Getting the most out of AWS Public Cloud

Envisian’s in-depth knowledge of leading technologies helped our university client better understand and respond optimally to the intricacies and capabilities of the AWS Public Cloud.

We identified potential cost savings of around $800K per annum, improved security across all the university’s AWS accounts and VPCs, and made it easier to deploy AWS instances.  To ensure ongoing success and ownership, we upskilled the university’s IT staff in key aspects of AWS technologies.

Here’s what happened.

Some months after the university had migrated its workloads to AWS, Envisian was asked to provide an independent review of the new Cloud environment.

Our Cloud Architect and AWS specialist identified a number of gaps in the management and operations of the university’s 600 or so instances (a.k.a. virtual machines) deployed into the AWS Public Cloud.

He alerted management and received approval to address the issues, to ensure the University took full advantage of cloud technology potential, adopted best practice governance guidelines, and understood the adjustments required when moving to user-pay environments.

Our methodical approach broke down the review into the key areas of cost, governance, security, and usability.  In this new, user-pay environment it was important to establish stronger governance and cost controls, to right size instances, and to conduct monthly reviews of the AWS environments.

To reduce costs, we investigated the EC2 usage/type across the account and proposed reserved instances where appropriate. We also designed and implemented an AutoON, AutoOFF schedule (nights and week-end) for non-critical workloads and designed a POC environment usage policy to provide a usable framework for experimenting new AWS products and design while controlling costs. And we designed and implemented a monthly review of un-attached EBS volume and unused snapshots.

To strengthen governance, we introduced AD integration into the AWS CLI environments and automated ‘tagging’ of resources utilising Lambda / CloudTrail.

To improve security, we implemented MFA on IAM accounts with AWS console / admin rights and FW rules to limit access to internal IP ranges to the University console or CLI, reviewed security groups to lock-down risks / open ports and networks, and, for storage, we implemented encryption on selected S3 buckets and improved the certificate management process.

And for better usability, we re-designed to include load balancing (ELB) within VPC’s, implemented API and CLI SAML logging and provided additional AWS architecture training to staff.

That’s it.  But you need to know your stuff.  Envisian technical specialists do.