AWS Governance at Scale
AWS Governance at Scale

Deciding on Your Solution

Designing a system to achieve governance at scale addresses key issues for companies around account management, cost enforcement, and security and compliance. Companies can build a governance at scale solution, or they can build one in partnership with AWS Professional Services, or an AWS partner. (Partner offerings include Cloudtamer.io, Turbot, and Dome9 Security.)

Decision Factor 1, Determine need

Does the company’s AWS footprint exceed or will it exceed the number of AWS accounts and resources that can be managed using a manual process? Example, do you review account billing details, use spreadsheets for tracking, or do you use the AWS Management Console to create and manage all accounts? If the answer to the top question is yes, then a governance at scale solution is needed.

Decision Factor 2, Is it feasible to build versus buy?

In order to build a custom solution, your company should be able to answer Yes to the following questions:

  • Does your company have a robust AWS resource tagging or account management methodology for budget control and enforcement?

  • Does your company have an existing governance model with business processes that can be automated?

  • Does your company have the resources to build and maintain an enterprise software solution for managing governance at scale across the company? This includes: engineers and developers with an advanced understanding of the AWS Cloud, APIs, security features and services, and sufficient staff to maintain the enterprise solution over time?

To determine if your company can develop a solution that meets all of the governance at scale requirements, see Appendix B.

Decision Factor 3, Criteria selection for buying a commercial solution

A commercial solution may include one or more products, and/or professional services assistance, with integration and building key components. If you decide to purchase a third party solution to achieve governance at scale, see Appendix B to determine if partner products or professional services meet all of your requirements.

What does a Governance at Scale solution look like to an organizational stakeholder?

The following diagram illustrates a finalized governance at scale implementation dashboard overlaying cost and compliance indicators in the company.

Figure 5: Example Company cloud environment

Decision makers at each layer of the hierarchy are provided real-time data and metrics that are tailored to their company role and/or business units:

  • Executive – Executives can assign budgets and security policies any segment of the company. Data is collected from the all segments and is presented in a summary view to include overall compliance status and financial health.

  • Senior Leadership – Senior leaders can view their respective financial health within their sub-organization. They are responsible for assigning budgets to their respective employees and applying additional security policies as needed.

  • Upper Management – Management monitors budgets, grants personnel access to projects, and assigns focused security policies. This is achieved by assigning specific budget and security policies to business units and teams responsible for applications.

  • Employee – Employees interact directly with cloud accounts and have operational awareness of current spend vs. the assigned budget. They can request access to other projects and exceptions to security and financial policies as appropriate.