Foundation
How have you implemented security and compliance services in your previous projects? Can you walk us through a specific example?
How do you design AWS accounts considering various factors such as organizational structure, business requirements, security, compliance, and cost optimization.
How do you ensure that all core AWS services are operating effectively and efficiently?
The design, development, and implementation of the core shared services, including network, security and compliance services, central AWS logging, account creation, SCP policies, and security standards. To accomplish these objectives, we established the AWS Landing Zone and AWS Control Tower as the foundation for the organization's cloud infrastructure, using the principles of least privilege and segregation of duties.
We created a secure, isolated network architecture using VPCs, subnets, routing, and security groups within the AWS Landing Zone.
Additionally, we set up the organization's accounts using the AWS Organization structure with consolidated billing. Furthermore, we implemented various AWS security services such as
· AWS GuardDuty and AWS SecurityHub to establish security controls and
· Splunk, Dynatrace (application Monitoring), and Zscaler (monitoring external traffic) for centralized logging and monitoring.
· Enterprise services such as DNS, AD, SSO, Bastion Host, and API Gateway were also established within the AWS Landing Zone to support the organization's requirements.
For Integration with On-Prem
· SailPoint, Established SSO with ADFS and Ping. AWS IAM Identity Center (successor to AWS Single Sign-On)
· Established MFA using DUO and Okta We segregated resources and applications by establishing separate AWS accounts for each stage of development, testing, and production, with appropriate access controls and security policies applied to each environment.
Established Transit gateway for any cross-account traffic and traffic to on Prem. And API Gateway inter applications
To summarize, in collaboration with other teams we established the AWS Landing Zone and AWS Control Tower, the use of the AWS Organization structure, consolidated billing, SCP policies, network setup and isolation, and segregation between dev, testing, and production environments provided a scalable, secure, and efficient approach to managing the financial organization's cloud infrastructure on AWS.
(Service Management/Enablement)
How did you estimate the operational budget for your application in AWS and if there was any cost overrun?
How did you approach Cloud Enablement and Governance to the AWS environment?
How did you approach enforcing security to obtain your ATO?
What were the advantages or disadvantages for the AWS platform you chose?
How did you approach connectivity to other entities that required access to your application?
How did you ensure open communications between the applications teams and their stakeholders.
Architecture and Patterns
What kind of published patterns are used in your past projects?
Did you publish any architectural patterns in your aws catalogue?
For scenario to migrate a on premise application to aws cloud for high availability, scalability, highly secure, highly reliable, high performance , resilient. What kind of aws architectural patterns, services do you suggest?
Tell us scenario where automation applied to create , maintain, and recover from failure of aws infrastructure in your past implementation.
How to provide cross account access?
Comments