SlideShare uma empresa Scribd logo

Mastering AWS Organizations with Infrastructure as code

Yan Cui
Yan Cui

In this webinar, we will take a deep dive into AWS Organizations, what it is, and why you should use it. We will review how to use the open-source tool org-formation to manage your entire AWS Organization using infrastructure-as-code.

Tecnologia
1 de 19
Baixar para ler offline
Managing your AWS Organization using org-formation Olaf Conijn, IT Architect
• Full subsidiary of ABN AMRO • Online savings since 2008 • 0.5 mio customers in NL and DE • Combined savings & payments product • Small organization (<160 fte) • Focus on UX and customer value About Moneyou
Moneyou <3 Serverless We believe Serverless greatly improves • Time to market of solutions built • Ability to maintain the software we built • Focus on delivering customer value • Ability to demonstrate we are compliant
AWS Services typically used at Moneyou • Some satisfy functional requirements API GW, Lambda, DynamoDB, Step Functions • Some satisfy nonfunctional requirements SQS, SNS, CloudWatch • Some satisfy IT Security requirements Secrets Manager, IAM and AWS Organizations Serverless, not FaaS
Serverless, not FaaS Serverless services have: • Inherently scalable • Highly available • Pay per use / no capacity planning • Host security by AWS • Compliant under PCI, SOC, ISO & others
AWS Organizations • Account management service • Provides API to create new AWS accounts • Central insight in billing & cost analysis • Hierarchically organize AWS accounts • Apply policies to accounts
Probably for the same reason you don’t run production software on development environments. Why have multiple AWS accounts?
Why have multiple AWS accounts? Benefits of a multi account setup • Limited blast radius – because mistakes can happen • Security boundary – simplifies implementing least privilege • Data governance – control access to GDPR governed data • Scalability – every account gets their own resource limits • Cost monitoring – without tagging https://dev.to/oconijn/off-to-a-great-start-with-aws-organizations-1i74 😲
Why have multiple AWS accounts? Typical Serverless application design • Resources: API GW, Lambda, SNS, Dynamo DB • Services: Unit of deployment, high cohesion (within), low coupling • Product: Value delivered to customer, multiple environments By default, all resources within an account can be accessed by other resources within that account (resource policy). 🤯
Why not use AWS Organization? Reasons not to use AWS Organizations • Didn’t know – well, not anymore • Don’t care – fair enough • Too Complex – we’ve fixed this > npm i aws-organization-formation -g
AWS Organization Formation Three main use cases 1. Infrastructure as code for AWS Organizations 2. Continuous delivery of account baseline 3. Cross account, cross region annotated CloudFormation
Infra as code for AWS Organizations
Infra as code for AWS Organizations Support for 1. Infra as code support for AWS Organizations resources 2. Creating AWS Accounts, OUs and SCPs 3. Multiple models per AWS Organization 4. Setting up Account IAM Alias, Password Policy and Enterprise Support 5. Change sets that can be reviewed and applied
Continuous delivery of account baseline
Continuous delivery of account baseline Support for 1. Defining tasks in a task file 2. Defining dependencies between tasks (DependsOn) 3. Task types: update-organization, update-stacks, include, CDK, SLS, .. 4. Extensibility (through event-bridge) 5. Task file parameters & expressions (like !Ref, !GetAtt and !Sub)
Organization annotated CloudFormation
Organization annotated CloudFormation Support for 1. Deploying CloudFormation resources to multiple accounts 2. Referencing organization resources and attributes 3. Resolving !Ref across target AWS Accounts and Regions 4. Generating resources / producing resources `for-each` account in binding
Organization annotated CloudFormation Comparison with CloudFormation StackSets 1. Both deploy stacks across multiple accounts / regions 2. Org-formation deploys stacks based on different parts of single templates 3. Org-formation supports cross account / cross region !Ref, !GetAtt 4. Support for CloudFormation, serverless.com, CDK
Thank you! • No time like the current to get started with AWS Organizations! • Try org-formation at https://github.com/OlafConijn/AwsOrganizationFormation • Reach out over email: olaf.conijn at moneyou.nl • Questions, issues, stars & PRs are welcome!

Recomendados

Serverless Summit 21 - Resilient serverless architecture on AWS
Serverless Summit 21 - Resilient serverless architecture on AWSServerless Summit 21 - Resilient serverless architecture on AWS
Serverless Summit 21 - Resilient serverless architecture on AWS
Lee Gilmore
 
API310 - How to refactor a monolith to serverless in 8 steps
API310 - How to refactor a monolith to serverless in 8 stepsAPI310 - How to refactor a monolith to serverless in 8 steps
API310 - How to refactor a monolith to serverless in 8 steps
Yan Cui
 
Why your next serverless project should use AWS AppSync
Why your next serverless project should use AWS AppSyncWhy your next serverless project should use AWS AppSync
Why your next serverless project should use AWS AppSync
Yan Cui
 
Serverless in production, an experience report (JeffConf)
Serverless in production, an experience report (JeffConf)Serverless in production, an experience report (JeffConf)
Serverless in production, an experience report (JeffConf)
Yan Cui
 
The present and future of Serverless observability
The present and future of Serverless observabilityThe present and future of Serverless observability
The present and future of Serverless observability
Yan Cui
 
Linuxtag 2012 - OpenNebula
Linuxtag 2012 - OpenNebula Linuxtag 2012 - OpenNebula
Linuxtag 2012 - OpenNebula
OpenNebula Project
 
Using the Event Gateway To Build Multi-Cloud Serverless Applications - JeffCo...
Using the Event Gateway To Build Multi-Cloud Serverless Applications - JeffCo...Using the Event Gateway To Build Multi-Cloud Serverless Applications - JeffCo...
Using the Event Gateway To Build Multi-Cloud Serverless Applications - JeffCo...
Philipp Müns
 
Debugging AWS Lambda Performance Issues
Debugging AWS Lambda Performance IssuesDebugging AWS Lambda Performance Issues
Debugging AWS Lambda Performance Issues
Yan Cui
 

Recomendados

Serverless Summit 21 - Resilient serverless architecture on AWS
Serverless Summit 21 - Resilient serverless architecture on AWSServerless Summit 21 - Resilient serverless architecture on AWS
Serverless Summit 21 - Resilient serverless architecture on AWS
Lee Gilmore
 
API310 - How to refactor a monolith to serverless in 8 steps
API310 - How to refactor a monolith to serverless in 8 stepsAPI310 - How to refactor a monolith to serverless in 8 steps
API310 - How to refactor a monolith to serverless in 8 steps
Yan Cui
 
Why your next serverless project should use AWS AppSync
Why your next serverless project should use AWS AppSyncWhy your next serverless project should use AWS AppSync
Why your next serverless project should use AWS AppSync
Yan Cui
 
Serverless in production, an experience report (JeffConf)
Serverless in production, an experience report (JeffConf)Serverless in production, an experience report (JeffConf)
Serverless in production, an experience report (JeffConf)
Yan Cui
 
The present and future of Serverless observability
The present and future of Serverless observabilityThe present and future of Serverless observability
The present and future of Serverless observability
Yan Cui
 
Linuxtag 2012 - OpenNebula
Linuxtag 2012 - OpenNebula Linuxtag 2012 - OpenNebula
Linuxtag 2012 - OpenNebula
OpenNebula Project
 
Using the Event Gateway To Build Multi-Cloud Serverless Applications - JeffCo...
Using the Event Gateway To Build Multi-Cloud Serverless Applications - JeffCo...Using the Event Gateway To Build Multi-Cloud Serverless Applications - JeffCo...
Using the Event Gateway To Build Multi-Cloud Serverless Applications - JeffCo...
Philipp Müns
 
Debugging AWS Lambda Performance Issues
Debugging AWS Lambda Performance IssuesDebugging AWS Lambda Performance Issues
Debugging AWS Lambda Performance Issues
Yan Cui
 
(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the Cloud(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the Cloud
Amazon Web Services
 
Getting Started with Serverless Architectures
Getting Started with Serverless ArchitecturesGetting Started with Serverless Architectures
Getting Started with Serverless Architectures
Amazon Web Services
 
AWS Multiple Account Management
AWS Multiple Account ManagementAWS Multiple Account Management
AWS Multiple Account Management
Yihui Xu
 
The present and future of Serverless observability
The present and future of Serverless observabilityThe present and future of Serverless observability
The present and future of Serverless observability
Yan Cui
 
Crunch Your Data in the Cloud with Elastic Map Reduce - Amazon EMR Hadoop
Crunch Your Data in the Cloud with Elastic Map Reduce - Amazon EMR HadoopCrunch Your Data in the Cloud with Elastic Map Reduce - Amazon EMR Hadoop
Crunch Your Data in the Cloud with Elastic Map Reduce - Amazon EMR Hadoop
Adrian Cockcroft
 
DevOps, Microservices and Serverless Architecture
DevOps, Microservices and Serverless ArchitectureDevOps, Microservices and Serverless Architecture
DevOps, Microservices and Serverless Architecture
Mikhail Prudnikov
 
Serverless - When to FaaS?
Serverless - When to FaaS?Serverless - When to FaaS?
Serverless - When to FaaS?
Benny Bauer
 
Serverless Architecture
Serverless ArchitectureServerless Architecture
Serverless Architecture
Elana Krasner
 
AWS Lambda and the Serverless Cloud
AWS Lambda and the Serverless CloudAWS Lambda and the Serverless Cloud
AWS Lambda and the Serverless Cloud
Amazon Web Services
 
DevOps for the Enterprise: Continuous Integration
DevOps for the Enterprise: Continuous IntegrationDevOps for the Enterprise: Continuous Integration
DevOps for the Enterprise: Continuous Integration
Amazon Web Services
 
Building a social network in under 4 weeks with Serverless and GraphQL
Building a social network in under 4 weeks with Serverless and GraphQLBuilding a social network in under 4 weeks with Serverless and GraphQL
Building a social network in under 4 weeks with Serverless and GraphQL
Yan Cui
 
Stop calling everything serverless!
Stop calling everything serverless!Stop calling everything serverless!
Stop calling everything serverless!
Jeremy Daly
 
(SEC324) NEW! Introducing Amazon Inspector
(SEC324) NEW! Introducing Amazon Inspector(SEC324) NEW! Introducing Amazon Inspector
(SEC324) NEW! Introducing Amazon Inspector
Amazon Web Services
 
You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...
You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...
You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...
Amazon Web Services
 
Microservice Architecture on AWS using AWS Lambda and Docker Containers
Microservice Architecture on AWS using AWS Lambda and Docker ContainersMicroservice Architecture on AWS using AWS Lambda and Docker Containers
Microservice Architecture on AWS using AWS Lambda and Docker Containers
Danilo Poccia
 
AWS security - NULL meet chennai
AWS security - NULL meet chennaiAWS security - NULL meet chennai
AWS security - NULL meet chennai
vinoth kumar
 
使用 Serverless 技術打造支援 Alexa 的物聯網服務
使用 Serverless 技術打造支援 Alexa 的物聯網服務使用 Serverless 技術打造支援 Alexa 的物聯網服務
使用 Serverless 技術打造支援 Alexa 的物聯網服務
Amazon Web Services
 
AWS Lambda and Serverless Cloud
AWS Lambda and Serverless CloudAWS Lambda and Serverless Cloud
AWS Lambda and Serverless Cloud
Amazon Web Services
 
(DVO311) Containers, Red Hat & AWS For Extreme IT Agility
(DVO311) Containers, Red Hat & AWS For Extreme IT Agility(DVO311) Containers, Red Hat & AWS For Extreme IT Agility
(DVO311) Containers, Red Hat & AWS For Extreme IT Agility
Amazon Web Services
 
Kapil Thangavelu - Cloud Custodian
Kapil Thangavelu - Cloud CustodianKapil Thangavelu - Cloud Custodian
Kapil Thangavelu - Cloud Custodian
ServerlessConf
 
Managing your AWS Organization using org-formation
Managing your AWS Organization using org-formationManaging your AWS Organization using org-formation
Managing your AWS Organization using org-formation
Olaf Conijn
 
Benefits of Cloud Computing
Benefits of Cloud ComputingBenefits of Cloud Computing
Benefits of Cloud Computing
Amazon Web Services
 

Mais conteúdo relacionado

Mais procurados

(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the Cloud(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the Cloud
Amazon Web Services
 
Getting Started with Serverless Architectures
Getting Started with Serverless ArchitecturesGetting Started with Serverless Architectures
Getting Started with Serverless Architectures
Amazon Web Services
 
The present and future of Serverless observability
The present and future of Serverless observabilityThe present and future of Serverless observability
The present and future of Serverless observability
Yan Cui
 
DevOps for the Enterprise: Continuous Integration
DevOps for the Enterprise: Continuous IntegrationDevOps for the Enterprise: Continuous Integration
DevOps for the Enterprise: Continuous Integration
Amazon Web Services
 
Building a social network in under 4 weeks with Serverless and GraphQL
Building a social network in under 4 weeks with Serverless and GraphQLBuilding a social network in under 4 weeks with Serverless and GraphQL
Building a social network in under 4 weeks with Serverless and GraphQL
Yan Cui
 
You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...
You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...
You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...
Amazon Web Services
 
(DVO311) Containers, Red Hat & AWS For Extreme IT Agility
(DVO311) Containers, Red Hat & AWS For Extreme IT Agility(DVO311) Containers, Red Hat & AWS For Extreme IT Agility
(DVO311) Containers, Red Hat & AWS For Extreme IT Agility
Amazon Web Services
 

Mais procurados (20)

(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the Cloud(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the Cloud
 
Getting Started with Serverless Architectures
Getting Started with Serverless ArchitecturesGetting Started with Serverless Architectures
Getting Started with Serverless Architectures
 
AWS Multiple Account Management
AWS Multiple Account ManagementAWS Multiple Account Management
AWS Multiple Account Management
 
The present and future of Serverless observability
The present and future of Serverless observabilityThe present and future of Serverless observability
The present and future of Serverless observability
 
Crunch Your Data in the Cloud with Elastic Map Reduce - Amazon EMR Hadoop
Crunch Your Data in the Cloud with Elastic Map Reduce - Amazon EMR HadoopCrunch Your Data in the Cloud with Elastic Map Reduce - Amazon EMR Hadoop
Crunch Your Data in the Cloud with Elastic Map Reduce - Amazon EMR Hadoop
 
DevOps, Microservices and Serverless Architecture
DevOps, Microservices and Serverless ArchitectureDevOps, Microservices and Serverless Architecture
DevOps, Microservices and Serverless Architecture
 
Serverless - When to FaaS?
Serverless - When to FaaS?Serverless - When to FaaS?
Serverless - When to FaaS?
 
Serverless Architecture
Serverless ArchitectureServerless Architecture
Serverless Architecture
 
AWS Lambda and the Serverless Cloud
AWS Lambda and the Serverless CloudAWS Lambda and the Serverless Cloud
AWS Lambda and the Serverless Cloud
 
DevOps for the Enterprise: Continuous Integration
DevOps for the Enterprise: Continuous IntegrationDevOps for the Enterprise: Continuous Integration
DevOps for the Enterprise: Continuous Integration
 
Building a social network in under 4 weeks with Serverless and GraphQL
Building a social network in under 4 weeks with Serverless and GraphQLBuilding a social network in under 4 weeks with Serverless and GraphQL
Building a social network in under 4 weeks with Serverless and GraphQL
 
Stop calling everything serverless!
Stop calling everything serverless!Stop calling everything serverless!
Stop calling everything serverless!
 
(SEC324) NEW! Introducing Amazon Inspector
(SEC324) NEW! Introducing Amazon Inspector(SEC324) NEW! Introducing Amazon Inspector
(SEC324) NEW! Introducing Amazon Inspector
 
You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...
You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...
You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...
 
Microservice Architecture on AWS using AWS Lambda and Docker Containers
Microservice Architecture on AWS using AWS Lambda and Docker ContainersMicroservice Architecture on AWS using AWS Lambda and Docker Containers
Microservice Architecture on AWS using AWS Lambda and Docker Containers
 
AWS security - NULL meet chennai
AWS security - NULL meet chennaiAWS security - NULL meet chennai
AWS security - NULL meet chennai
 
使用 Serverless 技術打造支援 Alexa 的物聯網服務
使用 Serverless 技術打造支援 Alexa 的物聯網服務使用 Serverless 技術打造支援 Alexa 的物聯網服務
使用 Serverless 技術打造支援 Alexa 的物聯網服務
 
AWS Lambda and Serverless Cloud
AWS Lambda and Serverless CloudAWS Lambda and Serverless Cloud
AWS Lambda and Serverless Cloud
 
(DVO311) Containers, Red Hat & AWS For Extreme IT Agility
(DVO311) Containers, Red Hat & AWS For Extreme IT Agility(DVO311) Containers, Red Hat & AWS For Extreme IT Agility
(DVO311) Containers, Red Hat & AWS For Extreme IT Agility
 
Kapil Thangavelu - Cloud Custodian
Kapil Thangavelu - Cloud CustodianKapil Thangavelu - Cloud Custodian
Kapil Thangavelu - Cloud Custodian
 

Semelhante a Mastering AWS Organizations with Infrastructure as code

ENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management Tools ENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management Tools
Amazon Web Services
 
Using AWS Management Tools to Enable Governance, Compliance, Operational, and...
Using AWS Management Tools to Enable Governance, Compliance, Operational, and...Using AWS Management Tools to Enable Governance, Compliance, Operational, and...
Using AWS Management Tools to Enable Governance, Compliance, Operational, and...
Amazon Web Services
 
(ISM315) How to Quantify TCO & Increase Business Value Gains Using AWS
(ISM315) How to Quantify TCO & Increase Business Value Gains Using AWS(ISM315) How to Quantify TCO & Increase Business Value Gains Using AWS
(ISM315) How to Quantify TCO & Increase Business Value Gains Using AWS
Amazon Web Services
 
Simplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing ZoneSimplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing Zone
Amazon Web Services
 
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
Amazon Web Services
 
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017
Amazon Web Services
 
ENT302 Deep Dive on AWS Management Tools and New Launches
ENT302 Deep Dive on AWS Management Tools and New LaunchesENT302 Deep Dive on AWS Management Tools and New Launches
ENT302 Deep Dive on AWS Management Tools and New Launches
Amazon Web Services
 

Semelhante a Mastering AWS Organizations with Infrastructure as code (20)

Managing your AWS Organization using org-formation
Managing your AWS Organization using org-formationManaging your AWS Organization using org-formation
Managing your AWS Organization using org-formation
 
Benefits of Cloud Computing
Benefits of Cloud ComputingBenefits of Cloud Computing
Benefits of Cloud Computing
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing Zone
 
ENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management Tools ENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management Tools
 
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptxSteve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
 
Using AWS Management Tools to Enable Governance, Compliance, Operational, and...
Using AWS Management Tools to Enable Governance, Compliance, Operational, and...Using AWS Management Tools to Enable Governance, Compliance, Operational, and...
Using AWS Management Tools to Enable Governance, Compliance, Operational, and...
 
(ISM315) How to Quantify TCO & Increase Business Value Gains Using AWS
(ISM315) How to Quantify TCO & Increase Business Value Gains Using AWS(ISM315) How to Quantify TCO & Increase Business Value Gains Using AWS
(ISM315) How to Quantify TCO & Increase Business Value Gains Using AWS
 
Simplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing ZoneSimplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing Zone
 
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
 
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017
 
Governance at Scale
Governance at Scale Governance at Scale
Governance at Scale
 
ENT302 Deep Dive on AWS Management Tools and New Launches
ENT302 Deep Dive on AWS Management Tools and New LaunchesENT302 Deep Dive on AWS Management Tools and New Launches
ENT302 Deep Dive on AWS Management Tools and New Launches
 
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...
 
Accelerating your Business with Security
Accelerating your Business with SecurityAccelerating your Business with Security
Accelerating your Business with Security
 
Intro & Security Update
Intro & Security UpdateIntro & Security Update
Intro & Security Update
 
Launch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech TalksLaunch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
 
Demystifying identity on AWS
Demystifying identity on AWSDemystifying identity on AWS
Demystifying identity on AWS
 
Building scalable OTT workflows on AWS - Serverless Video Workflows
Building scalable OTT workflows on AWS - Serverless Video WorkflowsBuilding scalable OTT workflows on AWS - Serverless Video Workflows
Building scalable OTT workflows on AWS - Serverless Video Workflows
 
AWS re:Invent 2016: Reduce Your Blast Radius by Using Multiple AWS Accounts P...
AWS re:Invent 2016: Reduce Your Blast Radius by Using Multiple AWS Accounts P...AWS re:Invent 2016: Reduce Your Blast Radius by Using Multiple AWS Accounts P...
AWS re:Invent 2016: Reduce Your Blast Radius by Using Multiple AWS Accounts P...
 
Raleigh DevDay 2017: Deep Dive on AWS Management Tools
Raleigh DevDay 2017: Deep Dive on AWS Management ToolsRaleigh DevDay 2017: Deep Dive on AWS Management Tools
Raleigh DevDay 2017: Deep Dive on AWS Management Tools
 

Mais de Yan Cui

Patterns and practices for building resilient serverless applications.pdf
Patterns and practices for building resilient serverless applications.pdfPatterns and practices for building resilient serverless applications.pdf
Patterns and practices for building resilient serverless applications.pdf
Yan Cui
 
How serverless changes the cost paradigm
How serverless changes the cost paradigmHow serverless changes the cost paradigm
How serverless changes the cost paradigm
Yan Cui
 
Build social network in 4 weeks
Build social network in 4 weeksBuild social network in 4 weeks
Build social network in 4 weeks
Yan Cui
 
Patterns and practices for building resilient serverless applications
Patterns and practices for building resilient serverless applicationsPatterns and practices for building resilient serverless applications
Patterns and practices for building resilient serverless applications
Yan Cui
 
Building a social network in under 4 weeks with Serverless and GraphQL
Building a social network in under 4 weeks with Serverless and GraphQLBuilding a social network in under 4 weeks with Serverless and GraphQL
Building a social network in under 4 weeks with Serverless and GraphQL
Yan Cui
 

Mais de Yan Cui (20)

How to win the game of trade-offs
How to win the game of trade-offsHow to win the game of trade-offs
How to win the game of trade-offs
 
How to choose the right messaging service
How to choose the right messaging serviceHow to choose the right messaging service
How to choose the right messaging service
 
How to choose the right messaging service for your workload
How to choose the right messaging service for your workloadHow to choose the right messaging service for your workload
How to choose the right messaging service for your workload
 
Patterns and practices for building resilient serverless applications.pdf
Patterns and practices for building resilient serverless applications.pdfPatterns and practices for building resilient serverless applications.pdf
Patterns and practices for building resilient serverless applications.pdf
 
Lambda and DynamoDB best practices
Lambda and DynamoDB best practicesLambda and DynamoDB best practices
Lambda and DynamoDB best practices
 
Lessons from running AppSync in prod
Lessons from running AppSync in prodLessons from running AppSync in prod
Lessons from running AppSync in prod
 
Serverless observability - a hero's perspective
Serverless observability - a hero's perspectiveServerless observability - a hero's perspective
Serverless observability - a hero's perspective
 
How to ship customer value faster with step functions
How to ship customer value faster with step functionsHow to ship customer value faster with step functions
How to ship customer value faster with step functions
 
How serverless changes the cost paradigm
How serverless changes the cost paradigmHow serverless changes the cost paradigm
How serverless changes the cost paradigm
 
Build social network in 4 weeks
Build social network in 4 weeksBuild social network in 4 weeks
Build social network in 4 weeks
 
Patterns and practices for building resilient serverless applications
Patterns and practices for building resilient serverless applicationsPatterns and practices for building resilient serverless applications
Patterns and practices for building resilient serverless applications
 
How to bring chaos engineering to serverless
How to bring chaos engineering to serverlessHow to bring chaos engineering to serverless
How to bring chaos engineering to serverless
 
Migrating existing monolith to serverless in 8 steps
Migrating existing monolith to serverless in 8 stepsMigrating existing monolith to serverless in 8 steps
Migrating existing monolith to serverless in 8 steps
 
Building a social network in under 4 weeks with Serverless and GraphQL
Building a social network in under 4 weeks with Serverless and GraphQLBuilding a social network in under 4 weeks with Serverless and GraphQL
Building a social network in under 4 weeks with Serverless and GraphQL
 
FinDev as a business advantage in the post covid19 economy
FinDev as a business advantage in the post covid19 economyFinDev as a business advantage in the post covid19 economy
FinDev as a business advantage in the post covid19 economy
 
How to improve lambda cold starts
How to improve lambda cold startsHow to improve lambda cold starts
How to improve lambda cold starts
 
What can you do with lambda in 2020
What can you do with lambda in 2020What can you do with lambda in 2020
What can you do with lambda in 2020
 
A chaos experiment a day, keeping the outage away
A chaos experiment a day, keeping the outage awayA chaos experiment a day, keeping the outage away
A chaos experiment a day, keeping the outage away
 
How to debug slow lambda response times
How to debug slow lambda response timesHow to debug slow lambda response times
How to debug slow lambda response times
 
What can you do with lambda in 2020
What can you do with lambda in 2020What can you do with lambda in 2020
What can you do with lambda in 2020
 

Último

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 

Último (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

Mastering AWS Organizations with Infrastructure as code

  • 1. Managing your AWS Organization using org-formation Olaf Conijn, IT Architect
  • 2. • Full subsidiary of ABN AMRO • Online savings since 2008 • 0.5 mio customers in NL and DE • Combined savings & payments product • Small organization (<160 fte) • Focus on UX and customer value About Moneyou
  • 3. Moneyou <3 Serverless We believe Serverless greatly improves • Time to market of solutions built • Ability to maintain the software we built • Focus on delivering customer value • Ability to demonstrate we are compliant
  • 4. AWS Services typically used at Moneyou • Some satisfy functional requirements API GW, Lambda, DynamoDB, Step Functions • Some satisfy nonfunctional requirements SQS, SNS, CloudWatch • Some satisfy IT Security requirements Secrets Manager, IAM and AWS Organizations Serverless, not FaaS
  • 5. Serverless, not FaaS Serverless services have: • Inherently scalable • Highly available • Pay per use / no capacity planning • Host security by AWS • Compliant under PCI, SOC, ISO & others
  • 6. AWS Organizations • Account management service • Provides API to create new AWS accounts • Central insight in billing & cost analysis • Hierarchically organize AWS accounts • Apply policies to accounts
  • 7. Probably for the same reason you don’t run production software on development environments. Why have multiple AWS accounts?
  • 8. Why have multiple AWS accounts? Benefits of a multi account setup • Limited blast radius – because mistakes can happen • Security boundary – simplifies implementing least privilege • Data governance – control access to GDPR governed data • Scalability – every account gets their own resource limits • Cost monitoring – without tagging https://dev.to/oconijn/off-to-a-great-start-with-aws-organizations-1i74 😲
  • 9. Why have multiple AWS accounts? Typical Serverless application design • Resources: API GW, Lambda, SNS, Dynamo DB • Services: Unit of deployment, high cohesion (within), low coupling • Product: Value delivered to customer, multiple environments By default, all resources within an account can be accessed by other resources within that account (resource policy). 🤯
  • 10. Why not use AWS Organization? Reasons not to use AWS Organizations • Didn’t know – well, not anymore • Don’t care – fair enough • Too Complex – we’ve fixed this > npm i aws-organization-formation -g
  • 11. AWS Organization Formation Three main use cases 1. Infrastructure as code for AWS Organizations 2. Continuous delivery of account baseline 3. Cross account, cross region annotated CloudFormation
  • 12. Infra as code for AWS Organizations
  • 13. Infra as code for AWS Organizations Support for 1. Infra as code support for AWS Organizations resources 2. Creating AWS Accounts, OUs and SCPs 3. Multiple models per AWS Organization 4. Setting up Account IAM Alias, Password Policy and Enterprise Support 5. Change sets that can be reviewed and applied
  • 14. Continuous delivery of account baseline
  • 15. Continuous delivery of account baseline Support for 1. Defining tasks in a task file 2. Defining dependencies between tasks (DependsOn) 3. Task types: update-organization, update-stacks, include, CDK, SLS, .. 4. Extensibility (through event-bridge) 5. Task file parameters & expressions (like !Ref, !GetAtt and !Sub)
  • 17. Organization annotated CloudFormation Support for 1. Deploying CloudFormation resources to multiple accounts 2. Referencing organization resources and attributes 3. Resolving !Ref across target AWS Accounts and Regions 4. Generating resources / producing resources `for-each` account in binding
  • 18. Organization annotated CloudFormation Comparison with CloudFormation StackSets 1. Both deploy stacks across multiple accounts / regions 2. Org-formation deploys stacks based on different parts of single templates 3. Org-formation supports cross account / cross region !Ref, !GetAtt 4. Support for CloudFormation, serverless.com, CDK
  • 19. Thank you! • No time like the current to get started with AWS Organizations! • Try org-formation at https://github.com/OlafConijn/AwsOrganizationFormation • Reach out over email: olaf.conijn at moneyou.nl • Questions, issues, stars & PRs are welcome!