DEV Community

Cover image for Journey of Enhanced & Mindful Architecture - Part 3

Journey of Enhanced & Mindful Architecture - Part 3

Welcome to Part 3 of the enhanced solution design(s) - Management & Governance category

Requirement is to efficiently manage & maintain "Creation/Updation" of Resource Definitions in AWS accounts and below representation is a minimal illustration of one such use case(s). Ideally expecting Tag:Value in any resource that is created in an AWS account.

Part #3 solution break down:

1) Create a service control policy to each of the organizational unit(s), as accordingly.
2) Tagging policies are again rules/permissions defined w.r.t tag:value expected or allowed for resources
3) Now, attach the Tagging & SCP policy against the OU under the AWS Organizations. This will together enforce Tagging strategies enforcement for resources and SCPs will ensure the compliance of tags on resources
4) Advantage is that different OUs can have different policies/scp attached as per the environment or account perspective

Solution Design for this scenario:

Image description

Benefits around this solution:

1) Centralized operation, control & execution; There is only one SCP to amend for many accounts under an OU, which is much simplified solution
2) Easy customization as per the requirement for each OUs, for example, DEV, Security, Sandbox etc
3) There aren't any SCPs or policies at individual account level, it is rather retained at OU level
4) If required, a detailed fine grained policies for tags can be defined at individual user/role/group level

If the organization has AWS accounts more than tens or hundreds then obviously they would have been grouped/classified with AWS Organizations and organizational units. This is a most promising way to enforce tagging for organizational units.

As promised, there is yet another part to be shared to finish this series and hence hold on !!

Part #1: Link
Part #2: Link

Image of Datadog

How to Diagram Your Cloud Architecture

Cloud architecture diagrams provide critical visibility into the resources in your environment and how they’re connected. In our latest eBook, AWS Solution Architects Jason Mimick and James Wenzel walk through best practices on how to build effective and professional diagrams.

Download the Free eBook

Top comments (0)

Best Practices for Running  Container WordPress on AWS (ECS, EFS, RDS, ELB) using CDK cover image

Best Practices for Running Container WordPress on AWS (ECS, EFS, RDS, ELB) using CDK

This post discusses the process of migrating a growing WordPress eShop business to AWS using AWS CDK for an easily scalable, high availability architecture. The detailed structure encompasses several pillars: Compute, Storage, Database, Cache, CDN, DNS, Security, and Backup.

Read full post