Building an AWS platform to host existing internal IP applications & develop new apps

Key challenges
  • > New platform needed for app development

  • > Current solution difficult to manage access

  • > Need to add multiple accounts 

  • > Sandpit environment needed for engineers

Key outcomes
  • > New platform with cutting-edge AWS tech

  • > Cost-effective user management solution

  • > Reusable assets for client delivery created

  • > Time and cost savings for range of teams

the challenge

The challenge

> We needed an AWS platform that was highly secure, easy to manage and in line with the latest AWS best practices.


> Since the existing platform was set up, AWS has released many new services and updated its best practice architecture.


> The organisation had grown dramatically since the setup of the existing platform (in terms of staff and our engineering function), amplifying the need for a platform that was easy to use, access and develop on.


> This shift also meant that our engineers needed access to a sandpit environment to get hands-on experience in a controlled environment.

how we helped

How we helped

> Our internal cloud team designed and built a new platform based on AWS’ current multi account reference architecture and best practice.

 

> This platform was defined as Infrastructure-as-Code, written in Terraform and deployed via a CICD pipeline, leveraging GitHub Actions.

 

> The team developed the account vending machine capability, allowing for a new AWS accounts to be created with a small number of lines of code, ensuring all required monitoring, alerting and security were part of the creation process (known as the security baseline).

 

> The platform was integrated with the existing Azure AD, providing a seamless login process via single sign-on. This allowed for easy management of user access across all accounts.

the results

The results

> As a result, we can now create and deploy AWS accounts in the new platform in under 10 minutes, configured with a full security baseline in an automated fashion. This ensures that the account has the required guardrails but does not block productivity.


> We also have a set of templates consisting of thousands of lines of code, which can be easily adapted to fit specific client use cases and packed up and shipped to them, dramatically reducing overall time to deliver.


> Each account costs ~£4 per month to operate with the security baseline. This is extremely cost-effective for an enterprise grade setup.