Embedding AWS best practice to maximise consistency and security ahead of an accelerated AWS adoption.

Standardising AWS deployments for a global team

With an acceleration into AWS on the cards and more than 100 developers and technical engineers employed worldwide, consistency was a top priority for Creditsafe. DevOpsGroup used in-depth knowledge of AWS to help the company consolidate its position.

The challenge of cloud adoption at a global scale

As a global player in the heavily regulated financial services sector, governance is always high on the agenda for Creditsafe. When the company set out to enhance security controls and embed consistency ahead of widespread adoption of AWS, DevOpsGroup was appointed to help.

The first step was to implement advanced, compliant single sign-on (SSO) user authentication across the international workforce. We developed an approach that made use of Creditsafe’s existing administrative skills to enable quick and seamless implementation.

Following the success of this project, we turned our attention to the next priority: laying strong and secure foundations for future cloud deployments. With developers based in multiple locations around the world, maintaining consistent approaches and deployment mechanisms was a potential challenge. Our task was to ensure Creditsafe’s high standards were upheld in the cloud.

“We needed a cloud partner that fully understood the rigour of financial services regulations and the best way to ensure compliance. DevOpsGroup helped us achieve this consistently across all our locations using in-depth knowledge of AWS and best practice principles.”

Laying foundations for a secure cloud infrastructure

After automating the SSO rollout and handing it back to Creditsafe for completion, we held a series of workshops with different members of the Creditsafe team. Our aim was to fully understand the company’s needs and challenges so we could put measures in place to build on its current AWS position.

Armed with this knowledge, we worked closely with Creditsafe to develop a series of AWS environment blueprints. They covered the core AWS services required in most of Creditsafe’s developments including:

• Amazon Relational Database Service (RDS)
• Fargate on Amazon Elastic Container Service (ECS)
• AWS Application Load Balancers with Amazon Certificate Manager integration

These blueprints represent a cornerstone for secure and cost-effective cloud adoption across the company. Their default settings reflect the fact that the initial cloud migration activity will focus on non-production environments. However, they have been architected with the ability to incorporate a more feature-rich and robust set-up as Creditsafe progresses to higher-level production environments on AWS.

A demo of the blueprints was attended by a selection of Creditsafe’s developers, enabling them to see what we had architected first-hand and raise any questions.

Consistent best practice delivered

Our blueprints enable Creditsafe to avoid a situation where developers in disparate locations use different mechanisms to deploy workloads onto AWS. Without this uniformity, largescale adoption could have resulted in widespread inconsistency, potentially creating an unsustainable support overhead.

We also ensured resource tagging good practice became the default by instilling the requirements in code. This enhances visibility, clarity and traceability within the cloud-based estate. Any member of the team in any location can easily identify individual resources enabling better management, which will underpin operational maturity going forward. This also helped reduce overhead for the Creditsafe finance team in chasing cost allocations.

Our initial workshops identified that Creditsafe’s longer-term goals included setting up a self-service platform for the 100-strong global team of developers and engineers. We created the blueprints with this in mind, so they can easily be integrated when the time comes. This will enable the team to act with autonomy without compromising important security factors. Building on the team’s current skillset, this capability was achieved using Terraform and AzureDevOps pipelines.

“For the short term we need a fairly rigid, controlled approach to deployments on AWS, but in the longer term we want our developers and engineers to have greater freedom. DevOpsGroup has created a framework to enable this without introducing unnecessary risk.”