
  • 40. © kreuzwerker 2022 AWS Backup 40 Centralize and automate data protection: - across AWS services - in the cloud - and on premises
  • 41. © kreuzwerker 2022 AWS Budgets 41 Keep your spending in check with custom budget threshold and auto alert notification.
  • 42. © kreuzwerker 2022 Automated Billing and Budget Setup 42 ✅ Get alerted when overall AWS spend reaches defined thresholds - 100$ / month - rolling update over the last 3 months
  • 43. © kreuzwerker 2022 https://kreuzwerker.de/ © kreuzwerker 2022 Quick-start dashboard 43
  • 44. © kreuzwerker 2022 Secure Root Mail Handling AWS accounts need unique email addresses. Access to these email accounts has to be secured properly since they provide full access to the AWS accounts. 44 ✅ superwerker sets up a secure mail (sub-)domain in the DNS namespace of the AWS user ✅ Takes care of generating email addresses for new AWS accounts - E.g. root+22c29f9d33ad@aws.<yourcompany>.com ✅ Consolidates all mail traffic / notifications to Systems Manager OpsCenter
  • 45. © kreuzwerker 2022 superwerker is available as AWS Quickstart & OSS For updates, please look at the homepage, the Quickstart home and subscribe to our mailing list or join the Slack channel. - www.superwerker.cloud - aws.amazon.com/quickstart/architecture/superwerker - github.com/superwerker/superwerker - Slack: og-aws #superwerker (invite) 45
  • 46. © kreuzwerker 2022 https://kreuzwerker.de/ © kreuzwerker 2022 46 https://superwerker.cloud/
  • 47. © kreuzwerker 2022 Key takeaways - AWS gives you maximum flexibility, however setting up the foundation correctly is crucial 🛬 47 - AWS has a lot of services, you simply need to know that they exist and then how to use them, and how to connect them together - We recommend to start your journey with an AWS Partner 󰙢
  • 48. © kreuzwerker 2022 Thank you! Questions?
  • 49. kreuzwerker GmbH Ritterstr. 12-14 10969 Berlin www.kreuzwerker.de Fon +49 30 609 838 80 Fax +49 30 609 838 899