HashiTalks Africa - Going multi-account on AWS with Terraform

•Als PPTX, PDF herunterladen•

1 gefällt mir•34,278 views

Cobus Bernard

Deck for the demo at HashiTalks Africa on 30 April 2020. Covers the reasons for wanting to use multiple accounts.

Internet

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Going Multi-Account on AWS with Terraform
H a s h i T a l k s A f r i c a – 2 0 2 0 / 0 4 / 3 0
Cobus Bernard
Sr Developer Advocate
Amazon Web Services
@cobusbernard
cobusbernard
cobusbernard

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
• Developer for 15 years
• AWS Customer for 8 years
• Terraform since 0.6
@cobusbernard
cobusbernard
cobusbernard

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Agenda
Why use multiple account?
Splitting resources between accounts
Account switching
Role switching
Q&A

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS global platform
AWS global infrastructure
• 24 Regions with 76 Availability Zones
• 4 Regions coming soon: Indonesia, Japan
and Spain
216 CloudFront PoPs
• 205 edge locations
• 11 Regional edge caches
• 245 Countries and territories served
AWS global network
• Redundant 100 GbE network
• 100% encrypted between facilities
• Private network capacity between
all AWS Regions except China
SLA of
99.99% availability

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Allow
s3:*
Userdata-dev
Userdata-dev/*
Environment security
AWS account
Userdata-dev
Userdata-test
Userdata-UAT
Userdata-prod
Allow
s3:*
Userdata-test
Userdata-test/*
Allow
s3:GetObjects
s3:ListObjects
Userdata-UAT
Userdata-UAT/*
Deny
s3:*
Userdata-prod
Userdata-prod/*

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Environment security
AWS account
Userdata-dev
Userdata-test
Userdata-UAT
Userdata-prod
Allow
s3:*
Userdata-dev
Userdata-dev/*
Allow
s3:*
Userdata-test
Userdata-test/*
Allow
s3:GetObjects
s3:ListObjects
Userdata-UAT
Userdata-UAT/*
Deny
s3:*
Userdata-prod
Userdata-prod/*

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Environment security
AWS account Dev
AWS account Test
AWS account UAT
AWS account Prod
Userdata-dev Userdata-UAT
Userdata-test
Userdata-prod
Userdata-dev
Userdata-test
Userdata-UAT
Userdata-prod

Thank you!
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Cobus Bernard
Sr Developer Advocate
Amazon Web Services
@cobusbernard
cobusbernard
cobusbernard

Weitere ähnliche Inhalte

Was ist angesagt?

AWS Summit Seoul 2015 - 국내 사례로 본 클라우드 운영 최적화 (이주완-메가존)

Amazon Web Services Korea

AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and manage the encryption keys used to encrypt your data. In this session, we will dive deep into best practices learned by implementing AWS KMS at AWS’ largest enterprise clients. We will review the different capabilities described in the AWS Cloud Adoption Framework (CAF) Security Perspective and how to implement these recommendations using AWS KMS. In addition to sharing recommendations, we will also provide examples that will help you protect sensitive information on the AWS Cloud.

Best Practices for Implementing Your Encryption Strategy Using AWS Key Manage...

Amazon Web Services

Security must be the number one priority for any cloud provider and that's no different for AWS. Stephen Schmidt, vice president and chief information officer for AWS, will share his insights into cloud security and how AWS meets the needs of today's IT security challenges. Stephen, with his background with the FBI and his work with AWS customers in the government and space exploration, research, and financial services organizations, shares an industry perspective that's unique and invaluable for today's IT decision makers. At the conclusion of this session, Stephen also provides a brief summary of the other sessions available to you in the security track.

AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013

Amazon Web Services

Learning Objectives: - Learn how to secure your web applications - Learn how to configure AWS Shield and AWS WAF - Learn how to defend the most common Layer 7 attacks Distributed denial of service (DDoS) and other web attacks can affect your applicationâ€™s availability, compromise its security, and consume excessive resources. AWS Shield and AWS Web Application Firewall (WAF) help secure your applications from these types of attacks. AWS Shield is a managed DDoS protection service that offers always-on detection and automatic inline mitigation to minimize application downtime and latency. AWS WAF is a web application firewall that helps protect your applications from common web exploits such as SQLi, XSS, and botnets. This introductory tech talk will provide you an overview and demonstration of these services.

Secure your Web Applications with AWS Web Application Firewall (WAF) and AWS ...

Amazon Web Services

Deep dive - AWS security by design

Richard Harvey

Aws container webinar day 2

HoseokSeo7

With AWS CloudTrail, you can get log files of AWS API calls for your account. CloudTrail enables you to perform security analysis, track resource changes, and aid in compliance reporting. In this webinar you will learn how CloudTrail collects and stores your AWS log files so that software from AWS Technology Partner Splunk can be used as a Big Data Security Information and Event Management (SIEM) system. You will hear how AWS log files are made available for many security use cases, including incident investigations, security and compliance reporting, and threat detection/alerting. You will also hear from a joint Splunk/AWS customer, FINRA, who will explain how they leverage Splunk in AWS to support their cloud efforts. What you'll learn: • Why the machine data from AWS CloudTrail is relevant to security and compliance • How to visualize data from AWS CloudTrail to monitor and audit security-related activity • How AWS CloudTrail data can be combined with machine data from other sources in your IT infrastructure, including the OS and apps in your AWS images, for a wide range of operational and security use cases • How the combination of AWS CloudTrail and Splunk Software improve your uptime, accelerate security and operational investigations, and simplify compliance.

AWS Partner Webcast - Use Your AWS CloudTrail Data and Splunk Software To Imp...

Amazon Web Services

Aws(in)security - the devil is in the detail

Pawel Rzepa

AWSome Day 是 AWS 在全球各大城市巡迴舉辦的重點活動，為時一天，結合培訓與技術新知的免費研討會。本活動專為大小企業的技術和部門主管們量身訂做，是深入學習 AWS 雲端及與 AWS 專家面對面的絕佳機會。 AWSome Day 是針對 Amazon Web Services (AWS) 雲端服務所設計的訓練課程，我們的專業講師將會深入淺出帶領大家循序漸進地瞭解 AWS 的核心服務，包含：運算 (Compute)、儲存 (Storage)、資料庫 (Database)、和網路 (Networking)。本課程中，您不但可以與講師面對面的探討問題，在課程結束後，您亦將具備適當的雲端能力，瞭解如何在 AWS 平台上建構安全 (Secure) 且高擴充性 (Scalability)的資訊服務平台，為您的公司創造更多利潤與佳績。

Architecting-for-the-cloud-Best-Practices

Amazon Web Services

by Cameron Worrell, Sr. Solutions Architect, AWS In this talk, we will introduce several methods of threat detection and remediation on AWS, including GuardDuty, Macie, WAF, Shield, Lambda, AWS Config, Systems Manager and Inspector. We will do a brief overview of each of these services, and then talk about how to put them all together, to have a comprehensive thread detection and remediation solution. We will also discuss how to use these services across multiple AWS accounts and regions, to cover the governance needs of enterprise AWS deployments.

Introduction to Threat Detection and Remediation on AWS

Amazon Web Services

A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security Services In this session you will learn how to build a self-defending border to protect your Internet-facing applications. We will show you how you can automatically respond to the dynamic threats facing online assets by using our managed threat detection services combined with information from applications. Shane Baldacchino, Solutions Architect, Amazon Web Services

A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...

Amazon Web Services

CloudHSM: Secure, Scalable Key Storage in AWS - AWS Online Tech Talks

Amazon Web Services

AWS Cloud Security & Compliance Basics Webinar

Amazon Web Services

This session tells the story of how security-minded enterprises provide end-to-end protection of their sensitive data in AWS. Learn about the enterprise security architecture decisions made by Fortune 500 organizations during actual sensitive workload deployments as told by the AWS professional service security, risk, and compliance team members who lived them. In this technical walkthrough, we share lessons learned from the development of enterprise security strategy, security use-case development, end-to-end security architecture & service composition, security configuration decisions, and the creation of AWS security operations playbooks to support the architecture.

Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...

Amazon Web Services

Security overview-aws-lambda

VIJAY REDDY

Protecting sensitive data in the cloud typically requires encryption. Managing the keys used for encryption can be challenging as your sensitive data passes between services and applications. AWS offers several options for using encryption and managing keys to help simplify the protection of your data at rest. This session will help you understand which features are available and how to use them, with emphasis on AWS Key Management Service and AWS CloudHSM. Adobe Systems Incorporated will present their experience using AWS encryption services to solve data security needs.

(SEC301) Strategies for Protecting Data Using Encryption in AWS

Amazon Web Services

Module 3: Security, Identity and Access Management - AWSome Day Online Confer...

Amazon Web Services

Securing Your AWS Infrastructure with Edge Services

Amazon Web Services

The session covers how Cisco SD-WAN can be used to extend the WAN connectivity to AWS. We show how the Viptela-based SD-WAN solution accelerates the path to cloud migration while maintaining the application SLA using the policy-based app fabric model. We cover Viptela's cloud-first network management, orchestration, and overlay technologies with industry-leading routing platforms, services, and SD-WAN capabilities from Cisco. We also cover how a customer deployed Cisco SD-WAN and the benefits they achieved, how a customer extended Cisco SD-WAN fabric to AWS, and the benefits of consistent security and segmentation, policy, network visibility, and connectivity options across branch, campus, data center, and cloud. This session is brought to you by AWS Partner, Cisco.

DEM14 Extending the Cisco SD-WAN Fabric to the AWS Cloud

Amazon Web Services

Building a Hyper Secure VPC on AWS with Puppet

Tim Nolet

Was ist angesagt? (20)

AWS Summit Seoul 2015 - 국내 사례로 본 클라우드 운영 최적화 (이주완-메가존)

Best Practices for Implementing Your Encryption Strategy Using AWS Key Manage...

AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013

Secure your Web Applications with AWS Web Application Firewall (WAF) and AWS ...

Deep dive - AWS security by design

Aws container webinar day 2

AWS Partner Webcast - Use Your AWS CloudTrail Data and Splunk Software To Imp...

Aws(in)security - the devil is in the detail

Architecting-for-the-cloud-Best-Practices

Introduction to Threat Detection and Remediation on AWS

A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...

CloudHSM: Secure, Scalable Key Storage in AWS - AWS Online Tech Talks

AWS Cloud Security & Compliance Basics Webinar

Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...

Security overview-aws-lambda

(SEC301) Strategies for Protecting Data Using Encryption in AWS

Module 3: Security, Identity and Access Management - AWSome Day Online Confer...

Securing Your AWS Infrastructure with Edge Services

DEM14 Extending the Cisco SD-WAN Fabric to the AWS Cloud

Building a Hyper Secure VPC on AWS with Puppet

Ähnlich wie HashiTalks Africa - Going multi-account on AWS with Terraform

AWS SSA Webinar 7 - Getting Started on AWS

Cobus Bernard

This session was from DeveloperWeek 2020 SFO. Using serverless reduces time spent managing infrastructure and provides developers more time to focus on code. In this session I will cover tooling, frameworks, and architectural patterns focused on building a web application from front to back. Along the way we will discuss pitfalls and best practices to help you get a jump start on developing without servers.

Leveraging serverless in fullstack development

Eric Johnson

In this session, we will take a deeper look at the security services and features available on AWS. We will look at how Identity and Access Management (IAM) works by covering IAM users, policies, roles, groups. We will also look at AWS Security groups and how they are applied to the different infrastructure components, e.g. Amazon EC2 instances, Load Balancers, Databases (via Amazon RDS). Lastly, we will take a quick look at Amazon Certificate Manager for SSL certificates and mention additional services like Amazon Detective, GuardDuty, Macie, WAF.

AWS SSA Webinar 11 - Getting started on AWS: Security

Cobus Bernard

20200513 - CloudComputing UCU

Marcia Villalba

AWS 101

Amazon Web Services

Migration to Aws Cloud

Mufti Ardian

Introduction to Hybrid Cloud on AWS

Tom Laszewski

Introduction to Hybrid Cloud on AWS - AWS Online Tech Talks

Amazon Web Services

As customers progress through their cloud journeys, sensitive and regulated IT workloads, and data migrations could necessitate the use of AWS GovCloud (US). But how do you get started? What do you need to know before expanding your footprint to the AWS GovCloud (US) region? Is extending the footprint from standard AWS regions different than extending from on-premise environments and datacenters? Join us to learn the technical and operational considerations, approaches, best practices and tools to successfully extend your IT environments and technology footprint and migrate assets to the AWS GovCloud (US) Region.

Expanding Your AWS and On-premise Footprint to AWS GovCloud (US)

Amazon Web Services

[AWS Media Symposium 2019] Perfecting the Media Experience with AWS - Bhavik ...

Amazon Web Services Korea

Want to learn about your options for running Microsoft Active Directory on AWS? When you move Microsoft workloads to AWS, it is important to consider how to deploy Microsoft Active Directory in support of group policy management, authentication, and authorization. In this session, we discuss options for deploying Microsoft Active Directory to AWS, including AWS Managed Microsoft AD and deploying Active Directory to Windows on Amazon EC2. We cover such topics as how to integrate your on-premises Microsoft Active Directory environment to the cloud and how to leverage SaaS applications, such as Office 365, with the AWS Single Sign-On service.

Microsoft Active Directory Deep Dive

Amazon Web Services

Moving your commercial databases to Amazon RDS

Amazon Web Services

Track 5 Session 4_ intel 透過AWS Outposts就地佈署 on-premises 雲端環境.pptx

Amazon Web Services

對於投資現場部署技術的大多數組織而言，在混合式架構中運作是採用雲端的必要部分。遷移IT系統需要好一段時間。因此，選擇一個雲端廠商，能夠幫助您實行經過深思熟慮的混合策略，並不需要在本地硬件和軟件上進行昂貴的新投資，這對簡化運營及輕鬆實現業務目標非常重要。在這場線上研討會中，我們將介紹 AWS 如何在存儲、網絡、安全、應用程序部署和管理工具中構建業界最廣泛的混合功能，以便您輕鬆及安全地擴展您現有的投資。 For most organizations with on-premises technology investments, operating in a hybrid architecture is a necessary part of cloud adoption. Migrating legacy IT systems takes time. Therefore, selecting a cloud provider who can help you implement a thoughtful hybrid strategy, without requiring costly new investments in on-premises hardware and software, is important to simplify operations and more easily achieve your business goals. In this webinar, we will describe how we at AWS have built the industry’s broadest set of hybrid capabilities across storage, networking, security, application deployment, and management tools to make it easy for you to integrate the cloud as a seamless and secure extension of your existing investments.

深入淺出 AWS 混合式雲端架構

Amazon Web Services

Cloud ibrido nella PA

Amazon Web Services

Spoločnosti na celom svete presúvajú svoje aplikácie do cloudu tak rýchlo, ako sa len dá, aby sa stali flexibilnejšími a znížili náklady. Niektoré aplikácie však musia ostať v lokálnych dátacentrách, či už z dôvodu nízkej latencie alebo požiadaviek na miestne spracovanie údajov. Riešenie AWS Outposts prináša plne spravované cloudové služby a infraštruktúru do akéhokoľvek dátového centra. Rovnaké API rozhranie cez grafickú konzolu, príkazový riadok či SDK bez ohľadu na to, či je aplikácia v cloude alebo v AWS Outpost umožňuje naplno využiť model hybridného cloudu bez kompromisov. V tomto webinári vám predstavíme fungovanie AWS Outposts, rovnako ako prípady použitia v reálnej zákazníckej prevádzke.

AWS CZSK Webinář 2020.03: AWS Outposts

Vladimir Simek

AcademyCloudFoundations_Module_08 (1).pptx

rawwatchtime

Many enterprises use Active Directory for authentication, server and workstation management, group policy management, and more. It’s also one of the first applications to be deployed on AWS by those building or migrating Windows applications at scale. There are two primary models for running Active Directory on AWS: AWS Managed Microsoft AD and self-managed Active Directory on Amazon EC2. We discuss best practices for securing Active Directory deployment on AWS and the shared responsibility model for running AWS Managed Microsoft AD. We also examine a reference architecture that follows these best practices. Services include AWS Managed Microsoft AD, Amazon EC2, Amazon EBS, Amazon VPC, and AWS KMS.

How to secure your Active Directory deployment on AWS - FND306-R - AWS re:Inf...

Amazon Web Services

AWS SSA Webinar 17 - Getting Started on AWS with Amazon RDS

Cobus Bernard

In this session, dive deep into best practices and considerations for running Microsoft SQL Server on AWS. Learn how to choose between Amazon EC2 and Amazon RDS, and understand how to optimize the performance of your SQL Server deployment for different application types. We review in detail how to provision and monitor your SQL Server databases and how to manage scalability, performance, availability, security, and backup and recovery in both Amazon RDS and Amazon EC2.

Design, Deploy, Optimize SQL Server Workloads on AWS - SRV209 - Anaheim AWS S...

Amazon Web Services

Ähnlich wie HashiTalks Africa - Going multi-account on AWS with Terraform (20)

AWS SSA Webinar 7 - Getting Started on AWS

Leveraging serverless in fullstack development

AWS SSA Webinar 11 - Getting started on AWS: Security

20200513 - CloudComputing UCU

AWS 101

Migration to Aws Cloud

Introduction to Hybrid Cloud on AWS

Introduction to Hybrid Cloud on AWS - AWS Online Tech Talks

Expanding Your AWS and On-premise Footprint to AWS GovCloud (US)

[AWS Media Symposium 2019] Perfecting the Media Experience with AWS - Bhavik ...

Microsoft Active Directory Deep Dive

Moving your commercial databases to Amazon RDS

Track 5 Session 4_ intel 透過AWS Outposts就地佈署 on-premises 雲端環境.pptx

深入淺出 AWS 混合式雲端架構

Cloud ibrido nella PA

AWS CZSK Webinář 2020.03: AWS Outposts

AcademyCloudFoundations_Module_08 (1).pptx

How to secure your Active Directory deployment on AWS - FND306-R - AWS re:Inf...

AWS SSA Webinar 17 - Getting Started on AWS with Amazon RDS

Design, Deploy, Optimize SQL Server Workloads on AWS - SRV209 - Anaheim AWS S...

Mehr von Cobus Bernard

London Microservices Meetup: Lessons learnt adopting microservices

Cobus Bernard

AWS SSA Webinar 34 - Getting started with databases on AWS - Managing DBs wit...

Cobus Bernard

AWS SSA Webinar 33 - Getting started with databases on AWS Amazon DynamoDB

Cobus Bernard

AWS SSA Webinar 32 - Getting Started with databases on AWS: Choosing the righ...

Cobus Bernard

AWS SSA Webinar 30 - Getting Started with AWS - Infrastructure as Code - Terr...

Cobus Bernard

AWS SSA Webinar 28 - Getting Started with AWS - Infrastructure as Code

Cobus Bernard

AWS Webinar 24 - Getting Started with AWS - Understanding DR

Cobus Bernard

In this session, we will go over cloud economics and understanding the total cost of ownership (TCO) when building in the cloud and how you are trading upfront capital expenditure (CapEx) for operational expenditure (OpEx). We will also look at how the TCO changes over time as you start modernising your applications to make full use of the cloud's capabilities. Lastly, we will cover the different purchasing options to help you understand how you can reduce costs even further by identifying consistent, base workloads.

AWS Webinar 23 - Getting Started with AWS - Understanding total cost of owner...

Cobus Bernard

AWS SSA Webinar 21 - Getting Started with Data lakes on AWS

Cobus Bernard

In this session, we will take you through setting up an Amazon Redshift cluster and at the ways you can populate it with data. We will start by using AWS DMS to replicate the data as-is as well as doing some ETL on it. This will be followed by AWS Glue where you can do more advanced ETL operations. Lastly, we will look at how you can use Amazon Kinesis Firehose to stream event directly to the Redshift cluster.

AWS SSA Webinar 20 - Getting Started with Data Warehouses on AWS

Cobus Bernard

AWS SSA Webinar 19 - Getting Started with Multi-Region Architecture: Services

Cobus Bernard

AWS SSA Webinar 18 - Getting Started with Multi-Region Architecture: Data

Cobus Bernard

AWS EMEA Online Summit - Live coding with containers

Cobus Bernard

AWS EMEA Online Summit - Blending Spot and On-Demand instances to optimizing ...

Cobus Bernard

In this session, we will take a deeper look at how to deploy, run and monitor applications deployed to Amazon EC2 using AWS CodeDeploy and AWS CodePipeline. We will start by building a golden AMI with our application requirements pre-installed, then using that AMI in an AWS Autoscaling Group where CodePipeline/CodeBuild will deploy our application. You will also learn how using CodeDeploy with Autoscaling groups provide additional resiliency by replacing any instance that has an issue.

AWS SSA Webinar 16 - Getting Started on AWS with Amazon EC2

Cobus Bernard

AWS SSA Webinar 15 - Getting started on AWS with Containers: Amazon EKS

Cobus Bernard

AWS SSA Webinar 13 - Getting started on AWS with Containers: Amazon ECS

Cobus Bernard

AWS SSA Webinar 12 - Getting started on AWS with Containers

Cobus Bernard

AWS SSA Webinar 10 - Getting Started on AWS: Networking

Cobus Bernard

AWS SSA Webinar 9 - Getting Started on AWS: Storage

Cobus Bernard

Mehr von Cobus Bernard (20)