DoiT’s Customer Reliability Engineers (CREs) conducted initial review sessions with the customer to quickly identify the key challenges to scale for Apex Networks’ infrastructure: a single account architecture that prevented implementing more granular security controls, laborious and manual compliance audits, and slow, manual deployment methods on an outdated infrastructure.

First, to ensure the existing structure’s compliance with AWS architectural guidelines, the DoiT team applied AWS DevOps best practice to implement a new, dedicated “Management Account”. They also deployed AWS’s Control Tower, a service to enforce and manage governance rules at scale across all organizations and accounts in the AWS Cloud. DoiT complemented this with customized guardrails to meet the customer’s specific workloads and auditing governance needs. The team integrated these with IAM Identity Center and the customer’s existing IdP solution to allow Apex to now manage and maintain their security controls with consistency and automation.

To address challenges with audit and compliance, DoiT then built and deployed reusable AWS CloudFormation Stacksets to manage AWS security controls for existing and new accounts. This included IAM Access Analyzer, GuardDuty, and Security Hub, which together delivered a secure and governed AWS environment. And by enabling monthly access reports to assist with the required auditing for ISO 27001 compliance, DoiT helped Apex address essential governance and security items before Apex’s upcoming audit.

The last piece of solving Apex’s struggle to scale was in addressing its outdated infrastructure. The previous deployment methods were manual and therefore created operational overhead. DoiT’s CREs provided training, demonstration, and best practice documentation for AWS Systems Manager to deploy and configure the Apex’s large EC2 Fleet. To further enhance the networking infrastructure, DoiT also performed a network architecture review, made recommendations, and modernized the deployment approach by creating an IaaC template to deploy VPC, Network, and Network Security controls for newly vended accounts. By automating deployment methods and aligning the infrastructure to DevOps best practices and methodology, Apex is now able to control much more of the team’s operational overhead.

Regular review sessions throughout helped to guide the successful implementation of these key strategic improvements. By staying in close collaboration with DoiT, Apex was able to improve and refine their approach continuously. Consequently, the customer achieved significant growth in their DevOps and DevSecOps capabilities, establishing a strong groundwork for future iterations of their DevOps practice. Their networking infrastructure was successfully optimized within the digital landscape to realize new efficiencies and improvements in the quality of deployments.