SlideShare a Scribd company logo

DEV332_Using AWS to Achieve Both Autonomy and Governance at 3M

Amazon Web Services
Amazon Web Services

There is a constant tension between empowering teams to be agile through autonomy and enforcing governance policies to maintain regulatory compliance. Hear from Nathan Scott, Senior Consultant at AWS and James Martin, Automation Engineering Manager at 3M on how they have achieved both autonomy and governance through self-service automation tools on AWS. Learn how to avoid pitfalls with building the CI/CD team, right sizing and how to address. This session will also feature a demo from Casey Lee, Chief Architect at Stelligent on the tools used to accomplish this for 3M, including AWS Service Catalog, AWS CloudFormation, AWS CodePipeline and Cloud Custodian, an open source tool for managing AWS accounts.

1 of 55
Download to read offline
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Using AWS to Achieve Both Autonomy and Governance at 3M N a t h a n S c o t t , S e n i o r C o n s u l t a n t , C l o u d A r c h i t e c t , A W S J a m e s M a r t i n , M a n a g e r , A u t o m a t i o n E n g i n e e r i n g , 3 M C a s e y L e e , C h i e f A r c h i t e c t , S t e l l i g e n t AWS re:INVENT D E V 3 3 2 N o v e m b e r 2 8 , 2 0 1 7
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The problem We have to move FAST, give us access… Individual business and development teams needed the ability to move fast and self-serve to capture market opportunities Not so fast, there are rules… The organization as a whole needs governance to ensure security compliance and minimize risk
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What to expect We will hear firsthand from About • How we solved the problem and achieved balance between autonomy and governace at 3M
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What to expect Topics • People, process, technology • Governance requirements • Solution approach using: • Continuous delivery • Self-service model • Monitoring of resources
5 Historical business Our legacy 1983–2011 Helping healthcare organizations get complete and accurate reimbursement and mitigate compliance risks Streamlining and simplifying the process of documenting the patient’s encounter in a hospital Working with hospitals to efficiently access, compile, code, classify, report, store, and exchange health information
6 Leading in a changing landscape Our present course and future Analyzing the cost, quality, and outcomes data of both patients and populations over time and across the healthcare continuum Ensuring providers capture the full burden of illness of their patients to deliver effective care management and receive accurate and complete payment Measuring performance and effectiveness among payer and provider networks to deliver higher quality outcomes at lower total costs
73M Confidential. 3M HIS grouper applications 22 states (27 grouper adoptions) through 1983–2006 11 additional states (37 grouper adoptions) 2007–2010 6 additional states (33 grouper adoptions) 2011–Q3 2012 • Industry-recognized expertise in payment methodologies and patient classification • 24 states have adopted APR DRGs for payment, including the eight largest Medicaid programs in the country • The APR DRG adoption by payers typically yields over 75% downstream penetration with providers • Lays a foundation for further payment products 87% of the US population is covered by 3M patient classification systems
8 Not moving fast enough Lift and shift got us out of the traditional data center, but… Lots of software is getting built with nowhere to go, so it’s time to evolve again.
9 Development bottlenecks Development time Manual testing Manual QA Manual deployment
10 Desired bottlenecks Development time Manual testing Manual QA Manual deployment
Deployment pipeline Feedback loop plan monitor build test release Developers Customers Based on slideshare.net/AmazonWebServices/dvo202-devops-at-amazon-a-look-at-our-tools-processes Continuous delivery
12 The path to continuous delivery
13 Building the automation team Automation engineering team • Deep knowledge of AWS services • Comfortable talking to other development teams • Understands the complete development lifecycle—from commit to deploy
14 Choosing the right technology • Focus on the problem at hand • Don’t try to predict the future • Use native AWS services/AWS Lambda/software as a service (Saas) services
15 Working with security • Gain buy-in early • Security from the start • Security as consumers • Freedom (with guard rails) • Sensitive data
16 • Find a simple application • Just enough to prove your pipeline • Rinse, repeat The right services and teams
17 The right services and teams Find the hungry team that • Wants the power • Is willing to do the work • Has a champion • Has the business need
18 Embed with the AppDev team • Establish success criteria • Works closely with application team • Participates in the team’s sprint cycle • Helps AppDev team consume the pipeline process and tools AppDev team Automation engineering
19 Establishing a CI/CD process at scale Problems • Complex components • Special snowflakes • Limited governance
20 The pipeline factory Goals • Reduce barrier to entry • Reduce snowflakes • Reduce setup time • Enforce security controls
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Solution Self-serviceContinuous delivery Monitor
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Solution Self-serviceContinuous delivery Monitor
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Continuous delivery
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Continuous delivery
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS CodePipeline Continuous delivery
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS CodeCommit Continuous delivery
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. mavenJob(jobName) { triggers { scm('* * * * *') } rootPOM('pom.xml') goals('clean') goals('compile') goals('pmd:pmd') goals('findbugs:findbugs') goals('package') } Continuous delivery
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Jenkins Continuous delivery
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Approved? Continuous delivery
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS CloudFormation Continuous delivery
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS CodeDeploy Continuous delivery
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automated testing Continuous delivery
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Blue/green switch Continuous delivery ELB Old ASG New ASG
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Solution Self-serviceContinuous delivery Monitor
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Self-service
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. docs.aws.amazon.com/servicecatalog/latest/adminguide/admin-overview-workflow.html AWS Service Catalog
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Self-service
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo Self-service
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Self-service
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ProdBuckets: Type: Custom::CloudFormationStack DeletionPolicy: Retain Properties: ServiceToken: arn:aws:... AssumeRole: arn:aws:iam:... TemplateURL: https://s3.amazonaws.com/.../buckets.yml Parameters: TeamName: !Ref TeamName CIAccount: !Ref CIAccount TestAccount: !Ref TestAccount ProdAccount: !Ref ProdAccount Self-service
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Self-service
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Solution Self-serviceContinuous delivery Monitor
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Monitor—cfn_nag https://github.com/stelligent/cfn_nag
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. https://github.com/capitalone/cloud-custodian Monitor—Cloud Custodian
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. - name: s3-global-access mode: type: cloudtrail events: - event: PutBucketACL resource: s3 filters: - type: global-grants allow_website: false actions: - delete-global-grants - remove-website-hosting - type: notify to: - resource-owner Monitor—Cloud Custodian
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. - name: cost-center-absent-ec2 mode: type: periodic schedule: cron(30 * * * ? *) resource: ec2 filters: - and: - tag:Cost Center: absent - tag:Team: absent actions: - stop - type: mark-for-op op: terminate days: 2 Monitor—Cloud Custodian
Pipeline Invokes Governor stack AWSGovernor AWSGovernor TestTypeCatalog Organization Level Tests Policy Service 1. Execute CloudFormation 2. Run AWSGovernor 3. Describe stack resources 4. Get all registered tests 5. Run organization tests 6. Run product tests 7. Report success or failure Pipeline Deploys App Infra/Code Tools Account Security Account Product Level Test 1 2 3 4 5 6 7 Governor Production Account
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Monitor—pipeline dashboard
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Monitor—pipeline dashboard
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ServerlessFunc: Type: 'AWS::Serverless::Function' Properties: Handler: handler.pipeline_event Runtime: python3.6 CodeUri: ../app Events: PipelineEventRule: Type: CloudWatchEvent Properties: Pattern: source: - "aws.codepipeline" detail-type: - "CodePipeline Pipeline Execution State Change" - "CodePipeline Stage Execution State Change" - "CodePipeline Action Execution State Change" Monitor—pipeline dashboard
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. DashboardFunc: Type: 'AWS::Serverless::Function' Properties: Handler: handler.dashboard_event Runtime: python3.6 CodeUri: ../app Events: DashboardEventRule: Type: Schedule Properties: Schedule: "cron(*/5 * * * ? *)" Monitor—pipeline dashboard
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What we learned Autonomy • Achieved through continuous delivery and self- service • All infrastructure defined as code • All deployments done via a pipeline • Pipeline is triggered via commit • Only manual step is approve/reject • Use ServiceCatalog to enable self service
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What we learned Governance • Achieved through self-service and monitoring • CloudFormation all the things • ServiceCatalog for CloudFormation governance • CloudFormation static analysis with cfn_nag • Cloud Custodian to assess and enforce compliance • Monitor pipeline metrics
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Resources https://stelligent.com/dev332
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you!

Recommended

SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...Amazon Web Services
 
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...Amazon Web Services
 
CTD301_Amazon CloudFront Flash Talks
CTD301_Amazon CloudFront Flash TalksCTD301_Amazon CloudFront Flash Talks
CTD301_Amazon CloudFront Flash TalksAmazon Web Services
 
GPSTEC312-SAP HANA HA on AWS Preventing Production Facepalms
GPSTEC312-SAP HANA HA on AWS Preventing Production FacepalmsGPSTEC312-SAP HANA HA on AWS Preventing Production Facepalms
GPSTEC312-SAP HANA HA on AWS Preventing Production FacepalmsAmazon Web Services
 
GPSWKS406-Migrating a Microsoft ASP.NET Application to AWS
GPSWKS406-Migrating a Microsoft ASP.NET Application to AWSGPSWKS406-Migrating a Microsoft ASP.NET Application to AWS
GPSWKS406-Migrating a Microsoft ASP.NET Application to AWSAmazon Web Services
 
DEV329_Cisco’s Journey from Monolith to Microservices
DEV329_Cisco’s Journey from Monolith to MicroservicesDEV329_Cisco’s Journey from Monolith to Microservices
DEV329_Cisco’s Journey from Monolith to MicroservicesAmazon Web Services
 
GPSTEC319-Build Once Deploy Many Architecting and Building Automated Reusable...
GPSTEC319-Build Once Deploy Many Architecting and Building Automated Reusable...GPSTEC319-Build Once Deploy Many Architecting and Building Automated Reusable...
GPSTEC319-Build Once Deploy Many Architecting and Building Automated Reusable...Amazon Web Services
 
How to Assess Your Organization's Readiness to Migrate at Scale to AWS - ENT2...
How to Assess Your Organization's Readiness to Migrate at Scale to AWS - ENT2...How to Assess Your Organization's Readiness to Migrate at Scale to AWS - ENT2...
How to Assess Your Organization's Readiness to Migrate at Scale to AWS - ENT2...Amazon Web Services
 

Recommended

SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...Amazon Web Services
 
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...Amazon Web Services
 
CTD301_Amazon CloudFront Flash Talks
CTD301_Amazon CloudFront Flash TalksCTD301_Amazon CloudFront Flash Talks
CTD301_Amazon CloudFront Flash TalksAmazon Web Services
 
GPSTEC312-SAP HANA HA on AWS Preventing Production Facepalms
GPSTEC312-SAP HANA HA on AWS Preventing Production FacepalmsGPSTEC312-SAP HANA HA on AWS Preventing Production Facepalms
GPSTEC312-SAP HANA HA on AWS Preventing Production FacepalmsAmazon Web Services
 
GPSWKS406-Migrating a Microsoft ASP.NET Application to AWS
GPSWKS406-Migrating a Microsoft ASP.NET Application to AWSGPSWKS406-Migrating a Microsoft ASP.NET Application to AWS
GPSWKS406-Migrating a Microsoft ASP.NET Application to AWSAmazon Web Services
 
DEV329_Cisco’s Journey from Monolith to Microservices
DEV329_Cisco’s Journey from Monolith to MicroservicesDEV329_Cisco’s Journey from Monolith to Microservices
DEV329_Cisco’s Journey from Monolith to MicroservicesAmazon Web Services
 
GPSTEC319-Build Once Deploy Many Architecting and Building Automated Reusable...
GPSTEC319-Build Once Deploy Many Architecting and Building Automated Reusable...GPSTEC319-Build Once Deploy Many Architecting and Building Automated Reusable...
GPSTEC319-Build Once Deploy Many Architecting and Building Automated Reusable...Amazon Web Services
 
How to Assess Your Organization's Readiness to Migrate at Scale to AWS - ENT2...
How to Assess Your Organization's Readiness to Migrate at Scale to AWS - ENT2...How to Assess Your Organization's Readiness to Migrate at Scale to AWS - ENT2...
How to Assess Your Organization's Readiness to Migrate at Scale to AWS - ENT2...Amazon Web Services
 
DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...
DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...
DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...Amazon Web Services
 
CTD201_Introduction to Amazon CloudFront and AWS Lambda@Edge
CTD201_Introduction to Amazon CloudFront and AWS Lambda@EdgeCTD201_Introduction to Amazon CloudFront and AWS Lambda@Edge
CTD201_Introduction to Amazon CloudFront and AWS Lambda@EdgeAmazon Web Services
 
NET304_Deep Dive into the New Network Load Balancer
NET304_Deep Dive into the New Network Load BalancerNET304_Deep Dive into the New Network Load Balancer
NET304_Deep Dive into the New Network Load BalancerAmazon Web Services
 
Keys to Successfully Monitoring and Optimizing Innovative and Sophisticated C...
Keys to Successfully Monitoring and Optimizing Innovative and Sophisticated C...Keys to Successfully Monitoring and Optimizing Innovative and Sophisticated C...
Keys to Successfully Monitoring and Optimizing Innovative and Sophisticated C...Amazon Web Services
 
GPSTEC323-SaaS and OpenID Connect The Secret Sauce Multi-Tenant Identity and ...
GPSTEC323-SaaS and OpenID Connect The Secret Sauce Multi-Tenant Identity and ...GPSTEC323-SaaS and OpenID Connect The Secret Sauce Multi-Tenant Identity and ...
GPSTEC323-SaaS and OpenID Connect The Secret Sauce Multi-Tenant Identity and ...Amazon Web Services
 
ARC201_Scaling Up to Your First 10 Million Users
ARC201_Scaling Up to Your First 10 Million UsersARC201_Scaling Up to Your First 10 Million Users
ARC201_Scaling Up to Your First 10 Million UsersAmazon Web Services
 
I Want to Analyze and Visualize Website Access Logs, but Why Do I Need Server...
I Want to Analyze and Visualize Website Access Logs, but Why Do I Need Server...I Want to Analyze and Visualize Website Access Logs, but Why Do I Need Server...
I Want to Analyze and Visualize Website Access Logs, but Why Do I Need Server...Amazon Web Services
 
Cloud-Native App Protection: Web Application Security at Pearson and other cu...
Cloud-Native App Protection: Web Application Security at Pearson and other cu...Cloud-Native App Protection: Web Application Security at Pearson and other cu...
Cloud-Native App Protection: Web Application Security at Pearson and other cu...Amazon Web Services
 
FSV308-Culture Shift How to Move a Global Financial Services Organization to ...
FSV308-Culture Shift How to Move a Global Financial Services Organization to ...FSV308-Culture Shift How to Move a Global Financial Services Organization to ...
FSV308-Culture Shift How to Move a Global Financial Services Organization to ...Amazon Web Services
 
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWSAmazon Web Services
 
MBL209_Learn How MicroStrategy on AWS is Helping Vivint Solar Deliver Clean E...
MBL209_Learn How MicroStrategy on AWS is Helping Vivint Solar Deliver Clean E...MBL209_Learn How MicroStrategy on AWS is Helping Vivint Solar Deliver Clean E...
MBL209_Learn How MicroStrategy on AWS is Helping Vivint Solar Deliver Clean E...Amazon Web Services
 
DEV305_Manage Your Applications with AWS Elastic Beanstalk.pdf
DEV305_Manage Your Applications with AWS Elastic Beanstalk.pdfDEV305_Manage Your Applications with AWS Elastic Beanstalk.pdf
DEV305_Manage Your Applications with AWS Elastic Beanstalk.pdfAmazon Web Services
 
DEV328_DevOps Lessons from Courser a Site Performance, Reliability, and Devel...
DEV328_DevOps Lessons from Courser a Site Performance, Reliability, and Devel...DEV328_DevOps Lessons from Courser a Site Performance, Reliability, and Devel...
DEV328_DevOps Lessons from Courser a Site Performance, Reliability, and Devel...Amazon Web Services
 
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Amazon Web Services
 
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017Amazon Web Services
 
SID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security TeamSID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security TeamAmazon Web Services
 
Preparing for AWS Certification & Advanced Security Training
Preparing for AWS Certification & Advanced Security TrainingPreparing for AWS Certification & Advanced Security Training
Preparing for AWS Certification & Advanced Security TrainingAmazon Web Services
 
MSC204_Leverage AWS Marketplace to accelerate production ready workloads
MSC204_Leverage AWS Marketplace to accelerate production ready workloadsMSC204_Leverage AWS Marketplace to accelerate production ready workloads
MSC204_Leverage AWS Marketplace to accelerate production ready workloadsAmazon Web Services
 
NEW LAUNCH! AWS PrivateLink Deep Dive - NET310 - re:Invent 2017
NEW LAUNCH! AWS PrivateLink Deep Dive - NET310 - re:Invent 2017NEW LAUNCH! AWS PrivateLink Deep Dive - NET310 - re:Invent 2017
NEW LAUNCH! AWS PrivateLink Deep Dive - NET310 - re:Invent 2017Amazon Web Services
 
GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...
GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...
GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...Amazon Web Services
 
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Amazon Web Services
 
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Amazon Web Services
 

More Related Content

What's hot

DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...
DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...
DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...Amazon Web Services
 
CTD201_Introduction to Amazon CloudFront and AWS Lambda@Edge
CTD201_Introduction to Amazon CloudFront and AWS Lambda@EdgeCTD201_Introduction to Amazon CloudFront and AWS Lambda@Edge
CTD201_Introduction to Amazon CloudFront and AWS Lambda@EdgeAmazon Web Services
 
NET304_Deep Dive into the New Network Load Balancer
NET304_Deep Dive into the New Network Load BalancerNET304_Deep Dive into the New Network Load Balancer
NET304_Deep Dive into the New Network Load BalancerAmazon Web Services
 
Keys to Successfully Monitoring and Optimizing Innovative and Sophisticated C...
Keys to Successfully Monitoring and Optimizing Innovative and Sophisticated C...Keys to Successfully Monitoring and Optimizing Innovative and Sophisticated C...
Keys to Successfully Monitoring and Optimizing Innovative and Sophisticated C...Amazon Web Services
 
GPSTEC323-SaaS and OpenID Connect The Secret Sauce Multi-Tenant Identity and ...
GPSTEC323-SaaS and OpenID Connect The Secret Sauce Multi-Tenant Identity and ...GPSTEC323-SaaS and OpenID Connect The Secret Sauce Multi-Tenant Identity and ...
GPSTEC323-SaaS and OpenID Connect The Secret Sauce Multi-Tenant Identity and ...Amazon Web Services
 
ARC201_Scaling Up to Your First 10 Million Users
ARC201_Scaling Up to Your First 10 Million UsersARC201_Scaling Up to Your First 10 Million Users
ARC201_Scaling Up to Your First 10 Million UsersAmazon Web Services
 
I Want to Analyze and Visualize Website Access Logs, but Why Do I Need Server...
I Want to Analyze and Visualize Website Access Logs, but Why Do I Need Server...I Want to Analyze and Visualize Website Access Logs, but Why Do I Need Server...
I Want to Analyze and Visualize Website Access Logs, but Why Do I Need Server...Amazon Web Services
 
Cloud-Native App Protection: Web Application Security at Pearson and other cu...
Cloud-Native App Protection: Web Application Security at Pearson and other cu...Cloud-Native App Protection: Web Application Security at Pearson and other cu...
Cloud-Native App Protection: Web Application Security at Pearson and other cu...Amazon Web Services
 
FSV308-Culture Shift How to Move a Global Financial Services Organization to ...
FSV308-Culture Shift How to Move a Global Financial Services Organization to ...FSV308-Culture Shift How to Move a Global Financial Services Organization to ...
FSV308-Culture Shift How to Move a Global Financial Services Organization to ...Amazon Web Services
 
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWSAmazon Web Services
 
MBL209_Learn How MicroStrategy on AWS is Helping Vivint Solar Deliver Clean E...
MBL209_Learn How MicroStrategy on AWS is Helping Vivint Solar Deliver Clean E...MBL209_Learn How MicroStrategy on AWS is Helping Vivint Solar Deliver Clean E...
MBL209_Learn How MicroStrategy on AWS is Helping Vivint Solar Deliver Clean E...Amazon Web Services
 
DEV305_Manage Your Applications with AWS Elastic Beanstalk.pdf
DEV305_Manage Your Applications with AWS Elastic Beanstalk.pdfDEV305_Manage Your Applications with AWS Elastic Beanstalk.pdf
DEV305_Manage Your Applications with AWS Elastic Beanstalk.pdfAmazon Web Services
 
DEV328_DevOps Lessons from Courser a Site Performance, Reliability, and Devel...
DEV328_DevOps Lessons from Courser a Site Performance, Reliability, and Devel...DEV328_DevOps Lessons from Courser a Site Performance, Reliability, and Devel...
DEV328_DevOps Lessons from Courser a Site Performance, Reliability, and Devel...Amazon Web Services
 
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Amazon Web Services
 
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017Amazon Web Services
 
SID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security TeamSID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security TeamAmazon Web Services
 
Preparing for AWS Certification & Advanced Security Training
Preparing for AWS Certification & Advanced Security TrainingPreparing for AWS Certification & Advanced Security Training
Preparing for AWS Certification & Advanced Security TrainingAmazon Web Services
 
MSC204_Leverage AWS Marketplace to accelerate production ready workloads
MSC204_Leverage AWS Marketplace to accelerate production ready workloadsMSC204_Leverage AWS Marketplace to accelerate production ready workloads
MSC204_Leverage AWS Marketplace to accelerate production ready workloadsAmazon Web Services
 
NEW LAUNCH! AWS PrivateLink Deep Dive - NET310 - re:Invent 2017
NEW LAUNCH! AWS PrivateLink Deep Dive - NET310 - re:Invent 2017NEW LAUNCH! AWS PrivateLink Deep Dive - NET310 - re:Invent 2017
NEW LAUNCH! AWS PrivateLink Deep Dive - NET310 - re:Invent 2017Amazon Web Services
 
GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...
GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...
GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...Amazon Web Services
 

What's hot (20)

DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...
DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...
DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...
 
CTD201_Introduction to Amazon CloudFront and AWS Lambda@Edge
CTD201_Introduction to Amazon CloudFront and AWS Lambda@EdgeCTD201_Introduction to Amazon CloudFront and AWS Lambda@Edge
CTD201_Introduction to Amazon CloudFront and AWS Lambda@Edge
 
NET304_Deep Dive into the New Network Load Balancer
NET304_Deep Dive into the New Network Load BalancerNET304_Deep Dive into the New Network Load Balancer
NET304_Deep Dive into the New Network Load Balancer
 
Keys to Successfully Monitoring and Optimizing Innovative and Sophisticated C...
Keys to Successfully Monitoring and Optimizing Innovative and Sophisticated C...Keys to Successfully Monitoring and Optimizing Innovative and Sophisticated C...
Keys to Successfully Monitoring and Optimizing Innovative and Sophisticated C...
 
GPSTEC323-SaaS and OpenID Connect The Secret Sauce Multi-Tenant Identity and ...
GPSTEC323-SaaS and OpenID Connect The Secret Sauce Multi-Tenant Identity and ...GPSTEC323-SaaS and OpenID Connect The Secret Sauce Multi-Tenant Identity and ...
GPSTEC323-SaaS and OpenID Connect The Secret Sauce Multi-Tenant Identity and ...
 
ARC201_Scaling Up to Your First 10 Million Users
ARC201_Scaling Up to Your First 10 Million UsersARC201_Scaling Up to Your First 10 Million Users
ARC201_Scaling Up to Your First 10 Million Users
 
I Want to Analyze and Visualize Website Access Logs, but Why Do I Need Server...
I Want to Analyze and Visualize Website Access Logs, but Why Do I Need Server...I Want to Analyze and Visualize Website Access Logs, but Why Do I Need Server...
I Want to Analyze and Visualize Website Access Logs, but Why Do I Need Server...
 
Cloud-Native App Protection: Web Application Security at Pearson and other cu...
Cloud-Native App Protection: Web Application Security at Pearson and other cu...Cloud-Native App Protection: Web Application Security at Pearson and other cu...
Cloud-Native App Protection: Web Application Security at Pearson and other cu...
 
FSV308-Culture Shift How to Move a Global Financial Services Organization to ...
FSV308-Culture Shift How to Move a Global Financial Services Organization to ...FSV308-Culture Shift How to Move a Global Financial Services Organization to ...
FSV308-Culture Shift How to Move a Global Financial Services Organization to ...
 
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
 
MBL209_Learn How MicroStrategy on AWS is Helping Vivint Solar Deliver Clean E...
MBL209_Learn How MicroStrategy on AWS is Helping Vivint Solar Deliver Clean E...MBL209_Learn How MicroStrategy on AWS is Helping Vivint Solar Deliver Clean E...
MBL209_Learn How MicroStrategy on AWS is Helping Vivint Solar Deliver Clean E...
 
DEV305_Manage Your Applications with AWS Elastic Beanstalk.pdf
DEV305_Manage Your Applications with AWS Elastic Beanstalk.pdfDEV305_Manage Your Applications with AWS Elastic Beanstalk.pdf
DEV305_Manage Your Applications with AWS Elastic Beanstalk.pdf
 
DEV328_DevOps Lessons from Courser a Site Performance, Reliability, and Devel...
DEV328_DevOps Lessons from Courser a Site Performance, Reliability, and Devel...DEV328_DevOps Lessons from Courser a Site Performance, Reliability, and Devel...
DEV328_DevOps Lessons from Courser a Site Performance, Reliability, and Devel...
 
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
 
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
 
SID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security TeamSID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security Team
 
Preparing for AWS Certification & Advanced Security Training
Preparing for AWS Certification & Advanced Security TrainingPreparing for AWS Certification & Advanced Security Training
Preparing for AWS Certification & Advanced Security Training
 
MSC204_Leverage AWS Marketplace to accelerate production ready workloads
MSC204_Leverage AWS Marketplace to accelerate production ready workloadsMSC204_Leverage AWS Marketplace to accelerate production ready workloads
MSC204_Leverage AWS Marketplace to accelerate production ready workloads
 
NEW LAUNCH! AWS PrivateLink Deep Dive - NET310 - re:Invent 2017
NEW LAUNCH! AWS PrivateLink Deep Dive - NET310 - re:Invent 2017NEW LAUNCH! AWS PrivateLink Deep Dive - NET310 - re:Invent 2017
NEW LAUNCH! AWS PrivateLink Deep Dive - NET310 - re:Invent 2017
 
GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...
GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...
GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...
 

Similar to DEV332_Using AWS to Achieve Both Autonomy and Governance at 3M

Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Amazon Web Services
 
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Amazon Web Services
 
Continuous Compliance on AWS at Scale - SID313 - re:Invent 2017
Continuous Compliance on AWS at Scale - SID313 - re:Invent 2017Continuous Compliance on AWS at Scale - SID313 - re:Invent 2017
Continuous Compliance on AWS at Scale - SID313 - re:Invent 2017Amazon Web Services
 
Achieving Continuous Compliance with CTP and AWS
Achieving Continuous Compliance with CTP and AWS Achieving Continuous Compliance with CTP and AWS
Achieving Continuous Compliance with CTP and AWS Amazon Web Services
 
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...Amazon Web Services
 
AWS X-Ray: Debugging Applications at Scale - AWS Online Tech Talks
AWS X-Ray: Debugging Applications at Scale - AWS Online Tech TalksAWS X-Ray: Debugging Applications at Scale - AWS Online Tech Talks
AWS X-Ray: Debugging Applications at Scale - AWS Online Tech TalksAmazon Web Services
 
How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017
How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017
How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017Amazon Web Services
 
AWS re:Invent 2017 | CloudHealth Tech Session
AWS re:Invent 2017 | CloudHealth Tech SessionAWS re:Invent 2017 | CloudHealth Tech Session
AWS re:Invent 2017 | CloudHealth Tech SessionCloudHealth by VMware
 
AWS reInvent 2017 recap - Optimizing Costs as You Scale on AWS
AWS reInvent 2017 recap - Optimizing Costs as You Scale on AWSAWS reInvent 2017 recap - Optimizing Costs as You Scale on AWS
AWS reInvent 2017 recap - Optimizing Costs as You Scale on AWSAmazon Web Services
 
GPSBUS204_Building a Profitable Next Generation AWS MSP Practice
GPSBUS204_Building a Profitable Next Generation AWS MSP PracticeGPSBUS204_Building a Profitable Next Generation AWS MSP Practice
GPSBUS204_Building a Profitable Next Generation AWS MSP PracticeAmazon Web Services
 
DevOps, CI/CD, cost management, and security on AWS
DevOps, CI/CD, cost management, and security on AWSDevOps, CI/CD, cost management, and security on AWS
DevOps, CI/CD, cost management, and security on AWSTom Laszewski
 
SID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategySID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategyAmazon Web Services
 
AWS Marketplace on Reaching Enterprises
AWS Marketplace on Reaching EnterprisesAWS Marketplace on Reaching Enterprises
AWS Marketplace on Reaching EnterprisesAmazon Web Services
 
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Amazon Web Services
 
Serverless and DevOps
Serverless and DevOpsServerless and DevOps
Serverless and DevOpsChris Munns
 
Leveraging a Cloud Policy Framework - From Zero to Well Governed - ENT318 - r...
Leveraging a Cloud Policy Framework - From Zero to Well Governed - ENT318 - r...Leveraging a Cloud Policy Framework - From Zero to Well Governed - ENT318 - r...
Leveraging a Cloud Policy Framework - From Zero to Well Governed - ENT318 - r...Amazon Web Services
 
From Monolithic to Modern Apps: Best Practices
From Monolithic to Modern Apps: Best PracticesFrom Monolithic to Modern Apps: Best Practices
From Monolithic to Modern Apps: Best PracticesTom Laszewski
 

Similar to DEV332_Using AWS to Achieve Both Autonomy and Governance at 3M (20)

Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
 
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
 
Continuous Compliance on AWS at Scale - SID313 - re:Invent 2017
Continuous Compliance on AWS at Scale - SID313 - re:Invent 2017Continuous Compliance on AWS at Scale - SID313 - re:Invent 2017
Continuous Compliance on AWS at Scale - SID313 - re:Invent 2017
 
Achieving Continuous Compliance with CTP and AWS
Achieving Continuous Compliance with CTP and AWS Achieving Continuous Compliance with CTP and AWS
Achieving Continuous Compliance with CTP and AWS
 
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...
 
AWS X-Ray: Debugging Applications at Scale - AWS Online Tech Talks
AWS X-Ray: Debugging Applications at Scale - AWS Online Tech TalksAWS X-Ray: Debugging Applications at Scale - AWS Online Tech Talks
AWS X-Ray: Debugging Applications at Scale - AWS Online Tech Talks
 
How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017
How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017
How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017
 
AWS re:Invent 2017 | CloudHealth Tech Session
AWS re:Invent 2017 | CloudHealth Tech SessionAWS re:Invent 2017 | CloudHealth Tech Session
AWS re:Invent 2017 | CloudHealth Tech Session
 
ENT315_Landing Zones
ENT315_Landing ZonesENT315_Landing Zones
ENT315_Landing Zones
 
AWS reInvent 2017 recap - Optimizing Costs as You Scale on AWS
AWS reInvent 2017 recap - Optimizing Costs as You Scale on AWSAWS reInvent 2017 recap - Optimizing Costs as You Scale on AWS
AWS reInvent 2017 recap - Optimizing Costs as You Scale on AWS
 
GPSBUS204_Building a Profitable Next Generation AWS MSP Practice
GPSBUS204_Building a Profitable Next Generation AWS MSP PracticeGPSBUS204_Building a Profitable Next Generation AWS MSP Practice
GPSBUS204_Building a Profitable Next Generation AWS MSP Practice
 
DevOps, CI/CD, cost management, and security on AWS
DevOps, CI/CD, cost management, and security on AWSDevOps, CI/CD, cost management, and security on AWS
DevOps, CI/CD, cost management, and security on AWS
 
SID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategySID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account Strategy
 
AWS Marketplace on Reaching Enterprises
AWS Marketplace on Reaching EnterprisesAWS Marketplace on Reaching Enterprises
AWS Marketplace on Reaching Enterprises
 
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
 
Getting started with AWS
Getting started with AWSGetting started with AWS
Getting started with AWS
 
Amazon Macie Demo
Amazon Macie DemoAmazon Macie Demo
Amazon Macie Demo
 
Serverless and DevOps
Serverless and DevOpsServerless and DevOps
Serverless and DevOps
 
Leveraging a Cloud Policy Framework - From Zero to Well Governed - ENT318 - r...
Leveraging a Cloud Policy Framework - From Zero to Well Governed - ENT318 - r...Leveraging a Cloud Policy Framework - From Zero to Well Governed - ENT318 - r...
Leveraging a Cloud Policy Framework - From Zero to Well Governed - ENT318 - r...
 
From Monolithic to Modern Apps: Best Practices
From Monolithic to Modern Apps: Best PracticesFrom Monolithic to Modern Apps: Best Practices
From Monolithic to Modern Apps: Best Practices
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

DEV332_Using AWS to Achieve Both Autonomy and Governance at 3M

  • 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Using AWS to Achieve Both Autonomy and Governance at 3M N a t h a n S c o t t , S e n i o r C o n s u l t a n t , C l o u d A r c h i t e c t , A W S J a m e s M a r t i n , M a n a g e r , A u t o m a t i o n E n g i n e e r i n g , 3 M C a s e y L e e , C h i e f A r c h i t e c t , S t e l l i g e n t AWS re:INVENT D E V 3 3 2 N o v e m b e r 2 8 , 2 0 1 7
  • 2. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The problem We have to move FAST, give us access… Individual business and development teams needed the ability to move fast and self-serve to capture market opportunities Not so fast, there are rules… The organization as a whole needs governance to ensure security compliance and minimize risk
  • 3. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What to expect We will hear firsthand from About • How we solved the problem and achieved balance between autonomy and governace at 3M
  • 4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What to expect Topics • People, process, technology • Governance requirements • Solution approach using: • Continuous delivery • Self-service model • Monitoring of resources
  • 5. 5 Historical business Our legacy 1983–2011 Helping healthcare organizations get complete and accurate reimbursement and mitigate compliance risks Streamlining and simplifying the process of documenting the patient’s encounter in a hospital Working with hospitals to efficiently access, compile, code, classify, report, store, and exchange health information
  • 6. 6 Leading in a changing landscape Our present course and future Analyzing the cost, quality, and outcomes data of both patients and populations over time and across the healthcare continuum Ensuring providers capture the full burden of illness of their patients to deliver effective care management and receive accurate and complete payment Measuring performance and effectiveness among payer and provider networks to deliver higher quality outcomes at lower total costs
  • 7. 73M Confidential. 3M HIS grouper applications 22 states (27 grouper adoptions) through 1983–2006 11 additional states (37 grouper adoptions) 2007–2010 6 additional states (33 grouper adoptions) 2011–Q3 2012 • Industry-recognized expertise in payment methodologies and patient classification • 24 states have adopted APR DRGs for payment, including the eight largest Medicaid programs in the country • The APR DRG adoption by payers typically yields over 75% downstream penetration with providers • Lays a foundation for further payment products 87% of the US population is covered by 3M patient classification systems
  • 8. 8 Not moving fast enough Lift and shift got us out of the traditional data center, but… Lots of software is getting built with nowhere to go, so it’s time to evolve again.
  • 9. 9 Development bottlenecks Development time Manual testing Manual QA Manual deployment
  • 10. 10 Desired bottlenecks Development time Manual testing Manual QA Manual deployment
  • 11. Deployment pipeline Feedback loop plan monitor build test release Developers Customers Based on slideshare.net/AmazonWebServices/dvo202-devops-at-amazon-a-look-at-our-tools-processes Continuous delivery
  • 12. 12 The path to continuous delivery
  • 13. 13 Building the automation team Automation engineering team • Deep knowledge of AWS services • Comfortable talking to other development teams • Understands the complete development lifecycle—from commit to deploy
  • 14. 14 Choosing the right technology • Focus on the problem at hand • Don’t try to predict the future • Use native AWS services/AWS Lambda/software as a service (Saas) services
  • 15. 15 Working with security • Gain buy-in early • Security from the start • Security as consumers • Freedom (with guard rails) • Sensitive data
  • 16. 16 • Find a simple application • Just enough to prove your pipeline • Rinse, repeat The right services and teams
  • 17. 17 The right services and teams Find the hungry team that • Wants the power • Is willing to do the work • Has a champion • Has the business need
  • 18. 18 Embed with the AppDev team • Establish success criteria • Works closely with application team • Participates in the team’s sprint cycle • Helps AppDev team consume the pipeline process and tools AppDev team Automation engineering
  • 19. 19 Establishing a CI/CD process at scale Problems • Complex components • Special snowflakes • Limited governance
  • 20. 20 The pipeline factory Goals • Reduce barrier to entry • Reduce snowflakes • Reduce setup time • Enforce security controls
  • 21. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Solution Self-serviceContinuous delivery Monitor
  • 22. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Solution Self-serviceContinuous delivery Monitor
  • 23. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Continuous delivery
  • 24. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Continuous delivery
  • 25. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS CodePipeline Continuous delivery
  • 26. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS CodeCommit Continuous delivery
  • 27. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. mavenJob(jobName) { triggers { scm('* * * * *') } rootPOM('pom.xml') goals('clean') goals('compile') goals('pmd:pmd') goals('findbugs:findbugs') goals('package') } Continuous delivery
  • 28. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Jenkins Continuous delivery
  • 29. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Approved? Continuous delivery
  • 30. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS CloudFormation Continuous delivery
  • 31. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS CodeDeploy Continuous delivery
  • 32. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automated testing Continuous delivery
  • 33. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Blue/green switch Continuous delivery ELB Old ASG New ASG
  • 34. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Solution Self-serviceContinuous delivery Monitor
  • 35. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Self-service
  • 36. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. docs.aws.amazon.com/servicecatalog/latest/adminguide/admin-overview-workflow.html AWS Service Catalog
  • 37. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Self-service
  • 38. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo Self-service
  • 39. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Self-service
  • 40. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ProdBuckets: Type: Custom::CloudFormationStack DeletionPolicy: Retain Properties: ServiceToken: arn:aws:... AssumeRole: arn:aws:iam:... TemplateURL: https://s3.amazonaws.com/.../buckets.yml Parameters: TeamName: !Ref TeamName CIAccount: !Ref CIAccount TestAccount: !Ref TestAccount ProdAccount: !Ref ProdAccount Self-service
  • 41. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Self-service
  • 42. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Solution Self-serviceContinuous delivery Monitor
  • 43. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Monitor—cfn_nag https://github.com/stelligent/cfn_nag
  • 44. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. https://github.com/capitalone/cloud-custodian Monitor—Cloud Custodian
  • 45. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. - name: s3-global-access mode: type: cloudtrail events: - event: PutBucketACL resource: s3 filters: - type: global-grants allow_website: false actions: - delete-global-grants - remove-website-hosting - type: notify to: - resource-owner Monitor—Cloud Custodian
  • 46. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. - name: cost-center-absent-ec2 mode: type: periodic schedule: cron(30 * * * ? *) resource: ec2 filters: - and: - tag:Cost Center: absent - tag:Team: absent actions: - stop - type: mark-for-op op: terminate days: 2 Monitor—Cloud Custodian
  • 47. Pipeline Invokes Governor stack AWSGovernor AWSGovernor TestTypeCatalog Organization Level Tests Policy Service 1. Execute CloudFormation 2. Run AWSGovernor 3. Describe stack resources 4. Get all registered tests 5. Run organization tests 6. Run product tests 7. Report success or failure Pipeline Deploys App Infra/Code Tools Account Security Account Product Level Test 1 2 3 4 5 6 7 Governor Production Account
  • 48. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Monitor—pipeline dashboard
  • 49. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Monitor—pipeline dashboard
  • 50. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ServerlessFunc: Type: 'AWS::Serverless::Function' Properties: Handler: handler.pipeline_event Runtime: python3.6 CodeUri: ../app Events: PipelineEventRule: Type: CloudWatchEvent Properties: Pattern: source: - "aws.codepipeline" detail-type: - "CodePipeline Pipeline Execution State Change" - "CodePipeline Stage Execution State Change" - "CodePipeline Action Execution State Change" Monitor—pipeline dashboard
  • 51. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. DashboardFunc: Type: 'AWS::Serverless::Function' Properties: Handler: handler.dashboard_event Runtime: python3.6 CodeUri: ../app Events: DashboardEventRule: Type: Schedule Properties: Schedule: "cron(*/5 * * * ? *)" Monitor—pipeline dashboard
  • 52. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What we learned Autonomy • Achieved through continuous delivery and self- service • All infrastructure defined as code • All deployments done via a pipeline • Pipeline is triggered via commit • Only manual step is approve/reject • Use ServiceCatalog to enable self service
  • 53. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What we learned Governance • Achieved through self-service and monitoring • CloudFormation all the things • ServiceCatalog for CloudFormation governance • CloudFormation static analysis with cfn_nag • Cloud Custodian to assess and enforce compliance • Monitor pipeline metrics
  • 54. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Resources https://stelligent.com/dev332
  • 55. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you!