Security is foundational to AWS. Governance at scale is a new concept for automating cloud governance that can help organizations retire manual processes in account management, budget enforcement, and security and compliance. By automating common challenges, companies can scale without inhibiting agility, speed, or innovation. In addition, they can provide decision makers with the visibility, control, and governance necessary to protect sensitive data and systems.

In this course, you will learn how to identify opportunities for governance, the AWS value proposition in this domain, and ways to implement for governance at scale. You will also learn how to provide a solution that enables governance at scale for new and existing customers. Such a solution will increase developer speed and agility, and incorporate preventive and detective controls. As a result, this model will help you provide the right operational capabilities for governance. By the end of this course, you will be able to apply governance best practices to a typical cloud security journey and identify opportunities that can improve your success with AWS.

• Course level: Intermediate
• Duration: 4 hours

Activities

This course includes presentations, demonstrations, videos, and assessments.

Course objectives

By the end of this course, you will be able to:

• Explain the importance of governance at scale.
• Describe a solution for using governance at scale.
• Specify a solution for using developer speed with preventive controls.
• Define a solution for implementing operational capabilities.
• Apply governance best practices.
• Identify additional resources with Amazon Web Services (AWS)

Intended audience

This course is intended for:

• Solution Architects
• Cloud engineers, including security engineers, delivery and implementation engineers, professional services, and Cloud Center of Excellence (CCOE)
• Cloud practice stakeholders

Prerequisites

Before attending this course, participants should have completed the following:

• Security Fundamentals
• Security Essentials
• AWS Cloud Management Assessment (optional)
• Introduction to AWS Control Tower (optional)
• Automated Landing Zone (optional)
• Introduction to AWS Service Catalog (optional)

Course outline

Module 1: Governance at Scale

• Governance at Scale Basics
• Governance at scale focal points
• Governance Automation

Lab 0: AWS Control Tower Setup Instructions

• Set up a landing zone
• Explore the Cost Explorer dashboard

Module 2: Governance Automation

• Implementing with Best Practices
• Setting Up an AWS Control Tower Landing Zone
• Centralizing Identity and Access Management
• Automating Compliant Account Provisioning
• Establishing Guardrails

Lab 1: AWS Control Tower Basic Tasks

• Create an organizational unit (OU) and enable a guardrail
• Enroll a new AWS account using Account Factory
• Enroll an existing account

Module 3: Preventive Controls

• Provisioning with Self-Service Capabilities
• AWS Service Catalog Basics
• AWS Service Catalog Workflows
• Service Costs and Usage
• Customer Use Cases
• Integration with IT Service Management Tools

Lab 2: AWS Service Catalog Portfolios

• Share an administrator portfolio across all accounts in the organization
• Share an AWS Service Catalog portfolio from the management account
• Grant catalog access permissions to an AWS Single Sign-On user

Module 4: Detective Controls

• Operating with Agility and Control
• Cloud Governance Pillars
• Key Services to Support Effective Cloud Governance

Lab 3: AWS Control Tower Customizations

• Set up the Customizations for Control Tower (CfCT) Solution
• Deploy the customizations for guardrails and roles

Lab 4: AWS Control Tower Labs and Decommission Instructions

• Decommission resources
• Clean up accounts

Module 5: Bring It Together

• Case Study

Module 6: Resources and Next Steps

• Module resources
• AWS Control Services Activation Days
• Blog articles and videos
• APN Partner programs

Module 7: Course Assessment