Management and Governance Lens — Coming Soon - Management and Governance Lens

Management and Governance Lens — Coming Soon

Publication date: December 4, 2020

The Management and Governance Lens for AWS Well-Architected, now under development, will make it easier for customers to develop management and governance solutions to support the design, implementation, and operation of applications in AWS and on-premises. The Management and Governance Lens provides prescriptive guidance on key concepts, design principles, and best practices for optimizing management and governance—including recommended combinations of AWS services, integration points with AWS Partner Network (APN) Partner solutions, and vetted reference implementations. The Management and Governance Lens incorporates best practices learned from customers migrating thousands of applications to AWS, and includes guidance on satisfying regulatory expectations for different industries.

Customers of every size across all industries are moving to the cloud to become more agile, reduce costs, instantly scale, and deploy globally in minutes. When making this transition, customers need the visibility into their AWS and on-premises environments to give confidence that applications adhere both to their internal control and operational requirements, and the proven AWS Well-Architected Framework pillars.

The AWS Well-Architected Management and Governance Lens helps customers successfully leverage familiar processes and tools from AWS Technology Partners, and offers guidance on how to use them, and integrate across AWS for effective management and governance solutions.

This document describes a few management and governance scenarios that our customers encounter, the AWS services that support these scenarios, and links to published solutions and AWS Competency Partners that enable these scenarios. This document also describes the AWS services that support these scenarios, including AWS Config, AWS Control Tower, AWS Organizations, AWS Security Hub, AWS Service Catalog, and AWS SSO.

Identity management

Running workloads in the cloud requires controlling access to environments, enabling a set of permissions, and leveraging existing corporate directories for user lifecycle management of passwords and credentials. These scenarios must also provide a way to ensure compliance with security and risk policy.

Identity management starts with a single sign-on solution to simplify and centralize credentials, enforce multi-factor authentication methods to meet security requirements, use of privileges to gain access, and detection of insecure policies and unauthorized access.

For information about the services, solutions, and APN Partners for managing identity and access, see Identity management.

Network management

To set up and maintain cloud environments effectively, customers need a way to connect cloud workloads to enterprise networks users and applications. Customers might also need to publish applications to the internet or to manage connections from cloud to the internet.

Network management must scale for enterprise-wide environments in order to configure, manage, and coordinate AWS resources. The network connections must be monitored to ensure they are deployed correctly while providing visibility to operations and traffic flow. Access from the internet and the edge must be monitored for threats while providing the ability to do forensics and analysis while protecting data and applications. Network resources must be managed and allocated to preserve capacity and control bandwidth costs.

For information about the services, solutions, and APN Partners in network management, see Network management.

Security information and event management (SIEM)

Customers require in-depth visibility into the security of their infrastructure and applications. Achieving this level of visibility requires the collection of logs and audit trails, the preservation of these logs for analysis and reporting, supported by the capability of real-time reporting with correlation of events, and analysis of those events.

Security information and events must be retained in an immutable form to support forensic analysis, meet service agreements for issue resolution, and satisfy business requirements of minimizing downtime and provide automated analysis and notification of common patterns.

For information about the services, solutions, and APN Partners for security information and event management, see Security information and event management (SIEM).

Monitoring and observability

In a cloud environment, customers need in-depth visibility into every resource across their entire global environment. Similar to SIEM, monitoring and observability also supports the ability to know if the technology environment is operationally healthy and available.

A key objective for this scenario includes the ability to deploy a consistent solution for all application teams to standardize an operational view, and to quickly onboard new applications. Meet target service level requirements for the business, including notification to the right teams of when an application or resource is not meeting control, operational, or financial targets. Customers desire consistent tools across all applications and resources to provide a consistent view, streamline communications and monitoring tasks, while simplifying monitoring processes.

For information about the services, solutions, and APN Partners in monitoring and observability, see Monitoring and observability.

Cost management and governance

Customers allocate a budget and financial resources to capture a return on investment on cloud projects, to drive down technology costs, or to acquire new business capabilities and new product features.

To do this effectively, customers must track and monitor the cost of cloud technology, including additional costs including staffing and licenses in order to validate the return on investment. As customers grow their cloud footprint, they require visibility into resource consumption and the ability to manage costs across their enterprise-wide environments.

For information about the services, solutions, and APN Partners in cost management and governance, see Cost management and governance.

Service management

Customers provide cloud resources and infrastructure to internal teams and application developers. Internal teams should have a way to request resources, while also notifying and being notified about incidents and problems. Customers must be able to know about provisioned assets and report on their application portfolio including infrastructure, resources, and licenses.

Service management helps organize manage service requests, changes, incidents, problems, and overall asset management. Enterprise customers need a consistent set of service management processes across their hybrid technology landscape to meet management and governance requirements. Customers must ensure that resources being provisioned are compliant.

For information about the services, solutions, and APN Partners in service management, see Service management.