Implement a good AWS governance model

This document includes a very high level plans and its embedded advantages of better governance model in AWS. It is to administer direction and complexity on rapidly increasing big AWS cloud accounts and installations. It establishes the guardrails and strategy for obtaining specific requirements that support and align the exchange related business.

Conducting a project, product, stakeholder assessment

To understand the maturity and capability of the current state, it is needed to conduct a program assessment based on industry standards such as ‘NIST Cyber Security Framework’ etc. Also it is required document and prioritize gaps in people, process and technologies for resource allocation. Functions, roles and responsibilities need to be defined and assigned properly.

Publish processes, policies frequently

It is required to set/publish/continuously update below in very detailed manner:

● Statutory/Regulatory documents

● Processes and Procedures

● Standards

● Contracts

● Controls

● Policies or any other legal documents to support

Establish processes to specify how to upgrade old technologies following methodologies in agile/scrum/devsecops techniques.

Below factors need to be included in above documents/e-resources.

Increase Transparency

• Prepare proper documentation.
• Using the system
• API access (Who access, IAM users or end users)
• Account creation, upgrade and closure
• Use AWS config rules

Infrastructure Automation/IAAS/PAAS Administration

○ Document, Improve, improvise, integrate latest technologies within the radar of the cost incurred and keep the stakeholders upto date.

○ Better segregation of AWS resources. Eg. databases, geographical distribution

○ Keep track of AWS bills.

■ Fixed costs and variable costs on billable AWS resources or services.

● No. of API calls

● DB and EC2 instances, EBS volumes

● Cloudwatch alarms etc.

● Data transfer/Up time

Account Management

○ Automated account provisioning and maintain good security when thousands of users and business units are requesting cloud based resources.

○ Easier Account opening process and clarity in maintenance or upgrade subscription plans.

○ Using AWS organizations feature for better tracking AWS connected accounts and obtaining various advantages etc.

○ Account closure management procedure

Budget & Cost Management

○ Enforce and monitoring budgets across many accounts, workloads, and

users.

○ Make AWS bills transparent for selected stakeholders

○ Make it easier to track cost across multiple AWS accounts/regions/zones

etc. and implement alerts for exceeding pre-defined thresholds

■ Use cloudwatch alarms and metrics

Automation on Security & Compliance

○ Manage security, risk, and compliance at a scale and pace to ensure the organization maintains compliance, while minimizing impact to the business.

■ Template auto scaling methods, max or min instances, port openings, ingress and egress possibilities

■ Have secure VPCs, public and private subnets, VPC peerings accordingly.

○ Model the resource governance and resource compliance life cycles

○ Keep track of threat models

■ Conduct a risk assessment for each AWS resource type

■ System down times, SLAs

■ L1, L2 & L3 support agreements

○ Good management of IAM users, roles, policies, credentials and KMS (either external or AWS)

○ Implement and adhere to encryption methodologies on RDS DBs, Dynamo DBs, S3 buckets, EBS volumes, Redshift instances etc.

■ Data-at-rest

■ Data-at-transit

○ Use the AWS cloud trail to audit AWS api calls

○ Keep the stakeholders upto date on;

■ Scheduled maintenance procedures

■ Policy upgrades,

■ API versioning/access URL changes

■ Critical deployment/release time durations with best case and worst case scenarios.

■ Roll back procedures in case of emergency and steps to provide seamless service to end clients