Life is different in the Cloud
Working in the Cloud is a culture change from the IT Infrastructure of the past.
- How We Work Together in AWS
- Everyone is required to pass the baseline knowledge quiz to gain access.
- Flexibility is the name of the game. Use OITLABND to experiment and learn BEFORE building in production.
- When building a service in the cloud, we are not looking for a one size fits all, AWS is so flexible that all services will be different (look at services in isolation, rather than the big picture).
- Automation is key to builds, processes, and efficiency (Automation Operating Principles)
- Everyone is responsible for balancing performance, quality and cost in AWS
CloudFirst AWS Operating Principles
- Knowledge, skill, and certification enables access (baseline knowledge quiz)
- Philosophy of “Do and Review”, work with your peers, not in isolation
- Set up new features, functions, and processes in test first (OITLABND)
- Present them to IaaS Governance/Design Review Board (DRB) for confirmation
- Processes need to add value and protect the University and availability of services
- Don’t waste effort but don’t take unacceptable risks - remember, with broad power comes broad accountability
- Fail fast and learn
- All code/configuration items are stored in version control (Bitbucket)
- All approaches/standards/guidelines are published in ServiceNow Knowledge Base (Cloud First Documentation)
- All Service Offerings are in ServiceNow Business Applications
- All requests to get started in production (DCND) are in ServiceNow IT Requests
AWS Access
We use federated authentication with AWS.
- Login via awsconsole.nd.edu
- Choose the account & role you wish to use (If you only have one role you will be passed directly to the AWS Console)
- If you do not have permission to access AWS please fill out an AWS: Account Request
- OPTIONAL: After you have an account, if you require specific permissions fill out an"AWS: Federated role access" request
Practices & Guidance
- AWS Security Group Guidance for Practitioners
- Amazon IAM Implementation Guidance
- DNS use guidelines in AWS
- Network Design
- Separation of Duties in Production AWS Environment
- Review “AWS Shared Responsibility” model
- If applicable, including AWS Linked Account Owner Responsibilities
- Security Guidance
- Review AWS Operations Guidance
- Cloud First Documentation in ServiceNow Knowledge Base for all documentation to get up to speed
- Automation Operating Principles
- Public facing information we share with peers
- AWS Well Architected Framework
Training
- AWS Practitioner Essentials
- AWS ND Essentials Training (1 day)- AWS
- AWS Architecting (3 day) - Global Knowledge
- Advanced Architecting (2 day) – take this 6 months after AWS Architecting – practical experience - Global Knowledge
- Scripting - Ansible (Ansible), CloudFormation, Python, PowerShell, Lambda
- Git/BitBucket - Global Knowledge
- Linux OS - Linux Academy
- style="font-size: 11px;">Skillport AWS courses
- Sign in to Endeavor
- Click on Learning
- On the left-hand side of the page click on Skillport
- In the Search bar type in AWS
- Digital AWS Classes
- AWS Certifications
Online Resources
- Skillport - Free
- Linux Academy
- Tutorialspoint - Free
- Ansible - Free
- PluralSight
- Udemy
- AWS - Self-paced labs
- AWS - QuickLabs
More AWS Tips
- The OITLABND account is our test area.
- Sensitive data in the cloud - see policy
- IAM regulations - security groups, policies, mfa, service accounts etc. Check with your sponsor/mentor about agreements and latest guidelines.
- AWS Naming Conventions - The first tab is the naming standards and the second tab is the name units.
- AWS Cost Calculator - Document Cost of Solution
- ND-VPC Diagram (DCND)
- Ansible Scripting
- Oracle-Specific Ansible Scripts
- EBS volume encryption
- Oracle Database Cloud Hosting Strategy
- SQL Server Database Cloud Hosting Strategy
- Postgres Database Cloud Hosting Strategy
- MySQL Database Cloud Hosting Strategy
- Powershell
- Python on AWS
- Lambda on AWS
- Cloud Formation Scripting
- AWS Backup Approach
- Disaster Recovery
- Application Virtualization offered via Microsoft Remote Apps
- DNS Management