What We Learned from Building GovSlack

Slack launched GovSlack in July 2022. With GovSlack, government agencies, and those they work with, can enable their teams to seamlessly collaborate in their digital headquarters, while keeping security and compliance at the forefront. Using GovSlack includes the following benefits: Supports key government security standards, such as FedRAMP High, DoD IL4, and ITAR Runs in…

Archie Gunasekara
12 min readintermediate
--
View Original

Overview

The article discusses the challenges and experiences encountered while building GovSlack, a version of Slack designed for government agencies, utilizing AWS GovCloud infrastructure. It highlights the security standards, infrastructure setup, and lessons learned during the development process.

What You'll Learn

1

How to set up AWS GovCloud accounts for a new service

2

Why it's important to maintain compliance with government security standards

3

How to implement a shared-nothing architecture for environment isolation

Prerequisites & Requirements

  • Understanding of AWS services and compliance requirements for government applications
  • Familiarity with Terraform for infrastructure management(optional)

Key Questions Answered

What are the key benefits of using GovSlack for government agencies?
GovSlack supports key government security standards like FedRAMP High and DoD IL4, runs in AWS GovCloud data centers, and enables secure external collaboration through Slack Connect. It also provides advanced auditing controls and enterprise-grade admin dashboards for managing permissions.
How does Slack manage the separation between GovDev and GovProd environments?
Slack maintains a strict separation between GovDev and GovProd environments by implementing a shared-nothing architecture. This ensures that only US personnel can access the production environment, while the development environment is open for testing by a broader audience.
What challenges did Slack face when building on AWS GovCloud?
Slack encountered several challenges, including the lack of certain AWS services in GovCloud, the need for specific configurations in AWS CLI, and the complexities of managing DNS records due to the absence of public Route53 zones. These challenges required innovative solutions to ensure functionality and compliance.

Technologies & Tools

Some links below are affiliate links. We may earn a commission if you make a purchase.

Cloud Infrastructure
AWS Govcloud
Used to host GovSlack while ensuring compliance with government security standards.
Infrastructure As Code
Terraform
Used for building and managing the infrastructure required for GovSlack.

Key Actionable Insights

1
Establish a clear process for requesting and managing GovCloud accounts to streamline service deployment.
This is crucial for organizations looking to leverage AWS GovCloud for compliance-heavy applications, as it minimizes delays and ensures proper setup from the start.
2
Implement a shared-nothing architecture to enhance security and compliance in cloud environments.
This approach not only meets regulatory requirements but also simplifies management and reduces the risk of cross-environment issues.
3
Utilize Terraform modules to maintain consistency across AWS GovCloud and standard AWS environments.
This practice allows for easier management of infrastructure as code, promoting reusability and reducing errors during deployment.

Common Pitfalls

1
Assuming that all AWS services are available in GovCloud as they are in standard AWS.
This can lead to significant delays in project timelines as teams may need to find alternative solutions or workarounds for missing services.

Related Concepts

AWS Compliance Standards
Infrastructure As Code
Cloud Architecture Patterns