With AWS Management and Governance, customers can enable, provision, and operate their environment for both business agility and governance control.
A bank that “lives on your smartphone,” Monzo has already handled £1 billion worth of transactions for half a million customers in the UK. Monzo runs more than 400 core-banking microservices on AWS, using services including Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic Block Store (Amazon EBS), and Amazon Simple Storage Service (Amazon S3). One of the initial reasons Monzo chose AWS was the need to comply with banking regulations. Monzo also segregates parts of its infrastructure using separate AWS accounts, so if one account is compromised, critical parts of the infrastructure in other accounts remain unaffected. The bank uses one account for production, one for non-production, and one for storing and managing users’ login information and roles within AWS. The privileges that are assigned in the user account then allow users to read or write to production and non-production accounts. Using AWS CloudTrail, Monzo logs activity to Amazon S3 buckets in another separate audit account. Nobody can log in to that account, so the records remain immutable. Amazon S3 is also used in a final backup account to store encrypted backups from the production account. It took Monzo a day to migrate from its old account to a multi-account setup. In the future, routine management will be even easier, says Simon Vans-Colina, an engineer at Monzo. This is because the company will administer its Terraform infrastructure management software with the AWS Organizations API.
“This level of protection helps me sleep at night.”
Simon Vans-Colina, Engineer - Monzo
GoDaddy is the company that empowers everyday entrepreneurs. With 19 million customers worldwide, GoDaddy is the place people come to name their ideas, build a professional website, attract customers, and manage their work. GoDaddy built a self-service portal for builders to automate GoDaddy as well as AWS processes, including AWS account creation and deploying an AWS Landing Zone with AWS Service Catalog products. AWS Service Catalog provides GoDaddy builders with standardized patterns and increased agility, while allowing them to maintain optimum security posture and standardization. Teams can rapidly build a library of pre-approved, battle-tested services published in Service Catalog, including Amazon Aurora, Amazon DynamoDB, Amazon EKS, Amazon API Gateway, and AWS Lambda.
“Service Catalog helps us meet our objective to enable builders to go from concept to cloud in under 6-hours, while raising the bar on engineering rigor. We have provided a developer first methodology that allows teams to move quickly, and helps us achieve self-service governance at scale.”
Demetrius Comes, VP of Engineering - GoDaddy
Intercom is a software company that builds a suite of messaging-first products that all modern internet businesses can use to accelerate growth across the customer lifecycle, including acquisition, engagement, and support. The company implemented AWS Management and Governance services to replace various manual or bespoke processes, allowing them to gain visibility and control of their AWS infrastructure.
“Our use of AWS Systems Manager has saved hundreds of engineer hours per year by fully automating patch management and automatically fixing broken hosts. We use Amazon CloudWatch for day-to-day autoscaling, as well as resource utilization management and tracking. With AWS CloudTrail, we can audit logs for changes, allowing us to meet compliance requirements. Using AWS Config, we can easily visualize and navigate timelines of configuration changes in our environment. Overall, the Management and Governance services have allowed us to establish secure management at scale while saving costs.”
Brian Scanlan, Principal Systems Engineer - Intercom
Experity Health is an organization devoted to the patient-centered healthcare revolution. Their complete suite of software and services empowers urgent care providers to deliver on the promise of people-first healthcare. Experity relies on AWS Management and Governance tools to deliver their managed service platforms for practice administration and medical record software. With Amazon CloudWatch, AWS CloudFormation, AWS CloudTrail, AWS Config, and AWS Systems Manager, Experity Health has been able to find a scalable solution for managing hundreds of instances without paying large licensing fees.
“Amazon CloudWatch Logs has dramatically decreased the amount of time we spend troubleshooting our services. Instead of having to monitor and check all of our resources for errors individually, we can query our CloudWatch Logs, which show all the activity across our AWS environment. We use CloudFormation to create consistent environments for our users. Instead of working for weeks to create servers, configure them, and document all the configurations, we use CloudFormation templates to define our infrastructure, which has saved a significant amount of time and allowed us to automate our deployments. With Systems Manager, we no longer have to spend time checking all our AWS services individually, but have a single user interface that allows us to view and perform tasks on multiple systems at once.”
Brian Olson, Cloud Architect, Experity Health
Deloitte is a network of independent firms providing audit and assurance, tax, legal, risk and financial advisory, and consulting services to a wide range of clients in 20 industry sectors. In the U.S., Deloitte LLP and Deloitte USA LLP serve more than 85 percent of the Fortune 500. Deloitte’s ConvergeHEALTH Miner solution is a suite of tools and services that help accelerate data gathering, analysis, and management across the healthcare research lifecycle, accelerating time-to-market for new therapies, reducing data analysis run times and operating costs, getting medicine to patients faster, and expanding its safety and effectiveness analysis to improve patient outcomes. Miner leverages a wide range of AWS services. They used AWS CloudFormation and AWS Service Catalog to get Miner to clients faster using infrastructure as code. Deloitte chose AWS CloudFormation templates to code the infrastructure, which it can then deploy in one click using AWS Service Catalog. AWS Service Catalog allows organizations to create and manage catalogs of IT services, including complete multi-tier application architectures. With this approach, Deloitte has greatly accelerated deployment times for Miner. In addition to faster deployment, using AWS Service Catalog helps clients cut costs.
“Building each environment from the ground up typically took two skilled engineers two to three weeks… Using AWS Service Catalog means we can deploy a full-featured Miner environment in about 45 minutes. It’s one-click simple. Each deployment has tested and proven security and networking configurations, so engineers don’t have to worry about those things.”
Jinlei Liu, Vice President of Product Development - Deloitte
“Customers can easily turn instances off when they are not being used and then turn them back on again instantly when they are needed… Simply by turning them off on nights and weekends can save clients about a third of associated cloud compute costs.”
Kristin Feeney, Senior Data Scientist - Deloitte
3M Health Information Systems
3M Health Information Systems (HIS), a division of the global science company 3M, helps providers, payers, and government agencies anticipate and navigate the changing healthcare landscape. 3M HIS decided to decrease its IT operational overhead so it could focus more intently on its core business--healthcare analytics. 3M HIS needed a solution that could help it eliminate the bottleneck created by manual provisioning of development pipelines while adhering to crucial governance and control requirements. The 3M project team used AWS Service Catalog and AWS CloudFormation templates to improve the autonomy of 3M HIS teams using the AWS CodePipeline and Jenkins-based CI/CD platform. Using AWS Service Catalog, 3M HIS creates, manages, and governs AWS CloudFormation templates that provision development pipelines in just a few clicks. These pipelines are preconfigured for specific teams and purposes, in compliance with the organization’s information security policies.
“By using AWS Service Catalog, I can have a new pipeline ready in 10 minutes, instead of needing days to build it manually.”
James Martin, Manager of Automation Engineering - 3M Health Information Systems
Copebit is a Swiss AWS Partner that implements cloud solutions for their customers. The company decided to use AWS Management and Governance tools for their own services and for clients. Using Amazon CloudWatch, AWS CloudFormation, AWS CloudTrail, AWS Config, AWS Service Catalog, and AWS Systems Manager, Copebit focuses on client projects related to DevOps, Containers, and Serverless Technologies.
“We use Cloud Formation and Service Catalog to automatically provision a number of resources, including Config, Systems Manager, AWS Budgets, and CloudWatch. As a result, every client we onboard is configured according to the well-architecture framework. With these services, we have found a way to achieve secure management at scale, establish end-to-end IT lifecycle management, and gain operational visibility. With CloudFormation, we can configure a set of standard templates based on best practices, which can be implemented for each client and each account. With CloudWatch and Budgets, we can easily visualize important metrics, which leads to reduced costs. We use Config and CloudWatch to continuously monitor workloads, which reduces operational overheard. We are relieved that our teams and our customers no longer have to pick between business agility and governance.”
Marco Kuendig, Senior Consultant - Copebit
Dbvisit develops, sells and supports innovative software that protects data in Oracle Standard Edition databases. The solution Dbvisit Standby provides full Disaster Recovery capability for companies running Oracle Standard Edition databases, ensuring they can protect and access their critical data after unexpected outages, whether located in the cloud, hybrid or on-premises. Dbvisit uses Amazon CloudWatch, AWS CloudFormation, and AWS Service Catalog together to quickly provision and manage multiple AWS environments in order to test their product.
“Our product can be tested quickly with the correct environments, but creating and starting these environments can be time consuming. And catering for changes over time can also be challenging. Therefore, our goal has been to move towards an automated process of provisioning an AWS environment and deploying software on it, using infrastructure as a code. We implemented CloudFormation and Service Catalog so that the DevOps team can automate the creation of internal AWS environments for development and testing environments. We then use CloudWatch to get a better overview of what is happening in our configurations, which is of great importance. These services have helped us find a way to innovate faster while maintaining control over our AWS infrastructure.”
Anton Els, Chief Technology Officer, Dbvisit
Netflix is one of the world's largest online media streaming providers, delivering videos to millions of customers globally. With hundreds of AWS accounts and resources distributed across multiple regions, Netflix needed a way to assess and evaluate the configurations of their AWS infrastructure. The company adopted AWS Config so that they can increase their visibility into their AWS resources to ensure that their inventory is timely and up to date.
“We need an infrastructure-wide inventory of our AWS resources to answer questions like ‘which resources do we have deployed?’, ‘where are they deployed?’, ‘how are they configured?’, ‘which changes were made?’, ‘when did the change occur?’, and ‘who made the change?’. Before AWS Config, we needed to manually develop tooling to collect the proper inventory of our AWS resources with change history. Now, using Config, we can meet our security requirements and eliminate the need to maintain our own tooling. AWS is also committed to onboarding new and existing resource types to enable full resource visibility. As a result, we are certain that our asset inventory can scale to our existing and future infrastructure.”
Mike Grima, Cloud Infrastructure Security - Netflix
GE Appliances, acquired by Haier in 2016, has been a leader in designing, building, and servicing appliances for 125 years. GE Appliances has been steadily building out their use of AWS Management Tools since the company adopted a ‘cloud first’ policy in 2016 for any new deployments. AWS CloudTrail helped GE Appliances gain visibility into API and non-API actions across AWS accounts, simplifying compliance and risk auditing and enabling automated monitoring and alerting. AWS Config added the ability to centrally define resource configurations and other company-defined best practices, with alerts generated when these are violated. GE Appliances also uses AWS Systems Manager to manage about 700 on-premises and Amazon EC2 instances. AWS Management Tools have given GE Appliances total visibility into their hybrid-cloud environment, and they allow GE Appliances to heighten their security by automatically enforcing rules and guardrails.
“Before we had access to AWS tools, we had to do lots of configuration and process logging and then absorb everything into a centralized platform to understand security events after the fact. By using AWS Systems Manager and the other AWS tools, we’ve gone from zero to 100 percent real-time visibility, a night-and-day contrast with our prior security posture.”
Rafael Garrido, DevSecOps leader - GE Appliances
Verisk Analytics is a data-analytics provider that offers predictive analytics and decision-support solutions. Verisk Analytics uses AWS CloudFormation, AWS CloudTrail, and AWS OpsWorks for Chef Automate (each a service within AWS Management Tools), to automate and scale its operations. AWS CloudFormation is the core of Verisk’s automation framework. Verisk separates the foundational network infrastructure code from the application components, but built an abstraction layer that provides a convenient way for application owners to reference the underlying infrastructure. AWS OpsWorks for Chef Automate is a key part of automating stack deployments, and AWS CloudTrail is used to audit and troubleshoot in the company’s complex environment. AWS Management Tools enable Verisk’s small centralized team to automate more than 20 globally distributed businesses at scale.
“We wanted to ruthlessly automate everything. Since starting to use these tools, we are up to 64 accounts, 300 VPCs, and 20 Chef instances. We're able to move at a much faster pace than if all the businesses were rolling their own solutions into AWS.”
Eric Schneider, CTO - Verisk Analytics
CSS Corp is a global professional services company providing IT and technology support services driven by automation and analytics for enterprises. CSS Corp uses AWS Management Tools to meet their compliance requirements and facilitate their disaster recovery processes. With AWS Config, CSS is able to quickly detect changes in their AWS infrastructure and cross-reference these changes against AWS CloudTrail logs for security and risk auditing. The inventory of AWS resources recorded by Config allows them to identify important infrastructure components and maintain critical service maps. CSS also leverages AWS CloudFormation to rapidly provision resources in multiple AWS regions for their disaster recovery processes.
“Prior to using AWS Management Tools our compliance and disaster recovery processes required significant human effort. With Config, CloudTrail, and CloudFormation we were able to automate many of our processes and easily achieve our recovery and compliance audit requirements.”
Troy Lewis, IT Manager - CSS
Neurotech is a Brazilian company that develops data intelligence solutions regarding loans, risk, and fraud. Headquartered in Sao Paulo, the company has customers across various industries, including banks, major retailers, insurance companies, and educational institutions. Always investing in its customers, Neurotech uses AWS to create new products quickly, safely, and inexpensively.
“AWS Management and Governance tools are at the core of our security framework. With AWS Systems Manager, we have been able to improve visibility into the inventory of our AWS environment. Now, we know exactly which AWS resources are being consumed by the development and application teams across our organization. We also use Systems Manager to automate our patch deployment process, which has dramatically reduced the time that administrators spend on software updates. With Systems Manager, our teams and our customers can gain peace of mind.”
Marcelo Bronzatti, Head of Infrastructure, Security, & Deployment - Neurotech