AWS Governance at Scale
AWS Governance at Scale

AWS Governance at Scale

Publication date: November 2018 (Document Revisions)

Abstract

Customers need to structure their governance to grow and scale as they grow the number of AWS accounts. AWS proposes a new approach to meet these challenges. Governance at Scale addresses AWS account management, cost control, and security and compliance through automation; organized by a centralized management toolset. Governance at Scale aligns the organization hierarchy with the AWS multi-account structure for complete management through an intuitive interface.

There are three areas of focus for governance at scale, with techniques for addressing them using a toolset for a typical organizational hierarchy. This whitepaper includes an example use case, an evaluation and selection criteria for developing or procuring a toolset to instantiate governance at scale.

Introduction

As operational footprints scale on AWS, a common theme across companies, is the need to maintain control over cloud resource usage, visibility, and policy enforcement. The ability to rapidly provision instances introduces the potential risk of overspending and misconfigurations. When strong governance and enforcement are not in place it can cause security concerns. Companies must address oversight challenges so risks are known and can be minimized.

Identified stakeholders are responsible for budget alignment, governance, compliance, business objectives, and technical direction across an entire company. To meet these needs, AWS has developed this governance at scale guidance to help identify and instantiate best practices.

Governance at Scale can help companies establish centrally managed budgets for cloud resources, oversight of cloud implementations, and a dashboard of the company’s cloud health. Cloud health is based on near real-time compliance to governance policies and enforcement mechanisms. To enable this, the policies and mechanisms are separated into three governance at scale focal points:

  • Account Management - Automate account provisioning and maintain good security when hundreds of users and business units are requesting cloud based resources.

  • Budget & Cost Management - Enforce and monitoring budgets across many accounts, workloads, and users.

  • Security & Compliance Automation - Manage security, risk, and compliance at a scale and pace to ensure the organization maintains compliance, while minimizing impact to the business.

On this page: