AWS Competencies: El passion
About the Customer
EL Passion is a product design & development agency. They partner with clients to build stunning and usable Web Apps, PWAs & feature-rich native (iOS & Android) & cross-platform (React Native) mobile apps. Over 11 years in the business gave them experience and deep understanding of Healthtech, Digital Entertainment, and Business Services industries. They have mastered their processes and became fluent in true Agile product development, maximizing the value for the client and for the product’s end users.
Customer Challenge
Challenges faced by the EL passion:
Review AWS account organization (setup, policies, etc.) - a review of the entire organization had to be carried out because the client used a monolithic architecture with many accounts, where any of them were not used. Additionally, the lack of implementation of best practices during the organization configuration was noticeable
Review of the control tower and related automation and at the same time cost reduction - the client complained about the process being too complicated and the costs associated with introducing an additional environment. An additional goal was to increase control and visibility on individual accounts
Migration of the old account to AWS organizations, increasing the visibility of incurred costs on customer accounts - the challenge here was to create a system that would link the incurred costs with the customer account
Recommendation of a tool that would automate the deployment of infrastructure per project - so far the client have used Atlantis, which worked as a cross-account
Partner Solution
Below are the steps taken by the AWS partner to eliminate the challenges encountered:
Creating a new account for the organization for each OU along with implementing appropriate security guardrails as well as linking SCPs with the OU - this reduced the number of unused accounts and increased the security of the application
Implement tag policies (in couple with SCPs) to the resources — enable cost filtering, detect resources which don’t have ones and automate routine management tasks
Implementation of Terragrunt with Terraform, which allows for the creation of repeatable resources for all created environments and additionally facilitated their management
An alternative to Atlantis has been implemented - Github Actions. This allows for native integration with GitHub, reduced cost of deployments and enhanced security
Control Tower cost reduction - limited the number of NAT Gateways - one was used instead of the previous two (1 AZ instead of 2 AZs) on less critical workloads
Carrying out general cleaning such as: limiting access to repos, reducing resources that are not used, e.g. virtual machines
Creating clear documentation regarding the management of Control Tower accounts for future deployments
Results and Benefits
Achieved benefits on this project:
Reduced cost of Atlantis from 100$ to only couple of $ by swapping to GitHub Action and limited NAT Gateway
Ease of creating and managing infrastructure by introducing modules and implementation Terragrunt and Terraform.
Increasing the security of the entire application by reviewing accesses and permissions, changing policies, improving SCPs, decommissioning unused resources such as the whole AWS accounts
Created human-friendly deployment process of the infrastructure with extra visibility of result on Github Action
Flexibility - reduced time and effort of developers team to make deployment
Flexibility again — for finance analysis (cost categories, etc)
Flexibility in creation and adding new AWS accounts to organization (LZ and AFT improvements), clean and readable AWS Organization structure.
Contact Us
Improve your cloud operations processes.
