As enterprises increasingly manage their cloud environments across multiple accounts, AWS has responded with features...
to address the complexity of those designs.
AWS CloudFormation, Amazon's infrastructure-as-code offering, this week added StackSets to manage changes across regions or accounts. That comes a month after the monitoring service CloudWatch Events added cross-account support, too. These AWS automation developments reflect a change in how IT organizations utilize the cloud, particularly as enterprises and other large users establish governance controls across hundreds of accounts.
A business could require separate accounts to parse development, testing and production for each application, or to distinguish between business units or staff members. In any case, multiple accounts create complexity, especially if companies want consistency across access, security, configuration, logging and Virtual Private Clouds (VPCs). With these AWS automation updates, customers can turn to an administrator account to set resource configurations and create a baseline across accounts and regions.
This update will certainly be helpful for enterprises that want to segregate nonproduction and production workloads, said Jeff Aden, co-founder and executive vice president of strategic business development and marketing at 2nd Watch Inc., an AWS managed service provider.
"Many of our large accounts have hundreds, if not thousands, of accounts they want to share resources across," he said. "This will keep them from having to repeat a lot of the tasks hundreds and hundreds of times."
The CloudFormation update in particular has been a common feature request from an operational standpoint, Aden said. 2nd Watch also created some of its own AWS automation tools to work around the problem of segregating workloads.
Automate for consistency, security
These updates, including the CloudWatch Events change targeted at complex security models, are part of a broader strategy to extend AWS automation deeper into its customers' workflows. Earlier in 2017, Amazon added automation features to Elastic Compute Cloud Systems Manager, and the company continues to build out higher-level services, such as AWS Lambda, that free systems administrators from many mundane activities.
"This is really making AWS more enterprise-friendly, so IT operations can have more of a global view of the resources they are using and the ability to manage across multiple AWS accounts," said Jeff Kato, an analyst at the Taneja Group, in Hopkinton, Mass.
David Luckydirector of product management, Datapipe
CloudFormation users build templates to pull in resources for application development with automation to remove manual errors and maintain consistency. This latest update could serve as another reason for customers to go with CloudFormation rather than some of the popular third-party tools on the market, such as Ansible, Chef, Puppet and Terraform.
David Lucky, director of product management at Datapipe Inc., a hybrid IT company in Jersey City, N.J., sees the potential to use this tool for its CloudFormation VPCs or standardized management of its library of templates.
"This might be a clearer way to manage environments, so we're pretty excited about it," he said. "It gives a consistent approach and control and flexibility in using CloudFormation."
Thales, a cloud security firm based in France, uses CloudFormation for its client-side encryption service for Amazon Simple Storage Service (S3). StackSets could potentially strengthen the regional controls in CloudFormation StackSets to establish fault tolerances and configure orders of priorities to respond when services go down, said Charles Goldberg, senior director of product at Thales.
Native tools that can automate template rules and best practices also could help prevent the types of high-profile security scares that have been in the news lately, wherein companies have left S3 buckets exposed to the public internet, Goldberg said.
The only possible downside is that this tool is limited to AWS at a time when enterprises want overarching controls for their deployments spread across multiple clouds, he added.
Trevor Jones is a news writer with SearchCloudComputing and SearchAWS. Contact him at email@example.com.
Consider workloads in container automation
Combine AWS and PowerShell in automation
Use AWS automation to take the wheel