- Unlimited Leave
- Posts
- Let's try this again. Fast is slow. Slow is fast.
Let's try this again. Fast is slow. Slow is fast.
Content poll and early access to community.
Ross Wickman
February 17, 2023
Good day. This is Unlimited Leave, the AWS Governance and Management Newsletter that sometimes waits until the last minute to publish the issue.
Last week’s email was littered with typos. I apologize. This week is being sent in hast as well. I’ll try to do better. Real work comes first, and like most of you, I’m drowning in it at the moment.
There is nothing like reverse engineering a bunch of Terraform Submodules that are nested on multiple levels, just to deploy a couple of VPCs. This is just one of the many complications of M&A.
This week's topics
Poll for product
Community
2 blah announcements
Poll for Product
In last week’s issue, I put out a poll asking if you would be interested in some content if I put in the time to create it. It will definitely require some time. In addition, a new AWS Organization deployment, child accounts, and more.
So far the response is promising. However, I noticed the poll looked terrible on mobile so I am re-sharing it here to see can get a few more votes.
Sadly, since the poll was submitted last week, I cannot change the style, so if you are viewing it on mobile still, please be sure to select an option. They are separated by a pipe ‘|’.
I’d like to see at least 35% or more of your response to the poll.
Here is a refresher on some of what the content will cover.
Module 1: New Organization
While a new organization isn’t required, I’d walk through how to set up a new one or the steps to modify an AWS Organization for proper management.
Topics Include:
Email/Root Account Management
Initial Control Tower Deployment
Home region selection
Initial Controls
Module 2: Authentication
Configuring AWS Identity Center
Using External IDP (Azure, Okta, etc.)
Permission Set Management
Module 3: Delegated Administrator Configuration
The configuration and delegation of administrative access to core services like:
CloudFormation StackSet
Security Hub
GuardDuty
Identity Center
Service Catalog
Module 4: Customizations for Control Tower (CfCT)
The Process for bootstrapping and baselining configuration of the CfCT Solution
Deploy CfCT
Initial manifest configuration
StackSet Resource Deployment
SCP Deployment
Module 5: Account Factory for Terraform (AFT)
The process for bootstrapping and baselining configuration of the AFT Solution
Configure AFT Management and Repos
Deploy new accounts with
Account Request ModuleDeploy Account level and Global Customizations
Using AFT to set and reset drifted account configuration and details
Module 6: Service Catalog Portfolio
Creating, sharing, and deploying standard solutions through the use of a shared Service Catalog Portfolio
Central resource storage (S3) for Organization Access
Delegation of Portfolio
Providing Access
Enabling Developers
Module 7: Baselining Security Posture
Use foundational resources to close or acknowledge open AWS Best Practice checks and set a baseline security posture.
Close or disable global Security Hub Checks
Configure and deploy AWS Config Rules and/or Conformance Packs
Set up proper prioritization, alerting, and notification of non-compliant resources.
Community
This type of content requires some sort of community management solution. Based on the initial poll responses, it looks like this is going to happen to some degree or another.
The benefits of being on this newsletter and early adopters of the content and other material will very much be rewarded with early access to the modules as they are created as well as other perks.
If you know anyone else that may find this content of value, please forward them this email and get them to subscribe. 👇
Announcement(s)
Nothing Crazy here: