delivery - cirelledo-csa/herd GitHub Wiki

Product delivery in AWS

How do we promote development work to "production" aka product delivery?

Teams create release candidates starting in shared team development accounts and create intermmediate environments that allow us to promote development efforts to "production".

Hun?! What does this even look like?!

  • tl;dr humans -> code repository <- automation -> resources

More details on secure cross account application delivery scheme Another variation is this enterprise cicd

What is a Non-Production account?

  • Production Data can never be hosted in a Non-Production Account.
  • A single account shared by a product team used to develop their product(s).
  • Product team members have ADMIN rights in dev accounts!
  • With great power comes great responsibility!
  • Pay attention to cost!
  • Pay attention to security!
  • Clean up after yourself!
  • Pay attention to exclamation points!
  • Having a hard time cleaning up? infrastructure as code is your friend.
  • Not sure about what you're doing? ask for guidance. Ask your peers, Ask AWS.
  • generally you should restrict access to your proof of concept efforts to our on prem network
  • Creating security group ingress 0.0.0.0/0? Don't do it!
  • Don't know what something means? ask!
  • This is a lot of shouting, how do we enforce this?!

Who manages a Non-Production account?

  • Shared responsibility between Cloud services and product teams.

What services run in a Non-Production account?

  • Whatever is needed for Product teams to develop their Products.

How do we determine the services required to develop a Product?

  • Cloud services and product teams work together to determine spec

What is a Product account?

  • Production Data can only be hosted in a Product Account.
  • Dedicated account for production endpoints of a product.
  • Product and Operations team have limited/read-only role.
  • Cross account role allows a build service to deploy and configure resources in Product accounts.
  • legacy products may require humans with elevated roles to operate resources
  • net new products should not require humans with elevated roles to operate

Who creates cross account roles and how?

  • Cloud services and product teams work together to determine spec

Who manages a Product account?

  • Cloud services team

What services run in a Product account?

  • Whatever is required of the product

How do we determine the services required to run a Product?

  • Cloud services and product teams work together to determine spec