Aws Series Governance

Aws Series Governance

Post Date : 2024-01-03T23:05:24+07:00

Modified Date : 2024-01-03T23:05:24+07:00

Category: systemdesign aws

Tags: aws

Account Types

  • Management Account is the primary account that hosts and manage organization (payer account)
  • Member Account is all AWS accounts that belong to the organization

Features

  • Consolidated Billing
  • Usage Discounts
  • Shared Savings

Main concepts

  • Multi Account
  • Tag Enforcement
  • Organization Unit(ou): group of accounts
  • Service Controler Policies(SCP): JSON policies that get applied to OUs or accounts to restrict actions that are or are not allowed
  • Management Account: SCP do affect the management account like they do all member accounts.
  • Account Best Practices: create a centralized logging account for organization CloudTrail logs. Also, levelrage cross-account roles for accessing member accounts.

image

Example of SCP

image

Sharing resources using AWS RAM

AWS RAM(Resource Access Manager)

  • A Free service that allows you to share resources with other accounts inside or outside your organization. It is actually shared not duplicating

What could be shared?

  • Transit gateways
  • VPC subnets
  • License Manager
  • Route 53 Resolver(Rules and Endpoints)
  • Dedicated Hosts

Ownership and Participants

  • Ownership: create and manage VPC resources that get shared. Can not delete or modify resourced deployed by participant accounts.
  • Participants: able to provision services in the shared VPC subnets. Can not modify or delete the shared resources.

Setting up cross account role access

Cross-account role access gives you the ability to setup temporately credentials that can be revoked as needed

image image image image image

AWS config

  • An inventory management and control tool
  • Allow to show configuration history
  • Ability to create rules to make sure resources conform to your requirements
  • Capable of receiving alerts via SNS
  • Configured per Region
  • Results can be aggregated across regions and AWS accounts

image

image

image

Examples

image

AWS Directory Service

  • A fully managed version of Active Directory

image

There 2 types:

  • Managed Microsoft AD
  • AD Connector

AWS Cost Explorer

image

AWS Budgets

  • The best way to let users know they are getting close to overspending

image

Optimize AWS CUR

Cost and Usage Report

image

AWS Trusted Advisor

image

AWS Control Tower and GuardRails

  • Automated multi-account governance, guardrails, account orchestration

image

Manage software license in AWS using AWS License Manager

image

AWS Health and Personal Health Dashboard

image

AWS Service Catalog and AWS Proton

Catalog

image

AWS Proton

image

AWS Well Architected Framework

image

systemdesign aws
You Might Also Like