AWS Governance at Scale
AWS Governance at Scale

Governance at Scale

AWS Governance at Scale helps you to monitor and control costs, accounts, and compliance standards, associated with operating large enterprises on AWS. This guidance is derived from best practices at AWS and from customers who have successfully operated at scale. The components are designed to be flexible so that both technical users and project teams can self-serve on AWS, while leadership maintains control on spending decisions and automated policy enforcement. Companies can implement governance at scale practices by developing their own solution, investing in a commercial solution aligned to the framework, or engaging AWS Professional Services for custom options. Mechanisms that align to governance at scale focus on control and reporting of budget, security and compliance, and enforcing AWS access, across all stakeholder teams. A core element is a centralized interface that provides hierarchical structure while preserving native access to the AWS API, the AWS Management Console, and the AWS SDK/CLI.

AWS guidance to achieve governance at scale is designed to conform with a company’s existing structure and business processes. The following diagram shows a typical government or corporate company. Each layer can have different technical, financial, reporting, and security requirements. Different departments and teams can have different success criteria, goals, and technical skill sets.

Figure 1: Sample organizational structure

An interface and subsystem that meets the governance at scale criteria allows leaders to allocate funding, assign budgets, and monitor near real time resource consumption. Each level within a company can institute policies or adjust company and project budgets based on mission priorities and usage patterns. Companies can propagate these policies down through the organization. The interface provides the mechanisms for authorized staff to create new projects, request new AWS accounts, request access to existing accounts, restrict access to AWS resources, and obtain near real-time metrics on project budget consumption.

This hierarchy combined with security automation provides reliable near real-time reporting for each level of leadership and staff. The granular and transparent nature of the workflows and data assures leadership that cloud operations across the enterprise are visible and constrained as appropriate with the implemented governance policies.