AWS Governance at Scale
AWS Governance at Scale

Traditional Approaches to Manage Scale

Companies employ three basic approaches to manage large operations on AWS, provision multiple AWS accounts, control budgets, address security, risk, and compliance. Each of these approaches have the following limitations:

  • Traditional IT management processes. A central group controls access through approval chains, and manual or partially automated setup processes for accounts and resources. This approach is difficult to scale because it relies on people and processes that lack automated workflows for help desk tickets, and hand-offs between staff with different roles.

  • Unrestricted, decentralized access to AWS across multiple disassociated accounts. This approach can cause resource sprawl that leadership cannot see. While usage can scale, visibility and accountability are sacrificed. The lack of visibility within a self-service cloud model introduces compliance and financial risks that most companies cannot tolerate.

  • Use a cloud broker enables visibility and accountability, but may limit which AWS services are available to developers and applications, or require additional technology augmentation for organizations that require native access to AWS services.

Companies that have large scale cloud adoption attempt to work around these limitations by using a combination of technologies to address agility and governance goals. Companies may use a specific account management application, a specific cost enforcement system, or multiple toolsets for security and compliance. These separate technologies introduce additional layers of complexity and interoperability challenges.