AWS Multi-Account Strategy Design and Implementation
Laying A Solid Foundation Governing Visibility & Cost Management, Security & Compliance with Governance & Automation
In this course, you will gain the experience required to architect and implement a secure multi-account AWS environment based on AWS best practices. You will be exposed to design choices of different account structures to help provide proper cost allocation, agility, and security. Additionally, how to design a scalable AWS Identity and Access Management architecture and how to monitor, track and alert on user changes & events for compliance, change management and security governance.
WHAT TO EXPECT - (ROUTE360 ACADEMY DIFFERENCE)
Personalization based on insights gained from your answers to the pre-training questionnaire.
Personalized resource guide with applicable use-cases, real-world scenarios that closely relates to your companies' environment.
Personalized resource guide with a set of action items of things to implement or test in your AWS environment.
Opportunity to ask further questions after the 3-day session when the knowledge gained is most needed.
Learn by seeing and doing.
Operational production environment with a deployed application with all the relevant AWS tools and services pre-configured to help you observe and learn at production scale.
The environment provides the opportunity for experimentation based on discussion points and your company’s unique situations.
Simulated problems to challenge your understanding of the subject matter.
Training is driven by the problem you are trying to solve and not the technology being studied.
Interwoven collaborative discussion sessions.
How to implement a multi-account environment and the analysis, design, and implementation for
Separate Management, Operation, Billing, Log Archive, and Security Account
Account structures based on organizational, operational, and cost models - Business Unit (BU), Environment Lifecycle, Project-Based and Hybrid Account Structures
Account provisioning automation to standardize logging, security, network, etc. baselines.
Designing and implementing a scalable AWS Identity and Access Management architecture
How to implement Logging, Monitoring, Alert/Notification at scale utilizing native AWS services and tools and their integration with third-party solutions to facilitate security governance, compliance, change management, troubleshooting and responding to security incidents.
We recommend that attendees have the following prerequisites:
Good working knowledge of AWS core services, including services listed out in the course outline.
Familiarity with the Linux operating system and command line interface.
Working knowledge of distributed systems
Familiarity with general networking concepts
Requires a laptop to complete lab exercises – tablets are not appropriate.
General discussion on account management, security, identity & access management, change management, logging, monitoring, and alert/notification.
Account structure use case exploration and the decisions that went into picking one structure over the other.
AWS Organization and account management deep dive
Exploration of the relevant AWS services and tools focusing on best practices and FAQ.
AWS Managed Active Directory for AWS SSO integration, AWS Identity and Access Management(IAM)
Amazon VPC, Amazon S3, AWS Key Management Service, Amazon DynamoDB
AWS CloudTrail, AWS Config, AWS Config Rules, AWS Service Catalog, AWS Cost Management Tools
Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS Security Hub
Amazon CloudWatch alarms and events, AWS Lambda, Amazon Simple Notification Service(SNS)
Review relevant third party security and monitoring solutions and their integration points within an AWS environment.
Deep dive into essential Identity and Access Management concepts required to implement a Multi-Account strategy and implementation of a scalable AWS Identity and Access Management architecture.
IAM Roles, Cross-Account Roles, Federation, AWS Directory Service
Multi-account AWS account structure implementation by Business Unit (BU), Environment Lifecycle, Project and Hybrid.
Separate Management, Operation, Billing, Log Archive, and Security Account discussion and implementation.
Deep dive into Logging, Monitoring, Alert/Notification implementation at scale to facilitate security governance, compliance, change management, troubleshooting and responding to security incidents.
Centralized Log Archive Account discussion and implementation.
Evaluation of multi-account setups with AWS Landing Zone.
Date & Time - 3 days - July 22 to July 24, 2018 8:30 AM – 5:00 PM CDT
Location - 1515 Young Street Stone Room (7 Floor), Dallas, TX 75201
Class Size - 25