CloudCity

Watch our Finale presentation on YouTube!

What is CloudCity?

A cloud sandbox for government services.

What motivated you to build this product?

We wanted to be able to provide everyone who took part in Hack for Public Good an AWS cloud environment but in a controlled manner.

What tech stack did you use?

AWS - Control Tower, Single Sign-On, Landing Zone, Security Hub.

What were the key challenges you faced in building CloudCity?

Our main challenges were on operating higher-order cloud services in a federated account setup, and communicating clearly to users on the guardrails provided by CloudCity.

What is the product vision for CloudCity?

We envision that other tech teams within the government will be able to leverage the cloud sandbox for their projects.

Fun facts!

One interesting finding:
Many engineers were very excited about being able to experiment in their own personal AWS accounts on CloudCity. Previously, we only had a single team-wide AWS account for this, which impeded learning and experimentation because of high friction due to quota limits and overlapping infrastructure.

One thing you’d have done differently:
We would be able to discover more cloud features e.g. AWS Audit Manager, and figure out how to write additional custom service control policies tailored to our governance use cases.

Takeaway/learnings:
Good cloud governance does not necessarily mean limiting engineering freedom.