This will the first in a series of blogs on user interactions with the Public Cloud platforms. I will try and provide both the enduser and the CXO perspectives in each of these articles.
To an engineer, getting the access to the AWS and Azure portal is equivalent to a kid getting access to toys that the kid had only dreamed about. Let’s look at only AWS today.
Every time, I see an announcement about a new and big VM type by their cloud vendors, my urge is to spin it up, access it and check the number of cores, RAM etc. It’s wasn’t so simple to get a VM with 32 cores and an insane amount of RAM with just a few clicks. While for a techie, this may be a dream, to the CFO or CIO, it is the beginning of a nightmare. These resources don’t come cheap, and if I forget to turn off the VM, then the CIO needs to be ready for a bill shock.
So, is there a way the CIO can guard himself from bill shock, while also give flexibility to his engineers.
Yes, there are a few ways of streamline AWS portal access.
Firstly, AWS provides you the ability to set a budget per account. As a CIO, you can be alerted when the usage nears or hits that budget number. More information is available at http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/budgets-managing-costs.html.
A second way is by putting a limitation on the types of resources, the sizes that can be created by a user. The CIO can restrict the user to only a certain type of instances, though not the number of these that can be launched. This along with the budget feature can help a CIO be in better control on what to expect from the next monthly bill. More information is available at http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ExamplePolicies_EC2.html#iam-example-region.
A third way is by defining policies that restrict the user to accessing only certain services on AWS, this could be based on job functions. More information is available at http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html.
In all these methods, the user still gets access to the full portal, but with some limitations.
Defining these and maintaining it in the AWS portal for all users in an Enterprise can be a cumbersome task, and it typically requires deep knowledge of AWS’s capabilities.
We make it easier to achieve these by creating a catalog item that can be offered via our Nuvelink platform https://www.nuvepro.com/nuvelink. These catalog items are custom created and managed by Nuvepro. Via these catalog items, the CIO can give the required level of access to his users / engineers. An additional advantage is that Nuvelink can be integrated easily with an Enterprise ITSM tool such as ServiceNow, making it easy and seamless to users.
You can reach us at firstname.lastname@example.org, to learn about Nuvepro can help a CIO provide users with a full portal access while also maintaining adequate control.