Moeve Reduces Deployment Time by 75% Using AWS Control Tower

Moeve is a Spanish energy company that aims to lead Europe’s sustainability transition. It started using AWS in 2016 and named AWS its preferred cloud partner in 2020. Moeve continues to use AWS services to drive its initiatives in energy toward decarbonization.

Moeve is a large company, containing five internal organizations and over 200 AWS accounts. In 2018, it established a cloud center of excellence (CCoE) to manage and enhance governance, security, and compliance for all its cloud accounts. However, many accounts used complex custom code, requiring the small CCoE team to manage these solutions manually through a custom landing zone. As the team was also responsible for deploying new accounts, it was a time-consuming and complicated process.

To improve efficiency, Moeve migrated its cloud governance infrastructure to AWS Control Tower, which helps developers simplify the setup and governance of a secure, multiaccount AWS environment, in September 2022. “We need to do things in the most effective way possible,” says Rayco Martinez Hernandez, cloud architect and leader of cloud governance at Moeve. “AWS can give us the tools, so we don’t have to build custom tools ourselves. That’s why we decided AWS Control Tower was right for our governance solution.”

Over a period of 1 year, Moeve migrated all its AWS accounts to AWS Control Tower, using the single solution to streamline security and compliance management. The company first defined a new landing zone within AWS Control Tower and set up management, security, and audit accounts, then rapidly enrolled its existing accounts. Next, Moeve implemented an updated onboarding process for new cloud accounts. “Not a lot of big companies like Moeve have migrated from another governance solution to AWS Control Tower,” says Martinez. “We were trailblazers in using AWS Control Tower. We have very high standards in terms of governance and security, so making it work in our context required several iterations with the AWS Service Team, but finally we managed to achieve our goals.”

As part of its cloud governance solution, Moeve deployed AWS Organizations, which offers policy-based management for multiple AWS accounts as well as centralized management of integrated AWS services and authorization policies across all of the AWS accounts within an organization. Moeve also used AWS Config, a service that helps developers assess, audit, and evaluate the configurations of their AWS resources. These solutions provided centralized account management as well as visibility into configurations and into both custom and automatic deployment rules. Moeve also enhanced security and compliance using AWS Security Hub, which automates AWS security checks and centralizes security alerts, alongside additional AWS Control Tower security features.

By October 2023, Moeve completed its migration and immediately saw productivity and time-savings benefits. Previously, deploying a new, fully functional cloud account took the CCoE team 8 hours; using AWS Control Tower, the process takes only 2 hours—a 75 percent reduction. “Before AWS Control Tower, our custom onboarding process had 20 or 40 different steps, and we still had to maintain the code and resolve issues,” says Martinez. “Now, we only have to click a few buttons, and the account is practically ready.

The CCoE team can now deploy multiple accounts simultaneously, greatly enhancing scalability. For example, Moeve recently created five new cloud accounts for a large-scale project in just 3 hours—a task that previously took a week. “We are faster and more efficient using AWS Control Tower,” says Martinez. “This makes it possible for the development team to start working on other projects earlier.”

AWS Control Tower also removed the need for code maintenance during new account deployment. “We get a notification when deployment finishes correctly; we only have to look in the account if there’s an issue,” says Martinez. “If there are no issues, we don’t have to take any further action.” Moeve’s lift in productivity, coupled with the overall simplification in cloud governance, empowered the company to place nearly half of its cloud engineers on other critical projects. Additionally, migrating to AWS Control Tower helped reduce monthly cloud consumption costs by 5 percent.

By establishing best practices in cloud governance using AWS Control Tower, AWS Organizations, AWS Config, and other AWS Cloud Governance services, Moeve and its CCoE team streamlined and strengthened the security of its AWS accounts. The time saved helps the CCoE team to focus on advancing Moeve’s sustainability and expansion goals while continually enhancing governance and compliance.

Looking ahead, Moeve plans to continue its journey alongside AWS by adopting new features and services to support its growth. The CCoE team’s next step is to work with an AWS service team to optimize its AWS CloudFormation usage, helping developers speed up cloud provisioning with infrastructure as code.

“AWS Control Tower is Moeve’s pillar of cloud governance,” says Martinez. “We have all the security tools and control we need.”