Chapter 30. Essentials of Modern Cloud Governance
Derek Martin
There are four essential elements to consider when developing a governance structure for your cloud journey. Failure to address these points frequently leads to a variety of pains that are difficult to undo. These four elements are as follows:
-
Subscriptions matter.
-
The network has to come first.
-
Security is essential.
-
Automation is required.
Subscriptions Matter
The fundamental container of resources in Azure is the subscription. How many subscriptions do you need? Start with three and grow beyond that based on these conditions:
-
Subscription capacity is exhausted.
-
Acquisition and ownership (not just management) of Azure resources takes place in multiple geographical/political/regulatory jurisdictions.
-
The “thing” being deployed to Azure is part of your company’s “cost of goods sold.”
This works for most companies. The first subscription is Production, where no standing security access exists (except for your CI/CD runners) outside of Reader roles. The second is Not Production. This subscription is where coordinated nonproduction tiers exist (Dev, Test, Int, Stage, PreProd), with an increasing security posture as the tier level approaches production. The third is your Hub subscription, where core networking, ExpressRoute circuits, etc. ...
Get 97 Things Every Cloud Engineer Should Know now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
