DEV Community

Cover image for Journey of Enhanced & Mindful Architecture - Part 3

Journey of Enhanced & Mindful Architecture - Part 3

Welcome to Part 3 of the enhanced solution design(s) - Management & Governance category

Requirement is to efficiently manage & maintain "Creation/Updation" of Resource Definitions in AWS accounts and below representation is a minimal illustration of one such use case(s). Ideally expecting Tag:Value in any resource that is created in an AWS account.

Part #3 solution break down:

1) Create a service control policy to each of the organizational unit(s), as accordingly.
2) Tagging policies are again rules/permissions defined w.r.t tag:value expected or allowed for resources
3) Now, attach the Tagging & SCP policy against the OU under the AWS Organizations. This will together enforce Tagging strategies enforcement for resources and SCPs will ensure the compliance of tags on resources
4) Advantage is that different OUs can have different policies/scp attached as per the environment or account perspective

Solution Design for this scenario:

Image description

Benefits around this solution:

1) Centralized operation, control & execution; There is only one SCP to amend for many accounts under an OU, which is much simplified solution
2) Easy customization as per the requirement for each OUs, for example, DEV, Security, Sandbox etc
3) There aren't any SCPs or policies at individual account level, it is rather retained at OU level
4) If required, a detailed fine grained policies for tags can be defined at individual user/role/group level

If the organization has AWS accounts more than tens or hundreds then obviously they would have been grouped/classified with AWS Organizations and organizational units. This is a most promising way to enforce tagging for organizational units.

As promised, there is yet another part to be shared to finish this series and hence hold on !!

Part #1: Link
Part #2: Link

Do your career a big favor. Join DEV. (The website you're on right now)

It takes one minute, it's free, and is worth it for your career.

Get started

Community matters

Top comments (0)

Create a simple OTP system with AWS Serverless cover image

Create a simple OTP system with AWS Serverless

Implement a One Time Password (OTP) system with AWS Serverless services including Lambda, API Gateway, DynamoDB, Simple Email Service (SES), and Amplify Web Hosting using VueJS for the frontend.

Read full post

👋 Kindness is contagious

Engage with a sea of insights in this enlightening article, highly esteemed within the encouraging DEV Community. Programmers of every skill level are invited to participate and enrich our shared knowledge.

A simple "thank you" can uplift someone's spirits. Express your appreciation in the comments section!

On DEV, sharing knowledge smooths our journey and strengthens our community bonds. Found this useful? A brief thank you to the author can mean a lot.

Okay