Automation, automation, automation! Make it your mantra. Adopt it as your spirit animal. Write it on a hat and wear it everywhere. But above all apply it to everything you do in the cloud.
Automation, automation, automation!
If your organization uses an MSP, or will make use of one to transition to cloud than demand automation from that MSP. Also request details on how your MSP will be automating. If you are not interested in a lock-in scenario than avoid the use of proprietary scripts and tooling. Make sure to demand copies (synced repository) of deployments scripts, config files and templates to facilitate a possible exit.
Configuration and provisioning without automation is a major risk. Manual deployments could lead to improperly hardened resources posing a security risk. Financial approval could be circumvented. Operational issues could arise from divergent configurations and faulty or missing tags will severely mess up your administration. Automation is a powerful operational governance tool.
The CCoE should be masters of automation. They will assist development teams with template design and deployment scripts and they will try and test security and compliance scripts
Process or Activity
Review designs, test controls, assist with policies and template design.
Demarcation of Responsibilities
CCoE develops templates.
Automated configuration management is set up by the CCoE.
CCoE is responsible for managing and monitoring the automation tooling.
To Do List
Determine who is responsible for execution and maintenance of specific tools.
Set up policy to enforcing tagging, turn off unused regions and turn off unused services and features.