从被动应对到主动出击：基础设施治理的设计理念.pdf

《从被动应对到主动出击：基础设施治理的设计理念.pdf》由会员分享，可在线阅读，更多相关《从被动应对到主动出击：基础设施治理的设计理念.pdf（11页珍藏版）》请在三个皮匠报告上搜索。

1、 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.C O P 3 5 2From Reactive to Proactive:Infrastructure governance by designDavid KillmonHe/himPrincipal Software EngineerAWSSefi AvrechHe/himSenior Solutions Architect

2、,Public SectorAWS 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Provisioning and managing IaCCodeCommitGit push/PRExecute CI/CDtest and deploymentResources provisioned through CloudFormation1234 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.The increasing ro

3、le of deployment safety Developers are moving faster than ever GenAI is supercharging IaC development Guardrails are critical in enabling speed,while ensuring safety 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Introduction to CloudFormation HooksShift Left proactive controlsCl

4、oudFormationTemplates+assetsCloud assemblyAWSresourcesRegistered HooksCloudFormationHooksFail 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Use case#1:Prevent non-compliant resource provisioningSecurity professionals and CCOEs want to enforce preventative controls without disrup

5、ting developer agility.For example,production accounts should never have unencrypted Amazon S3 buckets.TemplateHook result 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Use case#2:Prevent accidental operation impactsOperational impacts often happen by making configuration mistak

6、es.Prevent impacts by evaluating prior resource configurations against“to-be”configurations.Original templateHook resultChange set 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Use case#3:Drive cost governance and best