"Moeve, formerly known as Cepsa, is a global integrated energy company with over 90 years of experience and more than 11,000 employees. Moeve is committed to driving Europe's energy transition and accelerating decarbonization efforts. The company has embraced digital transformation to enhance energy efficiency, safety, and sustainability, focusing on investments in green hydrogen, second-generation biofuels, and ultra-fast electric vehicle charging infrastructure."
"At Moeve, we decided to make AWS Control Tower our central governance tool and the foundation of our landing zone at the end of 2022. However, as an organization that wants to ensure that all deployed resources comply with the established requirements, it was challenging for us to remediate errors or vulnerabilities that arise when resources were deployed without compliance with our security definitions. The foundation of controls should be proactive."
"There are times when you want to block the deployment of Amazon API Gateway without security, Amazon VPC security groups with source 0.0.0.0/0, or with an ALL port range open. In these and other cases, we want to take a step further and create our own controls that are more in line with our own policies, and now we can do so in a simple and agile way,"
Moeve is a global integrated energy company with extensive investment in green hydrogen, second-generation biofuels, and ultra-fast EV charging. The company adopted AWS Control Tower as its central governance tool and landing zone foundation in late 2022. Proactive controls are required to ensure all deployed resources meet established security and compliance requirements and to remediate vulnerabilities from noncompliant deployments. CloudFormation Hooks, Guard Rules, and Service Control Policies (SCPs) are leveraged to block insecure resources such as unsecured API Gateways or overly permissive VPC security groups. Managed hooks launched in November 2024 enable simpler, agile creation of custom controls. Deployments are required to use Infrastructure as Code.
Read at Amazon Web Services
Unable to calculate read time
Collection
[
|
...
]