Know Before You Go – AWS re:Invent 2022 Cloud Governance

Cloud governance and controls can be built into AWS right from the start in your AWS environment to help you address regulatory and compliance requirements. AWS Cloud Operations offers solutions with fine-grained controls to automate the setup of new cloud environments and to help with ongoing governance. With AWS Cloud Operations, you don’t have to choose between innovation and governance—you can have both.

This re:Invent, we have put together an extensive offering of cloud governance sessions to show you best practices on setting up secure and scalable environments, migrating workloads faster, and scaling your resources, while improving your security and compliance posture.

Sessions to Attend

COP206 | Build a complete DevSecOps pipeline on AWS – Workshop
Nov 28, 10:45 am, Caesars Forum (CSR) Summit 216
Organizations want to deliver applications that prioritize security and governance. In this workshop, learn to build a DevSecOps CI/CD pipeline with security and compliance testing integrated into the development process. Discover how you can create a CI/CD pipeline that delivers tested and secure infrastructure as code using a Git branching strategy for your AWS accounts. Learn to use GitHub Actions to integrate AWS CloudFormation Guard (cfn-guard) to run policy validations and ensure that pipeline deployments are consistent and that they meet your organization’s compliance standards.

COP303 | How Global Payments scales on AWS with governance and controls – Breakout session
Nov 28, 1:45 pm, MGM Grand Chairmans 368
Global financial and regulated industry customers need to scale on AWS while meeting regulatory requirements for governance and controls. In this session intended for cloud architects and security engineers, learn how Global Payments, a financial services payment processor, is using AWS Cloud operations services in conjunction with Terraform to enable governance and controls at scale in a multi-account AWS environment.

COP318 | Setting up controls at scale in your AWS environment – Breakout session
Nov 28, 2:30 pm, Wynn (WYN) Bollinger
Companies are challenged with balancing compliance and security requirements with the desire to allow engineers to make their own design choices. Many companies take an allow-list approach: restricting developer access to AWS services until risks are defined and controls implemented. In this session, learn how to use AWS Control Tower features to meet control objectives and reduce the time it takes to approve AWS services for use.

COP001 | Set up controls at scale in your AWS environment – Theater session
Nov 28, 5 :00 pm, The Venetian (VEN) AWS Demo Theater
Today, organizations are challenged by balancing compliance and security requirements with the desire to allow engineers to make their own design choices. Many companies take an allow-list approach, restricting developer access to AWS services until risks are defined and controls implemented. In this session, learn how to meet control objectives and what security and compliance controls you can enforce in your AWS environment using AWS Control Tower. Also learn how to use the flexibility AWS Control Tower offers while selecting and applying these controls.

COP324 | Extend your multi-account governance with automation – Chalk talk
Nov 29, 11 am, Caesars Forum (CSR) 104
In this chalk talk, learn about the latest automated administrative governance controls that cloud architects can utilize in their organization. Account lifecycle management now includes elements such as programmatic controls for contact information, the ability to easily close accounts in an organization, and the option to centrally manage your IP addresses.

COP323 | Delegating access in a multi-account environment with IAM Identity Center – Chalk talk
Nov 29, 12:30 pm, Wynn (WYN) La Tache 1
In this chalk talk, learn about delegating access management with AWS Organizations and AWS Control Tower using AWS IAM Identity Center. Using customer-managed policies and permissions boundaries, you can enable a decentralized access management model with permissions guardrails that enforce coarse-grained authorization standards that apply in both role-based and attribute-based access control (RBAC and ABAC) models.

COP338 | Embrace DevOps by building a self-service environment at scale with CDK – Builders’ session
Nov 29, 2:00 pm, Caesars Forum (CSR) Alliance 312
In this builders’ session, learn how to define, configure, and deploy AWS Service Catalog with the AWS CDK in a single repository. Utilizing a code-first approach, define your governance and security controls directly alongside the applications and resources end users are deploying. Find out how to distribute managed templates across multiple accounts and regions, allowing end users to provision resources within appropriate permissions boundaries. Using the powerful abstractions in the AWS CDK, learn how to customize code in a modular way and take advantage of features like type checking and IDE integrations to accelerate the development process. You must bring your laptop to participate.

COP326 | Build applications with ops in mind using ITSM and AWS – Chalk talk
Nov 29, 3:30 pm, MGM Grand 306
Did you know that as you move to the cloud, you can continue to use your familiar IT service management (ITSM) tooling such as ServiceNow and Atlassian’s Jira Service Management? In this chalk talk, learn how the AWS Service Management Connector for JSM helps you accelerate migration and AWS adoption at scale. This talk provides guidance on key components of a cloud operating model, illustrates common operational patterns, and walks you through a use case for provisioning, incident management, and security incident detection. Leave this talk with tools that will help you address production readiness and standard operating procedures for applications built on AWS.

COP315 | 3M: Architecting for innovation in regulated industries – Breakout session
Nov 29, 5:45 pm, MGM Grand Chairmans 364
In this session, learn how 3M’s Health Information Systems division—which creates software for hospitals, clinics, and physicians—has created a consistent, controlled, and globally deployed AWS environment where application teams can create accounts for each internal application within minutes instead of weeks. 3M will discuss how they have created an account provisioning and management strategy with AWS Cloud Ops services that has helped them innovate faster while meeting all of their governance requirements.

COP221 | Cloud resiliency and governance: No trade-offs at Fannie Mae – Chalk talk
Nov 30, 1:45 pm, Caesars Forum (CSR) 108
As organizations embark on their resiliency journey, they deploy applications in a secure, compliant manner to maximize the stability of their business and mission-critical environments in the cloud. In this chalk talk, learn about the resiliency constructs being deployed by Fannie Mae using AWS Resilience Hub and how they are prioritizing production applications for resiliency. Also learn how these production applications are deployed in a secure, compliant manner using AWS Service Catalog, provisioned Amazon Aurora databases, containers, and others with governance constructs like launch and template constraints, security groups, and guardrails to offer a secure, compliant posture.

COP325 | Best practices for automating AWS account migration – Chalk talk
Nov 30, 4 :00 pm, Mandalay Bay (MND) Breakers L
In this chalk talk, discover best practices for organizing and migrating an AWS account. Learn how to identify dependencies that you can proactively address before the migration. This talk covers code for detecting resource policies and identity policies with dependencies. You also walk through additional checks that can help you achieve a quick and efficient migration.

COP337 | Prescriptive guidance for scaling your resource and application management – Builders’ session
Nov 30, 4 :00 pm, Caesars Forum (CSR) Alliance 312
Explore how AWS resource management services can offer automation to reduce your operational workload. Discover AWS services and tools to explore and organize so you can act on your resources across AWS Regions, accounts, applications, and services at scale. In this builders’ session, get hands-on with new tools, tag policies, AWS Resource Access Manager (RAM), AWS Organizations, AWS Service Catalog AppRegistry, and AWS Systems Manager Application Manager to learn best practices for managing applications and resources across services. You must bring your laptop to participate.

COP219 | Operate and group application resources on AWS in a single console – Chalk talk
Nov 30, 7:00 pm, Wynn (WYN) Palmer 2
In this chalk talk, find out how to create a simplified, application-centric lens into your applications on AWS by viewing all application resources and their operational data in one central console. Learn about resource management capabilities and define your application metadata to track ownership or cost centers. Discover how to give application teams a single dashboard that aggregates cost, security, observability, and compliance data from all AWS application resources so teams can take action to remediate problems.

COP220 | Discover your resources to address challenges – Chalk talk
Nov 30, 7 pm, Caesars Forum (CSR) Summit 217
Finding resources while troubleshooting or applying tag policies can be challenging. In this chalk talk, learn about a service that helps you find your resources to address various challenges. Find out how to enable several key workflows through an example of a complex customer environment.

COP314 | How to manage resources and applications at scale with AWS – Breakout session
Nov 30, 7 pm, Caesars Forum (CSR) 121
Performing management activities over an ever-growing number of resources as your applications scale can be complex and difficult. In this session, learn about new tools that can help you find resources and perform application management activities at scale.

About the authors: