The OSO DevOps team provided an assessment of 33N existing AWS environment. Part of this assessment was to look at the environment’s overall architecture and provide remediation plans based off of the 5 pillars (operations, security, reliability, performance, and cost) of Amazon’s Well Architected Framework.
It was determined that Amazon EC2, AWS ALB, and autoscaling groups were needed across availability zones to increase resilience and help balance the load for all application services. The OSO DevOps team used an “Automation First” strategy and implemented Terraform to automate the client’s infrastructure in AWS. This allowed the Company to quickly spin up environments in different domains and spin down to save on costs.
Finally, OSO DevOps configured AWS CloudTrail and Amazon CloudWatch to enable logging and resource monitoring in the environment. Ingesting these logs into EKK (Elasticsearch, Kineses and Kibana) it was possible 33N to visualise activity over the whole account. This holistic view gave 33N the ability to be notified of any unwanted access attempts and/or impacts to environmental performance.
Cloud services & technologies leveraged:
- GitHub – SCM used as the code repository with commit hooks to trigger builds.
- Hashicorp Terraform – Used to automate the infrastructure including network, security and application definitions.
- Amazon CodeBuild – Created an AMI build process to harden the underlying OS and install applications using Ansible playbooks.
- Amazon AutoScalingGroups & ALB's - Application infrastructure scaling by utilising Application Load Balancing to the AWS AutoScalingGroup service.
- Amazon System Manager - Used for EC2 session management and securing sensitive information with AWS ParameterStore.
- Amazon S3 – Store static content including images, stylesheets, artefacts, and configuration.
- Amazon IAM – Amazon IAM – Access control of users across accounts and environments; IAM roles used to limit the use of access keys in implementations.
- Amazon RDS – Migrated data to RDS for resilience and elasticity.
- Amazon GuardDuty & ElasticSearch – Connected GuardDuty with AWS Elasticsearch to view aggregated logs and metrics.
- Tableau Server – Used for data visualisation for the end-users.