DevSecOps in Cloud : Chapter — 1: Environments and Accounts

The intent of this DevOps series is to follow up and expand on a high level blog I wrote earlier. It is also to list and crystallise ideas which are specific to the DevOps thought-process in a cloud environment, specifically AWS.

Having worked for number of years around this space, I thought it would be useful to have it documented so people can reference something that is tried and tested and adapt it to their needs, while also help in refining this blog as we go along to make it more useful for others. Obviously not all the ideas presented here are my own. I have learnt a lot from others and this is a consolidated view of ideas and concepts.

Environments

In a typical project you would the need dev, uat and prod environments. Each environment is ideally isolated from each other so applications can be tested in a clean state. It also keeps the landscape neat.

In cloud, we look at each environment as an isolated account to clearly demarcate territory. It also helps in controlling access to resources on a need-to basis. The pattern below is one I have used in a number of projects because it works quite well. You can have multiples of these for each application stack.