AWS re:Invent 2022
Goldman Sachs Using Policy as Code to Deploy New Apps in Minutes Cop313

Title

AWS re:Invent 2022 - Goldman Sachs: Using policy as code to deploy new apps in minutes (COP313)

Summary

  • Goldman Sachs introduced a policy as code program called Cloud FastTrack, enabling internal developers to deploy applications to AWS quickly and securely.
  • The program reduced the time for developers to be productive from weeks or months to minutes.
  • Cloud FastTrack is a self-service platform that provisions AWS accounts and deploys resources while adhering to the firm's security and compliance posture.
  • The platform uses AWS services like API Gateway, Fargate, DynamoDB, Lambda, X-Ray, Config, GuardDuty, CloudTrail, and CloudWatch.
  • It also leverages AWS Organizations for account provisioning and AWS VPC sharing for network isolation.
  • Security is enforced through guardrails, which are policies written in Rego and evaluated using Open Policy Agent (OPA).
  • FastTrack Accelerator was introduced to balance developer velocity with security, providing pre-compliant constructs for developers to use.
  • The session concluded with a demonstration of guardrails in action and insights into the operationalization of the platform.

Insights

  • Policy as code is a powerful paradigm for enforcing security and compliance in cloud environments, allowing for automated and scalable governance.
  • The use of AWS services and infrastructure as code (IaC) can significantly reduce the time and effort required for account provisioning and application deployment.
  • Customizable guardrails enable organizations to enforce their unique security postures without manual intervention, shifting security left in the development process.
  • The introduction of FastTrack Accelerator addresses the potential for reduced developer velocity caused by security guardrails by providing higher-level abstractions that are compliant by default.
  • Operationalizing a platform like Cloud FastTrack involves considerations beyond the initial build, such as customer SLAs, telemetry, and observability, indicating the need for a robust operational framework as the platform scales.
  • The collaboration between Goldman Sachs and AWS demonstrates the importance of partnerships in achieving innovative cloud solutions that meet stringent security and compliance requirements.
Goldman Sachs Accelerating Time to Value in Data Analytics Fsi201Governance and Security with Infrastructure as Code Dop314