Reviews and consultancy objectives
How well protected are your information systems and applications? Where is your business exposed and what is the level of risk?
Validation
Validation of all AWS platform components with desired configurations to run production platform with focus on best practice, well-architected framework, and performance.
Analysis
Detailed technical analysis of all AWS platform components (capacity, demand, and utilization review) and prepare technical documentation and improvement/refine framework.
Leadership
Providing Systems, Infrastructure and Architecture leadership.
How well protected are your information systems and applications? Where is your business exposed and what is the level of risk?
General scope to review your overall infrastructure against best practices and the Well-Architected framework:
- AWS Well-Architected review
- AWS performance tuning
- AWS cost review
- AWS security review
- Improving your software pipeline
- Understanding and optimising for SLOs
- Targeted review to solve a problem or assess specific issues
- Optimising to match business priorities
- Account set up
- Account creation best practices and user provisioning to enable secure but efficient service procurement and configuration.
- Identity and access management
- Enable MFA for all root accounts
- Ensure [AWS] users are provisioned in an [AWS] org and have necessary privileges to accounts
- Enable MFA for all IAM-user accounts
- Integration with SSO or Active Directory
- Installation and configuration of AWS Directory Service for centralised credential management
- Architecture design review
- Defining optimum infrastructure/cloud services to suit application requirements
- Ensuring your application is deployed correctly for cloud services
- Enhancement performance
- Best practices for security
- VPC architecture
- VPC enabled using standard cloud configuration
- Security group (firewall) and ACL review and implementation
- Specific routing, bastion hosts, ingress and egress points
- Direct connections and/or VPN gateways
- Management VPC for enhanced security
- Resilience and scaling
- Design for high-availability — e.g. load-balancing, DNS and database replicas, auto-scaling groups
- Design for scalability — e.g. load-balancing, DNS and database replicas, auto-scaling groups, scaling thresholds, database sharing and optimisation, microservices deployment
- Design for multi-region — e.g. low-latency routing, data replication
- Log aggregation, monitoring and reporting
- Centralised logging of all cloud/infrastructure activity
- Collection of centralised logging of all application and host activity
- All log and audit data in a centralised and accessible platform for analysis, to deliver insights on business data