Brillio helped a leading staffing company based in Tacoma, to automate their multi-account strategy in their migration journey from on-prem to AWS.
Our customer is an American recruitment and staffing company based out of Tacoma that offers reliable and efficient workforce solutions and services to a wide range of industries such as aviation, construction, energy, financial services, manufacturing, pharmaceuticals, and transportation.
Their applications have been hosted in their on-premise data centers, across the globe, for a long time. For secure storage and agile operations, the client wanted their infrastructure to migrate from on-prem to AWS.
While migrating to AWS, the biggest challenge has been provisioning a new AWS account, as that needed creation of a minimum viable landing zone. As a result, default Virtual Private Clouds (VPCs) were deleted from all the AWS regions and new VPCs had to be created as per the requirements. This process was not only error prone, but mostly manual and highly time-consuming.
As the customer had opted for a multi-account strategy to achieve isolation and security of environments, cost control and management, every newly created account needs CloudTrail Logs enabled and baseline Service Catalog products such as LAMP Stack, RDS and IIS.
Brillio helped them by having AWS launch Account Vending Machine (AVM) from the service catalog and enter all the required details to create a new account. The AVM needs an AWS Account that is AWS organization enabled. So, when an account is created, Lambda invokes the CloudFormation (CFN) templates for VPC creation, which is tracked through a step function and reported back to CFN Stack created by AVM.
How is AVM created?
When every required role is created, AVM Service Catalog Product CFN Template is populated with details. All the Python codes and CloudFormation templates are kept in a secure S3 Bucket in another AWS account where AVM is implemented. This is called the Management Account.
Besides, Lambda functions that are written in Python utilizing Boto3 SDK, AVM has Catalog Product CFN templates which:
Create required roles in every participating AWS account
Define parameters in the AVM Service Catalog Product
Create Lambda Function and create AVM Service Catalog Product
Create baseline products in the Service Catalog
Create custom VPCs
Benefits and Business Impact
Faster account creation
Automated account management
Data available on cloud for all users— all files can be read from the S3 Bucket (holding the code base)