AWS Management and Governance
Business agility and governance control
In the past, organizations have had to choose between innovating faster and maintaining control over cost, compliance, and security. With AWS Management and Governance services, customers don’t have to choose between innovation and control—they can have both. Customers choose AWS to help manage and govern their AWS and non-AWS resources. With AWS, customers can enable, provision, and operate their environment for both business agility and governance control. AWS provides services for end-to-end IT lifecycle management, helping customers control and secure their environments, reduce costs, simplify compliance, and enhance operational efficiency.
“We wanted to ruthlessly automate everything... We're able to move at a much faster pace than if all the businesses were rolling their own solutions into AWS.”
– Eric Schneider, CTO, Verisk Analytics
Why AWS Management and Governance
On behalf of our customers, AWS is focused on addressing some of the most challenging requirements for IT management and governance. There are six key reasons customers choose AWS.
AWS Management and Governance services are built to manage highly dynamic cloud resources at massive scale.
AWS Management and Governance services have been deployed with over a million customers, more than any other cloud provider.
AWS reduces complexity, offering a single control plane for customers to manage and govern their resources in AWS, on-premises, and other clouds.
AWS offers the most complete set of cloud native capabilities for management and governance.
AWS offers the broadest partner ecosystem for customers to extend and augment their management and governance system.
Customers can use AWS Management and Governance services to assess their resource utilization and identify ways to reduce costs.
Three Stages to Managing and Governing with AWS
Enable the organization with governance built-in
Automate set-up of a baseline environment for running secure and scalable workloads in AWS based on best practices using AWS Control Tower. AWS Control Tower abstracts multiple AWS services under the covers so you can automate set-up of your environment with just a few clicks. You can also establish granular control over your AWS accounts using AWS Organizations. You can create a custom hierarchy of accounts, manage access to AWS services across multiple accounts from a single place, and share resources between accounts.
Automate resource provisioning using AWS CloudFormation’s infrastructure-as-code templates. Provision over 300 types of AWS resources across all AWS regions and accounts, and build and rebuild your infrastructure and applications without having to perform manual actions or write custom scripts, improving time-to-market and alignment with compliance rules. Using AWS Service Catalog, you can also offer users self-service access only to resources that have been pre-approved for deployment. This gives users not familiar with AWS the ability to self-provision resources with just a few clicks. The catalog can include AWS and third-party IT services such as virtual machine images, servers, software, databases, and even multi-tier application architectures.
You can use AWS services for end-to-end IT lifecycle management. First, improve visibility into resources using Amazon CloudWatch to monitor AWS resources, applications and services. Second, improve compliance auditing and security analysis using AWS CloudTrail to record user activity. Third, you can evaluate and monitor the compliance posture of your AWS resource configurations, as well as remediate noncompliant resources, using AWS Config. Additionally, when it comes to managing operational tasks, instead of using different toolsets in hybrid cloud environments, you can use AWS Systems Manager to centralize tasks in an “operations cockpit” using a common toolset. Finally, you can use AWS Trusted Advisor for recommendations to reduce underutilized resources and save costs, as well as improve your environment’s security and fault tolerance.
End-to-end IT lifecycle management
AWS helps IT teams simplify end-to-end IT lifecycle management with a complete set of services to manage and govern resources and applications. Customers can manage dynamic and highly scalable cloud resources, automate and configure easily, and meet interoperability expectations of the modern workforce.
To manage costs, customers can plan service usage and spend, and actively manage licenses, entitlements, and procurement. They can save money by optimizing resource utilization, and consolidate billing across multiple accounts to qualify for usage discounts.
Secure management at scale
Even with extremely large workloads, customers can improve their security posture and manage for desired state by applying resource configurations at scale. When there is a configuration change, customers don’t need to change source code. They can also limit resource access across the organization as a whole or in part, and closely restrict privileges for managing resources and resource groups.
IT compliance and audit readiness
AWS customers can ensure that usage and user activity across all AWS accounts is properly recorded for IT compliance, auditing, and analysis. When provisioning resources, developers can stay in line with compliance rules by using infrastructure-as-code templates, and IT can provide self-service access while applying constraints.
Operational visibility and troubleshooting
With AWS, organizations can monitor their resources and log all related activity, to help them understand and resolve the root cause of issues and speed up operational troubleshooting. They can quickly investigate their AWS API call history as well as identify recent configuration changes to their resources that may be causing operational issues.
Detect and remediate noncompliant resources
Customers can detect noncompliant resources, and trigger corrective action. They can also remediate noncompliant resources, and create their own remediation actions.
Management and Governance Services
Amazon CloudWatch provides you with data and actionable insights to monitor your applications, understand and respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health.
AWS CloudFormation provides a common language for you to describe and provision all the resources in your cloud environment using a simple text file, in an automated and secure manner. Available at no additional charge.
AWS CloudTrail is a service that enables compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure
AWS Control Tower automates the set-up of a baseline environment, or landing zone, that is a secure, well-architected multi-account AWS environment, based on best practices that have been established by working with thousands of enterprise customers.
Whether you are a growing startup or a large enterprise, Organizations helps you to centrally manage billing; control access, compliance, and security; and share resources across your AWS accounts.
AWS Config enables you to assess, audit, and evaluate the configurations of your AWS resources. It continuously monitors and records your AWS resource configurations and allows you to automate evaluation against desired configurations.
AWS Systems Manager gives you visibility and control of your infrastructure on AWS, with a unified user interface so you can view operational data from multiple AWS services and automate operational tasks across your AWS resources.
AWS Marketplace is a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on AWS.
AWS Trusted Advisor is an online tool that provides real time guidance to help you provision your resources following AWS best practices, whether that’s establishing new workflows, developing applications, or as part of ongoing improvement.