No more Excel Forms! Easily create an AWS account with Account Factory（もうExcel申請書はやめよう。Account Factoryを使ってAWSアカウントを簡単に作ろう）

Transcript

1. No more Excel Forms! Easily create an AWS account with

   Account Factory

2. Takao Hojo • Senior Technical Engineer , Alliance Lead for

   AWS@ NRI • AWS APN Top Engineer 2019 - 2021 • Favorite AWS Services ✓Systems Manager ✓Service Catalog ✓Control Tower I like services that make daily operations easier.

3. What is NRI? • NRI (Nomura Research Institute, Ltd.) was

   one of the first companies in Japan to be certified as a Premier Consulting Partner, and has continued to be certified as a Premier Consulting Partner for 9 years. • NRI holds 5 competencies, the most of any partner in Japan.

4. What I want to talk about today • I want

   to tell people who have heard of service catalogs or who are hearing about them for the first time that service catalog is useful. • Can we stop with the Excel application forms already? • I think Service Catalog and Control Tower can make it happen!

5. Issue • Common things in managed services in Japanese enterprise

   companies.

6. Common things in managed services • When users want to

   procure AWS accounts, they need to apply using an Excel form. Difficult Excel Files Lead time 5 business days User IT Service desk It's faster to create own AWS account. Manual operation or partial automation

7. Common things in managed services • On the other hand,

   service desk is plagued with a high volume of applications, urgent requests, and unformatted entries. Lots of applications Lots of users IT Service desk : : There are too many to meet the deadline of 5 business days.

8. Common things in managed services • On the other hand,

   service desk is plagued with a high volume of applications, urgent requests, and unformatted entries. IT Service desk Manager ASAP!

9. Common things in managed services • On the other hand,

   service desk is plagued with a high volume of applications, urgent requests, and unformatted entries. IT Service desk user Unformatted files We can’t accept this.

10. Common things in managed services • These issues are caused

    by the fact that humans are working on them. • Let the AWS control tower and AWS service catalog work for you! User IT Service desk New Account Service Catalog Control Tower Account factory Operation Fast delivery Just checking

11. security security What is Control Tower? • Control Tower is

    a service that can enforce account security settings and SSO for multiple accounts. Management Account Security account Organizations Control Tower Security OU security security Tenant account Tenant OU AWS SSO Account Baseline Account Baseline Permission control by SCP Cloudtrail and other log aggregation Distribute Config Rules to each account

12. What is Account Factory? • Account Factory is a feature

    of Control Tower. It is a feature for creating a new AWS account. You can specify a few parameters and it will create a new account with an Account Baseline configured. • Account Factory can be registered as a portfolio in Service Catalog Control Tower New Account ・Account Email ・Account Name ・Organization unit ・AWS SSO Email ・AWS SSO user name This account will be created with the account baseline set.

13. What is Service Catalog? • AWS Service Catalog is a

    service that allows users to easily deploy CloudFormation stacks registered by administrators as products. IT Admin Cfn Stack Create products User Linux Web Win Web Win File Svr : : Choose and Deploy Products Service Catalog

14. What is Service Catalog? • From the administrator's point of

    view, it is possible to run a specific CloudFormation stack registered as a product, which gives you control. • From the user's point of view, they can deploy resources such as a "web server" without much knowledge of AWS, so they can focus on development.

15. Account Factory can be used from the Service catalog •

    Account Factory is registered as a Service Catalog product, so users can create new accounts on their own. • The account created by Account Factory is created as a Control tower managed account, so the account baseline is set and Single sign-on by AWS SSO is possible.

16. Let’s try • From here, we will actually register Account

    Factory as a Service Catalog product and launch it with Service Catalog end user privileges. IT Admin Create products User Account Factory Deploy new account Products Control Tower Account Factory Service Catalog

17. Let’s try • If you look at the portfolio from

    the Service Catalog management console, you will see the "AWS Control Tower Account Factory Portfolio".

18. Let’s try • If you look at the details, you

    will see that Account Factory exists under "Products". • Don't forget to authorize IAM to launch Account Factory from the “Groups, Roles, and Users” tabs.

19. Let’s try • In the Service Catalog menu, select "Products"

    on the end-user side. • After selecting Account Factory, press "Launch product" in the upper right corner to enter the parameters. (1) (2)

20. Let’s try • There are six parameters that can be

    specified. AccountEmail is the key item, and if AccountEmail does not exist, the action is to register a new account, and if AccountEmail already exists, the action is to update the account.

21. Let’s try • I launched Account Factory and tried to

    see how long it would take to create an account. • I received an account creation completion email in about 10 minutes, and then probably started provisioning Control Tower, which was completed about 30 minutes later when I received an AWS SSO registration email. Create Account Provision Control Tower Register AWS SSO About 10 minutes About 20 minutes

22. Account Factory is your partner in managed services. • The

    IT service desk is freed from the most time-consuming account creation process. • Users will not have to wait for many business days. • And thanks to Control Tower, we have more control over our accounts. User IT Service desk New Account Service Catalog Control Tower Account factory Operation Fast delivery Just checking

23. Account Factory is your partner in managed services. • When

    the service desk can use the time freed from manual work to create a portfolio, it can use the time to move from routine operations to creative development work. • I'd like to keep improving the management of managed services to reduce manual work.