'You Build It, You Run It' concept works
The Company adopts a 'You Build It, You Run It' approach to app management. This often happens when migrating legacy applications from physical infrastructure to the cloud. The client wanted to become independent of the Cloud Center of Excellence team which in their opinion slows down the pace in the first stages of the migration.
The division was involved in determining responsibilities, assigning each team to a given area, and according to this principle, the environments were built.
What was achieved in a short time?
Arelion got fully secured, centralized access to the AWS environment via SSO (Single Sign-On). It is where a company creates, or connects workforce identities in AWS once and manages access centrally across AWS organizations.
It was built, well-organized AWS multi-account structure with SCPs (Service Control Policies). Logging, networking and security layers were deployed in a centralized approach for more productive maintenance and control.
Now, it is securely exposed to the first wave of workloads (2 apps on EKS cluster) for either internal or external entities.
Last but not least an important topic was security, and the integration of AWS WAF with AWS Shield and AWS CloudFront was recommended as the first layer of protection. Membership accounts have been equipped with additional WAF as a form of team independence, but with overall management provided by AWS Firewall Manager implemented in the Security Account, complementing individual resource workloads in the organization. This helps to create a clear and safe policy on access to the environment. It is thought that the effects will be felt by the company and its customers for many years to come.
In addition to this, high availability was implemented by setting up EKS (Elastic Kubernetes Service) cluster on multiple AZs (Availability Zones) and ALB (Application Load Balancer) as an ingress. AWS Firewall Manager was deliberately deployed in the Security account, allowing centralized policies control over groups of WAFs (Web Application Firewall).
Finally, AWS CloudTrail and AWS Config have been enabled for all accounts with a centralized approach.
Cloud computing is a complex process that requires proper planning and continuous, step-by-step management. The key steps to a successful migration are the first steps. It is important to take the planning phase seriously and try to anticipate how the architecture will be built in the future. The success of the next ones depends on that. In this case: design, communication between application components, security were especially important.
The first stage has been successfully completed. The next ones are being carefully planned and implemented.