The Doppler Quarterly Fall 2017 - Page 58

#4 – Cloud Account Structure What is it? The avoidance of account sprawl. On the surface, accounts are a good way to enforce separation of environments. They enable separate billing, provide hard firewalls between business units, and offer clear ownership of resources. How- ever, they do tend to get out of hand rapidly. AWS and Azure offer a variety of services and features that allow for flexible control of cloud computing resources and the account(s) managing those resources. These options are designed to help provide proper cost allocation, agility, and security, however clients are sometimes unsure of how best to implement an account structure strategy — especially when working with multiple, and even hundreds of accounts. Why is it important for speed? The last thing you need is cloud account sprawl. It is an overhead that leads to uncontrolled spend, low resource utilization, and poor hygiene of services. Each organization is different and cost allocation, management of budget, and separation of systems is always critical in the implementation process. What you need is a crystal ball to predict what your platform will look like at scale. However, the good news is that you don’t need a real crystal ball, just a team who has already seen the end. #5 – IAM Policies and Roles What is it? Identity and Access Management (IAM) policies and roles provide the ability to securely control access to services and resources for users — whether they are groups of individuals or roles required for tools to perform their jobs. Getting your users and groups sorted out can be tricky business and without a proper methodology for control, will block the agility play. Why is it important for speed? Let’s say you’re provisioning a new RHEL stack for a mobile app developer; however, you have not made IAM part of the provisioning code. The ID and access rights for the developer must go through the same on-premise process you’re trying to get away from. Although your stack is created quickly, the sur- rounding IAM process is not. Alignment with all the tools, roles, and users \˜ܚ]X[^KLK͈8$[ܞ\[ۈ[^HX[Y[Y[]\]U[^\Hٙ\^HX[Y[Y[\[\ TH\H\XH܈BX[[\[[^Y۝ݙ\^\\Y[ܞ\]HۈHY TMHTS M