Governance

avatar
Created by
Kyle Dev

Cards (20)

  • AWS Organization allows the creation of new AWS accounts which centrally manage billing, control access, compliance, security and share resources across your AWS account.
  • Root Account User is a single sign-in identity that has complete access to all AWS services and resources in an account.
  • Organization Units are a group of AWS accounts within an organization which can also contain other organizational units which creates a hierarchy.
  • Service Control Policy gives central control over the allowed permissions for all accounts in your organization, helping to ensure your accounts stay within your organization's guidelines.
  • AWS Organizations must be turned on once and it cannot be turned off.
  • AWS account is not the same as User Account
  • AWS Control Tower helps Enterprises quickly set-up a secure, AWS multi-account. It provides you with a baseline environment to get started with a multi-account architecture.
  • Account Factory automates provisioning of new accounts in organization and standardize the provisioning of new accounts with pre-approved account configurations.
  • Account Factory allows you to create pre-approved baselines and configuration options for accounts in your organization.
  • Guardrails are pre-packed governance rules for security, operations and compliance that customers can select and apply enterprise-wide
  • Change management is when we have formal process to monitor changes, enforce changes and remediate changes.
  • Compliance-as-code (CaC) is when we utilize programming to automate the monitoring, enforcing and remediating changes to stay compliant with a compliance programs or expected configuration.
  • AWS Config is a Compliance-as-code framework that allows us to manage change in AWS accounts on a per region basis.
  • AWS Quick Starts are Prebuild templates by AWS and AWS partners to help deploy wide range of stacks.
  • Quick Start is composed of 3 parts:
    1. Reference to architecture of deployment
    2. AWS CloudFormation templates that automate and configure the deployment
    3. A deployment guide explaining the architecture and implementation in detail.
  • Tag is a key and value pair that you can assign to AWS resources to allow you to organize your resources in resource management, cost management and optimization, operation management, security, governance and regulatory compliance, automation and workload optimization.
  • Resource Groups are collection of resources that share one or more tags. It helps you organize and consolidate information based on your project and the resources that you use.
  • Business Centric Services:
    1. Amazon Connect - is a virtual call center service.
    2. Workspaces - is a virtual remote desktop services.
    3. WorkDocs - is a shared collaboration service.
    4. Chime - is video-conference service.
    5. WorkMail - is a managed business email, contacts and calendar service
    6. Pinpoint - is a marketing campaign management service. (Will show up on the exam)
    7. Simple Email Service (SES) - a transactional email service.
    8. QuickSight - business Intelligent (BI) service. (Will show up on the exam.
  • Pinpoint is a marketing campaign management service. It is for sending targeted email via SMS, push notifications and voice messages. You can perform A/B testing and create Journeys (complex email workflows) (Will show up on the exam)
  • QuickSight is a business Intelligent (BI) service. Connect multiple data source and quickly visualize data in the form of graphs with little to no programming language. (Will show up on the exam)