Approach to Multiple AWS Environments (or Accounts)
Patterns, Challenges, and Strategies
Overview
Customers create AWS accounts to build and run applications in the cloud. An account provides AWS services in all available regions, a natural boundary. So multiple accounts are created to support isolation of development and production workloads, minimize impact in the event of a security breach or to meet compliance and regulatory requirements. As cloud adoption increases, the number of accounts increases (sometimes hundreds of accounts) and the complexity of managing these across multiple development environments, setting network/security controls and meeting governance and compliance requirements increases.
It is not uncommon to have multiple AWS accounts and not necessarily a bad thing. In fact, AWS recommends the creation of separate AWS accounts to isolate development & production workloads, centralized logging, security and shared services.
Before we go into the details, let’s understand the relationship between the customer and the cloud provider. In the image below, we use AWS as the cloud provider and customer as anyone who created an account, an individual for professional development or on behalf of an entity that has its own product or service to sell to its own customers. In both cases, the (AWS) customer has responsibilities — to keep the assets secure as they provide value.
Customer Responsibilities — AWS Shared Responsibility Model
There is a great deal of content regarding the AWS Shared Responsibility Model. At a high level, what this means is, the security ‘OF’ the cloud is the responsibility of AWS and the security ‘IN’ the cloud is the responsibility of the customer.
AWS implements controls, build automated systems and undergo third-party audits to confirm security and compliance of the cloud. Check out how AWS protects the physical security of the data center in Perimeter-Layer, Infrastructure-Layer, Data-Layer, and Environmental-Layer to meet the security requirements of the cloud. AWS complies with a number of compliance programs and as a customer, you can view the compliance reports using AWS Artifact.
However, it is up to the customer on how to manage the security ‘IN’ the cloud. No doubt, there are a number of third-party solutions that might take care of security & operations in the cloud and AWS has a number of management & security services that will help with the security in the cloud — but ultimately the responsibilities lie with the customer. What to secure and how to secure the cloud environments/resources really depends on the customers business model and their obligations (Compliance) to its own customers.
Most companies adopt cloud/AWS for its flexibility, on-demand capabilities and pay as you go model. But, most lift and shift migrations do not follow the best practices and will lead to a lot of operational inefficiencies. To take advantages of all capabilities, follow AWS’ well-architected framework based on five pillars.
- Performance efficiency
- Security
- Reliability
- Cost optimization
- Operational excellence
As you can see, adopting the cloud is more than building applications in the cloud or migrating to it. For a successful cloud adoption, you’ll also need…
- Strong management support
- Cross-functional teams
- Culture shift
- Follow best practices and reference architecture
- Build a cloud center of excellence
We’ll go deeper into each of the above in future post, please follow us for updates!
DevSecOps. Simplified.
In order to streamline internal development, security and operations in AWS many organizations are turning to 3rd party partners to ensure a successful cloud adoption and manage multiple AWS environments.
Pugg Labs, based in Seattle is a 3rd party partner that enables organizations of all sizes to adopt and implement a framework that will continuously monitor and enforce security, compliance and governance policies across all AWS Environments. This partnership offers the simplicity of one platform to reduce the internal complexities of software development in the public cloud.
As you can see from the image below, the partnership with Pugg Labs offers:
- A comprehensive set of tools to meet the requirements of all engineering and operation teams to be agile, compliant and efficient.
- The ability to easily turn AWS best practices into actions — managed stacks deployable across multiple environments.
- Clearly define roles and responsibilities across the organization and gain instant visibility into access controls.
As you can see, the responsibility and security ‘OF’ the cloud now shift to Pugg Labs, simplifying DevSecOps adoption. This partnership model allows the organization to focus on what matters most, their Customers!
To dive deeper into managing and simplifying your AWS environments, visit pugg.io today!
