Workload Isolation
Use Case: Isolate your workloads and environments to improve reliability, security and compliance.
Workload isolation is a key component of building a robust, reliable, and secure application. The one true unit of isolation in AWS is the account. This is why Substrate makes it so easy to manage multiple AWS accounts. Additionally, security frameworks such as SOC2 require some level of isolation, especially between development and production environments.
Substrate was designed to easily give you as much isolation as your application requires.
Challenge: Improving reliability and security by isolating workloads
Solution: Use multiple AWS accounts and environments
With isolation by account and environment, there’s more assurance that a change to one service doesn’t unintentionally change or impact another service. By making changes one environment or account at a time, engineering teams are able to move faster without fear that a large change will have unintended consequences.
Applications with sensitive customer or financial data can be set up in their own account or environment. Teams with different needs can have their own accounts. This level of isolation can also reduce the risk that a security incident in a less sensitive system spreads to sensitive customer data.
Challenge: Creating and managing multiple accounts and environments is complex and having them work together seamlessly is hard
Solution: Substrate manages accounts, networks and roles
Substrate creates AWS accounts and environments with a single command, and handles all the details for you. You can create separate environments such as production, staging, and development. Each environment can be made up of multiple AWS accounts to neatly separate your applications. Substrate will do all the CIDR math and automatically configure shared VPCs and VPC peering per environment to ensure your applications or services talk within the same environment, and different environments, such as production and development are isolated.
Challenge: Tracking cloud costs and attributing them to teams, applications or business units
Solution: Accounts per application, product, or team
Create accounts and environments per team, application or product. With well scoped accounts you can easily use AWS Cost Explorer to view and analyze costs by account to ensure your business is operating efficiently, or find where to focus cost optimization efforts.