Compliance - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit_2018/June… · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Chapter

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Dimitrij Zub

Lead of Partner Solutions Architecture, Amazon Web Services

Rodrigue Vitini

Director of Solution Architecture,T-Systems Digital Division

Compliance | Amelia

Programmed Governance and how to deliver secure and compliant accounts

with a click.


Chapter 1An MSP journey


“I need help migrating, running, and optimizing my AWS workloads.”

Plan & design

Build & migrate

Run & operate Optimize

The AWS Next Gen MSP experience


Business health & management

Solution design

Infrastructure & application migration

Security managementBilling & cost management

Process & cost optimization

Customer obsession

Service desk & customer support DevOps & automation

SLAs & reporting

Fit for customer requirements


Chapter 2Preparation


Cloud Adoption Framework


Cloud Center of Excellence

Build a cloud practice based on nourishing a learning appetite

§ Training Center for AWS Certified Solution Architect§ Regular know-how exchange webinars§ Sandbox for internal tests and labs§ Regular Architecture Board Review


Chapter 3Mode 1 versus Mode 2


Where to start?

§ Outsourcing mentality§ Inherited from ITSM§ All implemented in Ops§ Governance > Business§ Say no first…§ …then open a ticket

Mode 1 § Cloud native mentality§ Developers driven§ DevOps model§ Business > Governance§ All rights granted…§ …then you’re on your own

Mode 2


Where to go?


How to get there, following AWS Well-Architected?

source: https://aws.amazon.com/de/architecture/well-architected/

Operational Excellence

Security

Reliability

Performance Efficiency

Cost Optimisation

https://aws.amazon.com/de/architecture/well-architected/


Chapter 4Getting Started


Scope of Work and Guidelines

§ Use AWS native tools§ Infrastructure as a Code§ Automate all you can§ Security as a script§ Encrypt everything§ Loosely coupled

systems§ Deliver in 5 minutes


Challenges to integrate a Public Cloud


Security as a Code - by Design and by Default


Shifting to Mode 2

§ Who are the customers ?§ Benefits of admin rights ?§ How to protect our

configuration ?§ Why should tickets be opened ?§ What is meaningful to automate

?

CheckAct

Plan Do


Chapter 5Delivery time


Automated Provisioning Engine

CloudFormation

AWSCloudTrail

Lambda functions

IAM

AWS KMS

Amazon CloudWatch

AWSConfig

flow logs

Step Functions

AmazonSNS

AmazonS3

AWSLambda


Security as a CodeProactive and Reactive Control

Automated Policy Injection


Billing and Cost Management Transparency and cost control


Demo PageProject “Cheyenne Shepherd”


Chapter 6Conclusion


Lessons LearnedFrom working with AWS People and Technology

§ Write 6 pagers, all the time§ Log on every day§ Start small, think big§ Test with friendly customers§ Fail fast, keep learning§ Have fun, be inspired!


AWSLead of Partners Solution Architecture

Dimitrij ZubT-SystemsDirector of Solution ArchitectureEmail: [email protected]

Rodrigue Vitini



Documents

Compliance - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit_2018/June… · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Chapter