Enable Teams Quickly with CloudFormation to Automate Secured Deployments of Resources

Implementation included 100 percent software-defined infrastructure and operations into a build, bundle, deploy pipeline pattern for use by all organizations in the enterprise to ensure a predictable, repeatable, auditable solution.

Confidential Client

MOBILITY DATA AND ANALYTICS CO.

Project Outcomes & Results
Preceding this engagement, this client's parent company had 50 Amazon Web Service (AWS) accounts spread across the company without centralized security, logging, monitoring and architecture. The parent company hired Trility Consulting® to help develop a secure enterprise cloud architecture strategy and move on-prem workloads to the cloud, build native apps in the cloud, and optimize the cloud for automation, scalability, and auditability. 

The achieved outcome was a Cloud Security enterprise framework  to enable cloud services across the company with reusable patterns that created predictable, repeatable, and auditable results.

Challenge

This client needed to refactor its cloud environment to align with its parent company’s enterprise cloud framework, and using AWS CloudFormation allowed them to quickly enable teams and enforce security controls.

Prior to this engagement, the client hired Trility to help pursue a secure, safe serverless environment across its enterprise, so they turned to our team again to help bootstrap the design, implementation, and operational evolution of AWS operations and implement a data storage solutions using CloudFormation.

Why CloudFormation

AWS CloudFormation was selected to automate the secure deployment of AWS resources across business units to help the client’s teams adapt quickly and automate testing. Using the enterprise cloud framework provided by the parent company, Trility proposed rewriting all IAM roles, permissions, and policies for the entire environment – applications, EC2 instances, CloudFront, security groups, IAM resources, and all networking. 

Solution

Trility conducted architectural assessments, gained understanding of existing processes, procedures, and information security implementations in order to provide next-step recommendations. Trility then facilitated the secured population of the environments according to the parent company’s requirements while cleaning up and simplifying IAM permissions contextually. 

As an extension of the initial project with the parent company, Trility used CloudFormation and CI/CD pipelines to build, evolve, troubleshoot, and provide solutions for cloud architecture, new resource buildouts, and configurations, as well as automate the deployment of IAM permissions, roles, and policies. Trility teams also provided training on S3 and writing IAM policies to equip the client’s team members at the end of the engagement.

Outcomes

  • Continue to facilitate and ensure alignment of the enterprise cloud framework vision between the client and its parent company while helping both be operational and more competently experienced in cloud architecture through operations.
  • Provide coaching and knowledge transfer to client team members for building and managing 100 percent software-defined infrastructure in the cloud with a security-first mindset.
  • New pipelines continue to be built as requested and required using existing enterprise cloud framework patterns.
  • Ensure all new work goes back into the framework.
  • Apply least privilege mindset to all enterprise cloud framework patterns while simultaneously delivering new pipelines for new and old code packages integrating the client’s information safety team.

Reusable Patterns

Trility builds a golden triangle of truth for version control, change management, and continuous delivery pipelines to ensure predictable, repeatable, and auditable results. Long-term, the client’s teams have increased operational performance and reduced time to value by leveraging the power of CloudFormation’s reusable templates:

  • Iterated on a multi-region enterprise cloud framework
  • IAM Permissions and Management 
  • Jenkins Worker Model pattern
  • Patching enforcement pattern for long-running resources
  • Services and group code management 
  • Security-defined role-based access behaviors 

Description of Environment

Implementation included 100 percent software-defined infrastructure and operations into a predictable, repeatable, auditable build, bundle and deploy pipeline pattern for use by any and all organizations in the enterprise. AWS CloudFormation allowed for the following:

  • Mapping, template parameters, AWS pseudo parameters, and AWS specific parameter type
  • Template nesting and cross-stack references
  • Validations of parameter input
  • Templates were split into logical stacks so modules are decoupled, reusable, easier to maintain
  • Use outputs with helpful stack information on resources created

Lessons Learned

Managed policies built in AWS did not allow for the granular controls necessary for this enterprise system. Trility worked with the parent company’s team to create reusable and more granular policies across the environment that could be rolled back up to the enterprise cloud framework, along with all other iterations and lessons learned.

Simplify, Automate, and Secure Your Next Challenge

Trility helps rethink your entire business strategy in the cloud. Learn how you can accelerate your next AWS iniative with us.