AWS Service Roles AWS service roles allow AWS services to access resources in other AWS services on your behalf. A service must assume a service role to perform actions, on your behalf, on other AWS services. In some cases, AWS services provide a predefined service role out of the box—these are called service-linked roles. The list […]

Designing secure workloads is essential to protect your data and systems and to be able to respond to security threats in a timely and successful manner. When you design a new solution on Amazon Web Services (AWS), security is the first topic you want to focus on. Whether the application that you design is a […]

Setting Up Notifications The last piece of the puzzle is enabling and configuring notifications for your billing alerts and alarms. This is important for a number of reasons, such as cost management, security, and creating automated workflows. This can also be achieved with a few simple clicks from the AWS Management Console: That’s pretty much […]

Monitoring with Alerts, Notifications, and Reports Now you have selected the necessary tags and enforced a tagging strategy for your workloads on AWS. In this section, you will now look at how to use these tagging mechanisms to generate simple billing alerts, notifications, and reports using AWS tools and services. First, you will learn how […]

Creating Cost Allocation Tags Once the tags are activated and enabled, you can visualize them using AWS Cost and Usage Reports, or various other tools such as Cost Explorer, AWS Budgets, and so on. AWS also offers different options when it comes to creating tags for your resources, such as the AWS Management Console, AWS […]

Establishing Governance with Tagging Organizing resources in a meaningful way helps IT teams understand cost spending and overall usage patterns of even the most complex workloads, and this organization of resources can be achieved by leveraging a simple concept called tags. This section covers tagging in depth, as well as discussing some essential best practices […]

Cost Optimization Principles Cost optimization, for any and all workloads, is a continuous process of refinement and improvement. This section will discuss some key design principles that all solutions architects as well as cloud FinOps (which stands for financial operations) teams should keep in mind when optimizing costs for their workloads: Having explored the key […]

Summary You explored a number of key topics in this chapter—how to best organize and isolate your AWS resources, which billing strategy to implement, how to leverage AWS Organizations and OUs to structure your AWS environment, how to enforce security best practices and protect your AWS environment using SCPs, and finally, how to automate governance […]

How does Control Tower Operate? Upon setup, Control Tower deploys a certain number of resources in your organization. It leverages CloudFormation templates through stacks and stacksets to deploy and manage these resources. The following steps will further explain the process: Preventive guardrails are implemented using SCPs, while detective guardrails are implemented using AWS Config rules […]

Leveraging Control Tower Control Tower is an AWS service that addresses all the aspects covered earlier in this chapter in a prescriptive way. It is an opinionated service that allows you to automate the setup of your baseline environment—in other words, your landing zone. Control Tower does this by following a set of best practices […]