Establishing a Strong Cloud Foundation I: Security & Identity Management
A strong cloud foundation is crucial to a successful migration and modernization process, no matter which route you choose to take.
To get to the refactor/rebuild stage of the migration and modernization staircase, you need a cloud foundation.
Using a strong cloud foundation, your team of enterprise architects, developers and operators, network and security engineers, system and database administrators can govern and enable your organization’s cloud transformation process.
A cloud foundation centralizes cloud governance to enable more productivity, agility and innovation.
You may remember, from the first blog, that security and reliability are two of the six pillars of the AWS Well-Architected Framework. Similarly, we’ve identified seven elements that make for a strong cloud capability model: cloud cost management, guardrail security and identity management, microservice architecture, microfronted architecture, code quality, DevOps and SRE, and agile management.
In this blog, we discuss how to set up your AWS Control Tower, build Infrastructure as Code (IaC) and use open source modules to enhance security and identity management within your cloud foundation.
Setting up Your AWS Control Tower
The AWS Control Tower is an easy way to set up and govern a secure, multi-account AWS environment. It incorporates three Well-Architected pillars: security, reliability and cost optimization. It does so by creating a landing zone and making it simple to manage multiple AWS accounts and teams. Whether you’re just starting out on the AWS Cloud or building a completely new environment on it, the Control Tower can help you get started quickly with built-in governance and best practices.
You can also use the Control Tower to set policies and implement security measures that apply to your whole organization. Think of it like the Administrator account on a computer. Having a Control Tower set up can prove to be extremely useful especially in case of an attack on your system or a security breach. The AWS Control Tower applies preventative and detective controls, called guardrails, that help ensure that security logs and necessary cross-account access permissions cannot be altered by users unauthorized to do so.
Once you have your Control Tower set up, the next security step is to create your identity provider (IdP), install the required firewalls and implement compliance policies for your AWS environment(s).
Building infrastructure as code
Before we begin discussing how to build Infrastructure as Code, or IaC, it’s important to understand what it means. This article defines IaC as “the process of provisioning and managing your cloud resources by writing a template file that is both human readable, and machine consumable”. By practicing the underlying principles of IaC, you’re applying the same rigor of application code development to infrastructure provisioning.
Infrastructure as Code is a key DevOps practice that enables teams to work together with a unified set of practices and tools to successfully deliver applications and their supporting infrastructure. Treating infrastructure as code brings a lot of benefits in terms of visibility, stability, scalability and security.
If you’re developing on the AWS Cloud, you’re likely to use Terraform to provision infrastructure. However, some customers also use the AWS Cloud Development Kit (CDK) or the AWS CloudFormation, the cloud’s built-in choice for infrastructure as code which lets you model, provision, and manage AWS third-party resources.
Using open source modules
There are a lot of resources and open source modules that you can take advantage of to guide you through your cloud foundation journey. Accolite has developed many open-source terraform modules and how-to’s that provide you with all the information you need to start and scale quickly and reliably.
The Cloud Xcelerator Program is an open source module that simplifies your transition to the cloud by making it easy for your team to build a strong cloud foundation in a cost-effective, efficient and educational way. We’ve also put together a guide on the steps required to deploy the AWS Control Tower. The document is free and guides you through a step by step deployment of the control tower.
The next step towards establishing a solid cloud foundation is to focus on DevOps and Observability. Check out this blog which discusses the importance of Observability when it comes to setting up system alerts and responding to errors or issues in real-time.