Customer Stories / Financial Services / United States
Sixth Street Supports Business Growth by Rapidly Building a Secure, Scalable, Multi-Account Environment Using AWS
Learn how global investment firm Sixth Street quickly built a flexible account solution to drive innovation for development teams using AWS.
Global investment firm Sixth Street faced a deadline to migrate its cloud assets to a new platform while avoiding downtime for the business. The company wanted to build in scalability and flexibility to drive innovation while maintaining strict security controls for account access. Sixth Street turned to Amazon Web Services (AWS) to centralize and build consistency into its business processes. Using AWS, Sixth Street automated the assignment and management of granular access permissions, deploying roles in minutes and facilitating innovation for developers through a secure, distributed solution.
Opportunity | Using AWS to Quickly Migrate Workloads for Sixth Street
Established in 2009, Sixth Street is a global investment firm with more than $70 billion in assets under management. In 2018, the company began to map out a new infrastructure platform. “We wanted to take a different direction with application infrastructure,” says Adam Dutko, head of cloud platform engineering at Sixth Street. “The breadth and depth of AWS services made it simple for us to build a resilient, loosely coupled application architecture.”
Sixth Street was eager to explore the use of data science and other technology tools to transform its business within the investment management sector. “Within the industry, a lot of tech runs better on AWS,” says Dutko. “It’s the sweet spot. And that’s why we thought the use of AWS could benefit us.” The company worked alongside Logicworks, an AWS Partner that provides expertise in the design, automation, and management of custom AWS infrastructure for industries with high security and compliance requirements.
Together, Sixth Street’s small infrastructure team and Logicworks specialists laid out a migration plan that used various services from AWS to establish a centralized view of the company’s accounts. Sixth Street also wished to streamline identity management by deploying preventive controls, customizing access permissions, and performing operational updates in minutes. The solution had to work seamlessly alongside Okta Inc. (Okta), an AWS Partner that Sixth Street uses as an identity provider. “We wanted to challenge everything and build something that wouldn’t be just a monolithic repositioning of our data,” says Dutko. “On AWS, a lot of the services are already cloud native, distributed, and scalable.”
Within the industry, a lot of tech runs better on AWS. It’s the sweet spot. And that’s why we thought the use of AWS could benefit us.”
Head of Cloud Platform Engineering, Sixth Street
Solution | Establishing Centralized Governance at Scale for Company Accounts
To automate the setup of 30 AWS accounts at its peak and govern the landscape at scale, Sixth Street uses AWS Control Tower, which simplifies AWS experiences by orchestrating multiple AWS services on an organization’s behalf while maintaining its security and compliance needs. “By spinning up AWS Control Tower, we put a centralized view over all the accounts we had in play and all the identities involved,” says Sebastian Smith, cloud platform engineering lead at Sixth Street. Sixth Street migrated its entire business to AWS, including business-critical applications such as financial applications, trading applications, its analytics and reporting suite, and hundreds of terabytes of data from its data warehouse.
To implement additional controls, Sixth Street uses service control policies (SCPs) from AWS Organizations, which companies use to centrally manage their environments as they scale their AWS resources. Sixth Street groups distinct AWS accounts into organizational units that the company administers as a single entity, which simplifies account management and facilitates logging and auditing. Although teams work in shared accounts, individuals control and interact only with the resources for which they have permission.
Sixth Street uses SCPs for broader, coarse-grained access controls and implements fine-grained controls through AWS Identity and Access Management (AWS IAM), a secure way to manage identities and access to AWS services and resources. “We have a nice mosaic of controls versus just one big hammer,” says Dutko.
The company created a novel pipeline to build access controls to encapsulate workflows in its accounts. The pipeline uses a combination of Okta groups, account assignments, and AWS permission sets, a feature of AWS IAM Identity Center (Successor to AWS Single Sign-On), which organizations can use to securely create or connect workforce identities and manage access centrally across AWS accounts and applications. Developers have a single view into their accounts using Okta, and administrators save time in the deployment of IAM roles. “It used to take hours to refine policies and a lot of copying and pasting with potential errors,” says Smith. “Now, we’ve got it down to minutes.”
To prepare accounts in a consistent, standardized way, Sixth Street uses AWS Cloud Development Kit (AWS CDK), which accelerates cloud development using common programming languages to model applications. Rather than manually creating dozens of templates, Sixth Street uses code to push out permission sets and correctly map names to accounts. Sixth Street’s self-service model automates the deployment or updating of an IAM role, a process that used to take up to 1 hour and now takes minutes using its deployment pipelines and AWS CDK. “Python is ubiquitous in the cloud and in the industry, and I’m glad that AWS CDK supports it,” says Smith. In fact, the ability to scale up resources previously took months as engineering teams sourced equipment and waited for installation. “Now, I can do it in a few clicks plus about 30 minutes to refresh,” says Smith. “Our mature deployment pipelines can quickly roll out solutions at the speed of the internet.”
Outcome | Modernizing Business Processes through Automation
As of the spring of 2023, Sixth Street had completed about 80 percent of its migration. The team now wants to modernize its current processes and build automation further into the company’s continuous integration and delivery pipeline while looking to do the same for client portfolio companies. “AWS is top notch when it comes to supporting Windows workloads while we position ourselves to look at nontraditional things in the future,” says Dutko. “Now, we have the ability to compete in this new marketplace that the financial services sector is building on top of AWS.”
About Sixth Street
Sixth Street is a global investment firm with more than $70 billion in assets under management.
AWS Services Used
AWS Control Tower
AWS Control Tower orchestrates multiple AWS services on your behalf while maintaining the security and compliance needs of your organization.
AWS Organizations lets you create new AWS accounts at no additional charge. With accounts in an organization, you can easily allocate resources, group accounts, and apply governance policies to accounts or groups.
AWS IAM Identity Center
AWS IAM Identity Center helps you securely create or connect your workforce identities and manage their access centrally across AWS accounts and applications.
AWS Cloud Development Kit (AWS CDK) accelerates cloud development using common programming languages to model your applications.
Organizations of all sizes across all industries are transforming their businesses and delivering on their missions every day using AWS. Contact our experts and start your own AWS journey today.