Our mission is to help you succeed today in AWS using our proven, turnkey AWS blueprints for terraform. It's like buying a prefab house; you'll know exactly what you're getting and can customize it because you own it. Why start from scratch when you can have it today?

Cloud Posse is a DevOps Accelerator. We help you implement our blueprints leveraging our AWS reference architecture for terraform. Your team will move faster with less risk and more predictability when you follow our process. Our AWS blueprints for terraform are ready-to-go templates for the most common architecture patterns. We can customize any delivery with professional services or build and implement custom architectures as part of our Enterprise DevOps Accelerator track.

Everything we deliver leverages our Open Source (aka free) terraform modules, so no ongoing license fees or strings are attached.

We build only what customers need and do it in a way developers love. That's why we've spent the better part of the past 8 years building our AWS reference architecture for terraform to support countless use cases working exclusively with some of the hottest venture-backed startups that have collectively raised nearly 3 billion dollars. You could say this has given us a type of clairvoyance and the ability to anticipate customers' needs based on their pains.

Our solutions are implemented as part of our service offerings

Our Jumpstart track is our fastest implementation.

We create and deploy all configurations using our recommended defaults for the Cloud Posse Reference Architecture for AWS with terraform. It's entirely up and running within 2-4 weeks. Includes access to our documentation, shared workshops for customers, and support via Slack. You can add a support retainer or use professional services to customize the solution as much as you need.

If you have a competent team but need something done quickly for you and have fewer opinions on every design decision that goes into building your AWS infrastructure, then our Jumpstart track is ideal for you.

Our Bootcamp track is our most affordable solution.

We hand you all the configs with our recommended defaults. It is entirely based on our AWS Reference Architecture for terraform. You deploy it with your team. Work at your own pace. Includes access to our documentation. Ask for help during our shared workshops for customers or via Slack.

If your team has the time and is highly knowledgeable on Terraform and AWS, then the Bootcamp track may offer the highest value.

The Enterprise track is our most customizable solution.

We build and deploy your infrastructure using our AWS Reference Architecture for terraform together with your team from the ground up—with weekly check-ins and updates. You team will be assigned Homework assignments and have access to Company Workshops to train with our engineers through pairing sessions. We handle all technical project management and follow our proven, repeatable project plan to ensure successful delivery everytime. As part of this engagement, we revisit every design decision of well-architected infrastructure. If you're subject compliance requirements, we'll deploy the Foundational Security & Compliance pillar and remediate any findings. We'll assist with migration of any workloads and customize anything as needed.

If you want to level up your team or are very interested in reviewing every design decision of well-built infrastructure, plus you have some unique or complex requirements then our Enterprise track is probably best.

Our Professional Services are offered to existing customers to help them customize, extend, or support their infrastructures. No matter which Bootcamp, Jumpstart, or Enterprise track you participate in, we can help you. Our services are offered on a Time & Materials basis on a conventional retainer model.

For existing and past customers, we offer high-touch professional services.

  • Customize anything you need.
  • Build any Terraform modules you want.
  • Write any documentation that is missing.
  • Implement new systems and services
  • Wire up new integrations (E.g. with Okta)
  • Upgrade your infrastructure from top-to-bottom
  • Fill in when you're short of hands
  • Answer any questions you need via Slack or Zoom
  • Perform remote-hands work or pairing sessions via Zoom
  • Workload migrations and migration planning
  • Adopting legacy accounts and workloads into the framework

Turnkey AWS Blueprints

Our reference architecture consists of all the structural terraform components required to build AWS infrastructure. Using this architecture, we've developed blueprints that consist of all the pre-existing materials from our reference architecture that customers need and how they go together.

A well-defined blueprint aligns business goals and outcomes to the technical strategies, patterns, best practices, and technology stacks to maximize the value for the enterprise.

Here are some of the ready-to-go blueprints we've developed for our customers.

AWS Benchmark Compliance

Companies that handle health data are automatically subject to HIPAA regulations. Attempting to build the technical controls on top of the existing infrastructure is frequently more complicated than a lift-and-shift into a new AWS organization built with compliance in mind. Companies need to architect their infrastructure to meet these standards from the ground up.

HIPAA is not prescriptive on how the technical controls are implemented. Instead, HIPAA defines a set of high-level expectations, but it’s up to the responsible party (e.g. Customer) to assert what controls are in place for each safeguard.

HIPAA Security Technical Safeguards

  • Access control
  • Audit controls
  • Integrity
  • Person or entity authentication
  • Transmission security

The typical approach to addressing these controls is using a combination of one or more of the compliance standards such as CIS, HITRUST, NIST, ISO27001, etc. Organizationally, this is a decision that has both technical and procedural impacts.

The Technical Benchmark Framework should satisfy the vast majority of requirements for HIPAA, which means most likely selecting more than one framework.

Our strategy is to deploy AWS SecurityHub and enable the conformance packs required to meet HIPAA operational best practices, which provides a framework helpful to meet HIPAA requirements, given its broad scope of security controls. A conformance pack is a collection of AWS Config rules and remediation actions that can be easily deployed across an AWS organization. With AWS Config we can evaluate whether your AWS resources comply with the standard best practices of a given technical benchmark. Cloud Posse has all the pre-existing Terraform modules to accelerate this implementation.

Our AWS reference architecture for terraform has a Foundational Security & Compliance pillar that addresses the implementation of the technical controls for HIPAA compliance. Choose one of our Jumpstart or Enterprise tracks to implement it.

Get Price

Useful links:

Organizations that store client information in the cloud (e.g. cloud service providers, SaaS providers) benefit from a SOC 2 report that proves a client’s data is protected and kept private from unauthorized users. No particular industry requires these reports, but businesses often require them in financial services, including banking, investment, insurance, and security. If you are a technical service provider, a Publicly traded company, a startup setting its sights on IPO/SPAC, or a company working with other enterprises, then there is a good chance that either a client or business partner will require a SOC audit. Companies need to architect their infrastructure to meet these standards from the ground up.

SOC2 Considerations

What makes SOC2 unique is that it doesn't prescribe what technical controls are required. Instead, SOC2 defines a set of high-level expectations, but it’s up to the responsible party (e.g. Customer) to assert what controls are in place for each pillar.

  1. Logical and physical access controls
  2. System operations
  3. Change management
  4. Risk mitigation

The typical approach to addressing these controls is using a combination of one or more of the compliance standards such as CIS, HITRUST, NIST, ISO27001, etc. Organizationally, this is a decision that has both technical and procedural impacts.

The Technical Benchmark Framework should satisfy the vast majority of requirements for SOC2, which means most likely selecting more than one framework.

Cloud Posse’s strategy is to deploy AWS SecurityHub and enable the AWS Config Conformance Packs containing the security controls to meet the operational best practices of a given compliance framework, then remediate all the findings. A conformance pack is a collection of AWS Config rules and remediation actions that can be easily deployed across an AWS organization. With AWS Config we can evaluate whether your AWS resources comply with standard best practices of a given technical benchmark. Cloud Posse has all the Terraform modules to accelerate this implementation.

Since Security Hub, GuardDuty, and AWS Config are regional AWS services, we must deploy them to all enabled regions. Security Hub and GuardDuty Administrator accounts will need to be deployed first. On top of that, the region designated as the Global Collector Region needs to be deployed afterward.

Get Price

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard created by a consortium of major card brands including American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc.

PCI DSS applies to companies that store, process, or transmit cardholder data (CHD), such as merchants, processors, acquirers, issuers, and service providers. The PCI DSS is mandated by the card brands and administered by the Payment Card Industry (PCI) Security Standards Council (SSC).

Attempting to build the technical controls on top of the existing infrastructure is frequently more complicated than a lift-and-shift into a new AWS organization built with compliance in mind. Companies need to architect their infrastructure to meet these standards from the ground up. While PCI/DSS is prescriptive on what technical controls are needed and provides Cloud Computing
Guidelines[1]https://listings.pcisecuritystandards.org/pdfs/PCI_SSC_Cloud_Guidelines_v3.pdf, but not on how they are implemented. It is up to the responsible party (e.g. SaaS Company) must assert what controls are in place for each safeguard.

PCI DSS v.3.2.1[2]https://listings.pcisecuritystandards.org/documents/PCI_DSS-QRG-v3_2_1.pdf consists of 12 requirements spread across six objectives.

PCI DSS ObjectivePCI DSS RequirementDescription
Objective 1Build and Protect a Secure Network
Requirement 1Install and maintain a firewall to protect your cardholder data
Requirement 2Do not use the vendor's default values for device passwords and other security parameters
Objective 2Protect Cardholder Data
Requirement 3Protect stored cardholder data
Requirement 4Encrypt the cardholder data transmission over public networks
Objective 3Create a Vulnerability Management Program
Requirement 5Use and update anti-virus software regularly
Requirement 6Build and maintain secure applications and systems
Objective 4Apply Strong Access Control Measures
Requirement 7Limit access to cardholder data according to specified requirements
Requirement 8Assign a unique identity to anyone with computer access
Requirement 9Restrict physical access to cardholder data
Objective 5Regularly Monitor and Test Networks
Requirement 10Monitor and track all access to network and cardholder data
Requirement 11Test security systems and processes regularly
Objective 6Create a Policy Regarding Information Security
Requirement 12Establish an information security policy for employees and contractors
PCI DSS v.3.2.1 Requirements

Our blueprint deploys AWS SecurityHub, then enables Security Hub’s PCI DSS v3.2.1 standard[3]https://aws.amazon.com/blogs/security/how-to-use-the-aws-security-hub-pci-dss-v3-2-1-standard/ and the conformance packs required to meet PCI/DSS operational best practices [4]https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-pci-dss.html. Together, these provide a helpful framework to meet PCI/DSS requirements, given its broad scope of security controls. A conformance pack is a collection of AWS Config rules and remediation actions that can be easily deployed across an AWS organization. With AWS Config we can evaluate whether your AWS resources comply with the standard best practices of a given technical benchmark. Cloud Posse has all the pre-existing Terraform modules to accelerate this implementation.

Our AWS reference architecture for terraform has a Foundational Security & Compliance pillar that addresses the implementation of the technical controls for PCI/DSS compliance. Choose one of our Jumpstart or Enterprise tracks to implement it.

Get Price

AWS Migrations

Get Price
Get Price
Get Price
Get Price
Get Price

AWS Blueprints & Cold Starts

Get Price
Get Price
Get Price
Get Price
Get Price
Get Price
Get Price