Tapestry Builds a Scalable IaC Platform with Built-In Governance and Security
Global luxury fashion company Tapestry Inc. (Tapestry) has been undergoing a company-wide digital transformation. To support these efforts, Tapestry wanted to modernize its legacy business applications. Prior to undertaking this project, the company performed a lift-and-shift cloud migration to Amazon Web Services (AWS), completed in March 2021. Following this milestone, Tapestry wanted to further its modernization by building a scalable infrastructure-as-code (IaC) platform for facilitating seamless deployment of modernized workloads in a nimble, consistent, and repeatable manner, establishing security and governance.
To accomplish this, Tapestry decided to build a platform with standardized IaC private modules and IaC templates using serverless solutions on AWS. The services included AWS Lambda—a serverless, event-driven compute service—and Amazon API Gateway, a fully managed service that makes it easier for developers to create, publish, maintain, monitor, and secure APIs at nearly any scale. The company also used Amazon Cognito—which provides user sign-up and sign-in features for controlled access to web and mobile applications—and Amazon CloudFront, a content delivery network service built for high performance, security, and developer convenience. Tapestry used Terraform, a product of HashiCorp, an AWS Partner, to provision infrastructure on AWS.
In about six months, Tapestry completed the build of its IaC provisioning platform, and has deployed 15 new serverless applications. With this platform,Tapestry has accelerated its digital transformation while bolstering its security and governance and reducing its time to deployment.
The IaC Platform for Modernized Workloads Provisioning
Previously, Tapestry had built and provisioned infrastructure in the cloud manually, which was time consuming and prone to human error, with inconsistent environments, security and compliance risks. These challenges complicated Tapestry’s goal of optimizing its legacy applications. This process of manually provisioning infrastructure could take weeks to complete. To solve these issues, Tapestry started building the IaC-based, automated platform in December 2021.
“Now that we’ve migrated to the cloud, we’re starting to transform our workloads,” says Rehan Mubashir, director and principal of cloud platform architecture and engineering at Tapestry. “We wanted to take an IaC approach to deploy our workloads securely and consistently.” Using AWS services alongside Terraform, Tapestry found streamlined and reliable solutions for its infrastructure provisioning and framework.
Building an IaC Platform for Provisioning Serverless Workloads on AWS
Tapestry first conducted a deep assessment of its use cases and created prevetted standardized architectural patterns for security and compliance. They aligned with AWS Well-Architected Framework, which teaches architectural best practices for designing and operating reliable, secure, efficient, cost-effective, and sustainable systems in the cloud. These reference architectures can be readily used or tweaked to fit nearly any given use case.
After establishing the standardized patterns to make the provisioning repeatable, consistent, inherently secure, and compliant, Tapestry created prevetted, parameterized IaC modules and IaC templates.The parameterization of the IaC modules facilitates the reuse of code for almost any use case without having to write all the IaC from scratch, saving time. Additionally, IaC templates make the provisioning process repeatable and consistent.
Tapestry now maintains a Terraform Enterprise (TFE) private module registry of around 80 modules and over 15 IaC templates. Like the standardized reference architectures and IaC modules, these are prevetted, cloud center of excellence (CCoE) aligned, and follow industry best practices. Next, to ensure governance, Tapestry established a standardized infrastructure provisioning workflow based on version control systems (VCS) and Terraform pipelines, which incorporate approvals and is auditable. To support workloads with different levels of criticality, Tapestry built the platform to handle all disaster recovery tiers, along with high-availability or redundancy options as needed. And finally, to facilitate speed to market and post deployment application lifecycle management, Tapestry also built various cloud-native pipelines.
Since finishing the build of its IaC-based provisioning process, Tapestry has improved its business agility and streamlined internal workflows. Tapestry was able to successfully deploy 15 applications across multiple environments. Compared with its previous manual process, provisioning infrastructure takes only days instead of weeks. Implementation times have also decreased from days to hours. With these extra time savings, Tapestry’s employees can focus on modernizing the company’s legacy applications and identifying additional opportunities for further innovation. “We are always adopting new technologies,” says Mubashir. “We are excited about all the innovations coming from AWS, and we look forward to introducing more of those to the company.”
Accelerating Its Digital Transformation
Tapestry is continuing to innovate while it optimizes more of its legacy applications for cloud-native and serverless architectures. Tapestry plans to modernize many more applications using its IaC pipeline and to decommission its legacy environment, completing the company’s digital transformation.
“We have matured enough that we are now transforming the legacy applications to modernized cloud-native technologies,” says Mubashir. “We are excited to find new ways to benefit the business, test our ideas, and innovate on AWS.”