Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Managing AWS Accounts at Scale

36 Aufrufe

Veröffentlicht am

Scout24 follows an AWS multi-account strategy. This means that for the whole Scout24 group there is not only one AWS account. This has many advantages, but also provides us with many challenges, since every service or tool we build in the scope of the Cloud Platform must be implemented in a way that it supports this strategy. From standardization to access control, let us show you how we achieve a streamlined account management.

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

Managing AWS Accounts at Scale

  1. 1. Manage atscale Accounts AWS ReachMe@boynux.com Twitter: @_boynux_
  2. 2. Scout24 Inspiring your best. We connect people, cars and homes. AWS Popup Loft 15.10.2018 Berlin
  3. 3. Credit: Thomas Peter/Reuters
  4. 4. Moderation is a fatal thing. Nothing succeeds like excess. - Oscar Wilde
  5. 5. How much is too much?
  6. 6. POP Quiz • How many accounts we have? 1. Less than 3 2. Less than 200 3. More than 500
  7. 7. Shared account strategy
  8. 8. Team Account
  9. 9. Product Account
  10. 10. What comes in the box?
  11. 11. POP QUIZE • How long it takes to create an AWS account? 1. Less than 1 minute 2. About 4 hours 3. More than a day
  12. 12. Let them do the job! Image credit: http://www.clker.com • Automation is the key! • Some things are hard to automate
  13. 13. Things you should use • Cloud Formation • Stack sets • Organization IDs • Custom resources • SSM • S3 • Lot’s of Python code (or Go to be more trendy)
  14. 14. Access management
  15. 15. OAuth 2.0 Authorization Server User Access Provider (Rabbit) AWS Console Access Token
  16. 16. Security and governance • Guard Duty • Trusted Advisor • Checking IAM roles • Checking Security Groups • Checking outdated AMIs • S3 Bucket Policies • Etc ….
  17. 17. Money, Money, Money • Cost dashboards • Per team • Per segment • RI coverage and purchase • In payer account • In Product accounts
  18. 18. Communication • HTTPS everywhere • Endpoint Authentication • Streaming • VPC Peering (not much)
  19. 19. Weirdos everywhere • Billing Account • Backup accounts • Some shared accounts
  20. 20. Questions?

×