AWS re:Invent 2025 - Governance that Enables Innovation at Scale feat. Eli Lilly and Company(COP346)

Enabling Innovation at Scale through Modern Cloud Governance

Transforming Cloud Governance at Eli Lilly and Company

Challenges with Legacy Approaches

• Eli Lilly faced growing pains as they scaled their AWS environment from 3-4 accounts to over 1,500 accounts
• Their legacy AWS Landing Zone (ALZ) solution became a bottleneck, with deployment pipelines taking 8 hours to complete and often failing
• This hindered the agility and innovation of Lilly's business teams, as the central IT team struggled to keep up with the rapid cloud expansion

Modernizing with AWS Control Tower and Account Factory for Terraform

• In 2024, Lilly partnered with AWS to transition from ALZ to a modern cloud governance solution using AWS Control Tower and Account Factory for Terraform
• Key requirements included:
  • Managed service to reduce operational overhead
  • Increased agility and scalability to support rapid cloud growth
  • Simplified governance and reduced complexity of security policies
• The 6-month migration project involved:
  1. Decoupling resources from the legacy ALZ infrastructure
  2. Developing Terraform modules to replace ALZ resource definitions
  3. Automating the migration process using AWS Step Functions and Lambda

Benefits of the Modernized Approach

• 75% reduction in manual effort for the central IT team
• 300% increase in the frequency of code pushes
• Ability to create new OUs and deliver new features 10x faster (from 2 months to 2 weeks)
• Security and configuration updates deployed across all accounts in under 5 hours

AWS Control Tower: Enabling Managed Cloud Governance

Key Components of AWS Control Tower

• Automatically provisions log archive and audit accounts, as well as a security OU with backup-related accounts
• Enables AWS Identity Center for federated access and enables AWS Config and AWS CloudTrail
• Applies managed security and compliance controls backed by AWS Security Hub, CloudTrail, and CloudFormation

Account Factory for Terraform

• Allows programmatic provisioning and customization of new AWS accounts through a GitOps-driven workflow
• Leverages Terraform to deploy account-level and global configurations, ensuring consistency and compliance
• Supports published Terraform modules from the registry as well as custom modules tailored to specific requirements

Leveraging Managed Controls for Comprehensive Governance

• Shift left from reactive, detective controls to proactive and preventative controls
• AWS Managed Controls Catalog provides a single source of truth for deploying controls across accounts and OUs
• Controls can be easily enabled through AWS Control Tower or integrated into the Account Factory for Terraform pipeline

Key Takeaways

1. Enabling Organizational Objectives: Modernizing cloud governance can directly enable business agility, scalability, and innovation, as demonstrated by Eli Lilly's experience.
2. Simplifying Governance Operations: Leveraging managed services like Account Factory for Terraform can help streamline and standardize governance processes, reducing complexity and overhead.
3. Embracing Managed Controls: Adopting AWS-managed security and compliance controls can provide comprehensive governance with reduced operational burden.

By implementing a modern cloud governance foundation with AWS Control Tower and Account Factory for Terraform, organizations can unlock the full potential of the cloud, empowering their teams to innovate at scale while maintaining robust security and compliance.