A Startup’s Guide to AWS Services Series 2: Innovation And Control – Having It All

As a founder, getting up and running on AWS, even knowing where to start can seem overwhelming. What services do you need? How do you build with best practices in mind? This series is your guide to getting started on AWS, from account setup and security, to choosing an operational model and database selection. Come explore the AWS cloud environment with us.

Building the foundation for your cloud environment

Click image to watch video

Founders don’t build startups in a vacuum. Starting up requires a collaboration of people and services, from product development to IT and compliance. You may find yourself pulled in many directions, and soon, you’ll have to face facts: you need to delegate. But doing so creates security risks.

“Anybody with access to my accounts can intentionally or unintentionally make irreversible changes in the account,” warns AWS Principal Startup Solutions Architect Igor Geyfman, “jeopardizing the integrity of any environment.” On top of that, startups also face the risk of going over budget. In Building the Foundation for Your Cloud Environment, the second installment of The Startup Guide to AWS Services free video series, Geyfman explains how to meet these challenges.

Smart startup founders will push for innovation without surrendering control of their product, data, or funding. By managing permissions, for example, you can grant access and still protect your data. You also need to establish secure production environments. Geyfman sets up a basic structure, aiming to maintain transparency while boosting productivity. As a first step in account governance, he advises startups to separate their development accounts from their production accounts.

“I’ve worked with many organizations that have had to choose between innovating faster and maintaining control over costs, compliance, and security,” Geyfman says. Instead, he recommends using the relevant services to achieve both.

AWS Organizations automates an account and its environment. You can use this service to set up various AWS accounts, divided between production and nonproduction environments. Then, AWS Single Sign-On centralizes the access to these accounts. That way, a particular user can sign in just once to gain access to all their assigned accounts in one place.

AWS Control Tower can help you build infrastructure quickly, setting up a secure multi-account AWS environment called a landing zone. This process uses AWS Organization and Single Sign-On, Geyfman explains, “with governance and best practices built in.”

Meanwhile, to oversee and control costs, you should track your finances continuously. First, AWS Budgets helps you plan for your cloud costs and track them as they occur. Users can set up budgets, stay informed of costs and usage, and set up alerts in case those expenditures exceed a given threshold—which prevents unexpected monthly bills. Then, AWS Cost Explorer is an analytic tool that allows you to track costs and usage overall, or dig into specific details, to control those expenditures.

AWS can help you maintain transparency and control costs, even while accelerating productivity. That’s the key to building a cloud foundation that allows for growth.

Related Resources

• Introduction to AWS Organizations
• Demo: SSO Basic Configuration
• Introduction to AWS Billing and Cost Management
• How to Setup AWS Multi-Factor Authentication (MFA) and AWS Budget Alerts | Amazon Web Services