Written by Joern Barthel
Originally published on February 22nd 2021
Understanding what goes into a sensible AWS foundational setup is complicated, expensive and does not add value to our customers workloads. In this article we introduce the beginning of an Open Source solution to this problem.
Amazon Web Services (AWS) presents users with an intimidating landscape of hundreds of services. But almost none of these service can be understood in isolation and many services yield benefits to the platform as a whole in ways that do not translate their feature descriptions and official FAQs very well. The resulting picture is complicated enough for our customers workloads: getting software architecture right without getting lost in accidental complexity is hard enough as it is. But it is our firm belief that it shouldn't need experienced consultants to create a sensible and "foundational" AWS setup that enables our customers to start building their workloads in a Well-Architected manner.
With this thought in mind, we teamed up with our friends from superluminar, an AWS Advanced Consulting Partner in Hamburg, to build the first open-source landing zone setup that is also an official AWS Quickstart: superwerker! Out of the box, it currently supports the following features (some of them as optional, out-out features) with minimal upfront costs:
- Automated AWS Control Tower and AWS Single Sign-On (SSO) setup to enable the current best practices for multi-account setups, such as security and compliance guardrails
- AWS Security Hub for continuous monitoring of AWS security standards in all accounts, and the aggregation of findings in the Control Tower "Audit" account
- AWS GuardDuty continuous threat detection in all accounts, and the aggregation of findings in the Control Tower "Audit" account
- AWS Backup for all database types and opt-out for dev/test accounts
- Automated billing and budget setup with alerts for increased usage
- Service control policy based on integrity protection and common policies
- CloudWatch Dashboard as a "living" documentation for the Quickstart
- Unified workflow notifications using the AWS Systems Manager (SSM) OpsCenter
- Amazon Simple Email Service (SES) based Secure Root Email to consolidate the handling of all root emails for AWS member accounts - this will also enable future workflow such as the automated recovery of newly created member accounts
You can easily try out this Quickstart today by following the documentation on the homepage or by following the instructions on the homepage of the open-source solution. We will add more features in the next few months, more documentation and will focus on evolving superwerker into a true, off-the-shelf solution for building future proofed AWS platforms.
Interested in learning more about superwerker? Are you unsure if your organization will profit from it and need general guidance? You can join the conversation by joining our mailing list, the #superwerker Slack channel on the OG-AWS Slack (via it's invite link) and reaching out to firstname.lastname@example.org.
Our team of consultants is here to help you accelerate your AWS journey, and to keep your focus on your workloads instead of doing undifferentiated heavy lifting work on your Cloud platform. We look forward to working with you!
 AWS Periodic-Table: AWS Geek