AWS re:Invent 2022
Setting up Controls at Scale in Your Aws Environment Cop318

Title

AWS re:Invent 2022 - Setting up controls at scale in your AWS environment (COP318)

Summary

  • Jens Jacobsen, a user researcher with AWS Control Tower, introduced the session, emphasizing the importance of customer feedback in improving AWS services.
  • The session focused on setting up controls at scale in AWS environments, with an introduction to AWS Control Tower for those unfamiliar with the service.
  • Customer presentations highlighted how Control Tower is used in their organizations, with PIMCO and the Depository Trust and Clearing Corporation (DTCC) sharing their experiences.
  • New features around controls management were demonstrated, including support for fully customized account blueprints and partner-created blueprints.
  • The concept of controls, including preventive, detective, and a new third type, was discussed, along with the importance of a dashboard for monitoring compliance.
  • A "cheat sheet" of recent Control Tower features was provided, addressing common barriers to adoption.
  • Insights into operational models post-migration to Control Tower were shared, emphasizing planning, customizations, and the importance of region controls.
  • A wish list of features from Control Tower was presented, including better integration with other AWS security tools, dashboard enhancements, shared responsibility models, and what-if analysis capabilities.

Insights

  • AWS Control Tower is a key service for organizations looking to set up a multi-account cloud environment with best practice blueprints and controls.
  • The ability to customize account blueprints as part of account provisioning is a significant enhancement, allowing for greater flexibility and adherence to internal requirements.
  • Preventive and detective controls are crucial for maintaining security and compliance, with preventive controls ensuring compliance from the start and detective controls identifying misconfigurations.
  • The feedback loop between AWS and its customers is vital for the continuous improvement of services, with customer experiences and needs driving new feature development.
  • Organizations like PIMCO and DTCC have leveraged AWS Control Tower to streamline their cloud operations, emphasizing the importance of planning, customizations, and an operational model for managing controls post-migration.
  • The wish list of features indicates a desire for more comprehensive and integrated tools for security and compliance management, suggesting that AWS may continue to enhance Control Tower with these capabilities in mind.
  • The proactive control type introduced is a significant development, allowing for the blocking of non-compliant CloudFormation deployments, thus shifting compliance checks earlier into the deployment process.
Serving 48 Billion Railway Customers a Year Story of Deutsche Bahn Con327Shift Left the Proper Way Prt082