The Benefits
AWS-Multi-Account Structure for Separation of Access Rights
Use AWS Control Tower and AWS Organizations to implement centrally managed security and compliance policies to enforce KRITIS security requirements for all created resources. AWS Account Factory ensures that centrally created AWS environments within the organization comply with defined security and compliance rules. It can also be used to enable internal standards for each account via IaC. This solution also enables centralized financial management and billing.
Centralized IaC Template Management via AWS Service Catalog
Centrally managed IaC templates are made available through the AWS Service Catalog. These can be integrated when creating a new AWS account via the AWS Account Factory. Member accounts can later automatically create and delete required AWS resources through a defined product portfolio. Centralized provisioning of IaC templates ensures that only resources that meet internal compliance requirements are created.
Define and Automate security standards
To comply with KRITIS-required security rules, AWS GuardRail rules are activated through the AWS Control Tower and AWS Organizations and centrally rolled out to all created AWS accounts. AWS Service Control Policies are also centrally managed and used to define which AWS services can be used in which regions for the created accounts.
PROTOS Workshops and Trainings
PROTOS provides support through workshops and training sessions to work with the customer to find and implement a customized solution that meets current security requirements. We use agile methods to monitor and organize the continuous progress of the implementation and the entire project.
