- Any person or team requests an AWS account and it is available in minutes
- Accounts are configured with security best practices by default, and remain compliant
- Everything anyone does on the account is tracked, and can be monitored
- Teams change, resulting in changes to access to AWS. People change roles, resulting in changes to access to AWS
- Such changes are reflected quickly, in terms of corresponding access and permissions on AWS accounts, for any number of AWS accounts and users
- Users that are responsible for financial control for some set of AWS resources have visibility to cost and usage information for the corresponding AWS accounts (and only those accounts)
- (Regardless of who pays for consumption on the account,) users are both aware of practices for responsible usage of resources, and able to act upon such guidelines
- the prescriptive approach:
- Only specified products can be deployed
- Resources that are not in use are de-provisioned
- the normative approach:
- Standard products are available, users may customise these further, and extend these with new kinds of resources
- Users have access to accounts that allow them to experiment broadly
- the prescriptive approach:
- Resources not in use are de-provisioned. Users publish some metric that indicates when resources are in use.
- It is easy and straightforward to use versioned "products" for my needs, these products are being improved over time to take advantage of best practices