AWS Cloud Foundation Series, part 1: Introduction


How to set up a solid AWS Cloud foundation for your organization

Scenario: All stakeholders for your project are convinced you need to use AWS as a cloud provider for your projects, and it’s finally time to start. Jumping into the world of AWS can be daunting. Where do you start?
Like many problems in IT, the answer might be: “It depends”. It depends on what your business is and what functionality of the AWS Cloud can help achieve your business goals in the most efficient, cost-effective, and secure way.

In this blog series, we look at a part of AWS Cloud that does not “depend” on your specific organization (at least not as much). Regardless of what kind of organization you will be running on the AWS Cloud, there are certain capabilities that you should strive to have in place to create a solid cloud foundation on AWS.

Establishing these capabilities will allow you to run your AWS workloads in an efficient, secure, reliable, and cost-optimized way from the start. Many organizations just start in the cloud without these considerations and end up having to invest a lot to migrate their existing workloads to a certain state to achieve a better cloud posture. This can be avoided by setting up a good cloud foundation from the start, and these capabilities can give you a guided way to achieve that.

AWS itself has created a capability-based approach to create a cloud foundation, however it is not easy to find and contains many pages.

There is also the Cloud Adoption Framework which overlaps with this approach and will be leveraged from time to time during this series, however, it also contains even more information that might be overwhelming.

Who is this series for?

  • Startup or bigger: This series is for you if your organization is at the startup level or bigger. If you want to get your feet wet and try out some AWS functionality, then you might be here too early.
  • Already decided to use AWS: This blog series assumes that you have already decided to use AWS as a cloud provider. The blog series will not attempt to convince you of the benefits of Cloud computing or AWS as a cloud provider.
  • Minimal AWS Cloud presence: If you have yet to start your AWS journey or are not that far yet, then you are just in time to follow the steps of this series. If you have already been working in AWS for a while and are already operational, you can still follow this series to gain insights on the several capabilities, however, I also suggest conducting a Well-Architected Review of your workloads and use the results there to improve your AWS cloud posture.

A capability-based approach

AWS has defined a set of capabilities and an order in which to develop these capabilities for your organization to create a solid cloud foundation on AWS.

A capability has a definition and contains scenarios, guidance, and supporting automation to achieve the capability defined. These capabilities can help you plan, implement, and operate your workloads on AWS. These capabilities not only contain technology considerations but also people and processes. Examples of capabilities are “Identity Management & Access Control” and “Observability”.
The capabilities that AWS has defined for a solid cloud foundation are split up into six categories and can be found in the following diagram:

These are capabilities that will apply to any organization running in AWS regardless of the functionality that is being built. This blog series will go through how to best set up these capabilities.

Working with capabilities

To work with these capabilities, we must also first define capability owners and stakeholders. To make this process easier, AWS has defined six functional areas, each having one owner. The owner of the primary functional area will be responsible for realizing the capability.

AWS defines the following functional areas:

One owner should be assigned to each of these functional areas. If your company is not that big yet, the same person may take on the role of owner for multiple functional areas. More on this is covered in the second part of the blog series about “Governance“.

A guided path to a solid Cloud Foundation

Now that we know what capabilities and functional areas are and we have assigned owners to each functional area, how do we start? To start, AWS has created a dependency graph indicating which capabilities are dependent on each other:

For example, if we want to begin with the “Encryption & Key Management” capability, we first need to start with the “Identity Management & Access Control” capability.

However, looking at this dependency graph there are still many ways and order to traverse it. AWS has also provided a timeline which you can find here. However, it is not that easy to read. The first 5 capabilities that should be worked on, based on this timeline, are:

  • Governance
  • Identity Management & Access Control
  • Log Storage
  • Tagging
  • Network Connectivity

Up next: The Governance Capability

This blog re-introduced a capability-based approach to creating a solid AWS Cloud Foundation. In the next blogs of this series, we look at the very first capability to start your journey with: Governance. We look at the AWS definition while tapping into the experiences at Luminis to give the best advice on this capability.

The blog series continues by following the timeline presented by AWS. At the end of this series, you should understand what is necessary to create a solid AWS Cloud Foundation. This allows you to run your AWS workloads in an efficient, secure, reliable, and cost-optimized way.