Skip to main content

index

Governance in the AWS Cloud​

In this lesson, you will review the following three AWS services that can help govern and enforce services and accounts to meet your company's requirements:

  • AWS Control Tower
  • AWS Service Catalog
  • AWS License Manager

If you want to enforce and manage rules across organizations and accounts for security, you can use AWS Control Tower.

AWS Control Tower​

AWS Control Tower is a service you can use to enforce and manage governance rules for security, operations, and compliance at scale across all your organizations and accounts in the AWS Cloud.

Benefits: AWS Control Tower can help you save time while providing governance. It uses preconfigured controls, which can help you to quickly set up multi-account environments, automation with built-in governance, and integration of third-party software at scale.

Use cases: Use AWS Control Tower to quickly deploy applications and provision compliant AWS accounts.

To learn more about AWS Control Tower features, choose each of the four numbered markers.

Control tower with a person at the dashboard, a factory making accounts with controls and the accounts are loaded onto a truck and delivered to a landing zone.

Dashboard The AWS Control Tower dashboard provides continuous oversight to see provisioned accounts across your enterprise. AWS Control Tower also has controls for policy enforcement and can help detect noncompliant resources.

Managing employee requests for new AWS services or resources can be time consuming, but you also don't want everyone guessing which type of services and settings should be used. That's where Service Catalog can help.

Service Catalog icon

AWS Service Catalog​

With Service Catalog, you can create, share, and organize from a curated catalog of AWS resources. You can deploy baseline networking resources and security tools for new AWS accounts so you can govern consistently.

Benefits: Service Catalog saves time by making it quick to find and deploy approved, self-service cloud resources. It also helps you stay agile while improving governance over resources across multiple accounts.

Use cases: Use it to provision resources across AWS accounts, apply access controls, and accelerate provisioning of continuous integration and continuous delivery (CI/CD) pipelines.

When companies move from on premises to the cloud, they must decide how to handle their software licenses. With AWS Bring Your Own License model (BYOL), they can use existing software licenses purchased directly from vendors, such as Microsoft, on AWS services like Amazon EC2 Dedicated Hosts and Amazon WorkSpaces. This can result in significant cost savings compared to purchasing licenses directly from AWS. By using BYOL with existing licenses in a cloud environment, you get flexibility and potential optimized costs. The service that helps you manage and govern your software licenses is AWS License Manager.

License Manager icon

AWS License Manager​

License Manager is a service that helps you manage your software licenses and fine-tune your licensing costs.

Benefits: License Manager helps with visibility and control, tracking and managing licenses, and reducing the risk of noncompliance with licenses.

Use cases: Use it to streamline license management and to simplify the Microsoft License Mobility through Software Assurance experience. You can also use it to automate the distribution and activation of software entitlements across AWS accounts for end users.

Managing software licenses can be time consuming, costly, and difficult to enforce. License Manager helps reduce the risk of noncompliance by enforcing license usage limits, blocking new launches, and using other controls.

Manager asking employee to see their license. Employee responds, β€œUm, I think I have one, but I can’t find it.”

To review the three governance services, choose each of the following flashcards.

  • AWS Control Tower A service you can use to set up and govern a secure, compliant, multi-account AWS environment based on best practices

  • Service Catalog A service you can use to create, share, and organize AWS services and resources from a curated catalog that you define

  • License Manager A service that helps you manage your software licenses and fine-tune licensing costs