Skip to content

Latest commit

 

History

History
16 lines (15 loc) · 1.44 KB

dream.md

File metadata and controls

16 lines (15 loc) · 1.44 KB
Raw
  • Any person or team requests an AWS account and it is available in minutes
  • Accounts are configured with security best practices by default, and remain compliant
  • Everything anyone does on the account is tracked, and can be monitored
  • Teams change, resulting in changes to access to AWS. People change roles, resulting in changes to access to AWS
  • Such changes are reflected quickly, in terms of corresponding access and permissions on AWS accounts, for any number of AWS accounts and users
  • Users that are responsible for financial control for some set of AWS resources have visibility to cost and usage information for the corresponding AWS accounts (and only those accounts)
  • (Regardless of who pays for consumption on the account,) users are both aware of practices for responsible usage of resources, and able to act upon such guidelines
    • the prescriptive approach:
      • Only specified products can be deployed
      • Resources that are not in use are de-provisioned
    • the normative approach:
      • Standard products are available, users may customise these further, and extend these with new kinds of resources
      • Users have access to accounts that allow them to experiment broadly
  • Resources not in use are de-provisioned. Users publish some metric that indicates when resources are in use.
  • It is easy and straightforward to use versioned "products" for my needs, these products are being improved over time to take advantage of best practices