Global Software Company

Project Summary

The Well-Architected Review is an AWS tool that certified partners conduct for clients. It provides guidance for developers, architects, and sysops as they design, build, migrate or optimize workloads to run secure, high-performing, resilient, and efficient infrastructure for their applications and services in AWS.

The review is a mechanism used to teach, measure, and improve a workload based on the customer’s business and technical objectives. At the project outset, eCloud Managed Solution’s objective was to gain a clear understanding of the current state of the workload and customer’s understanding of AWS architectural best practices. The AWS well-architected framework is its best practice and methodology on how to build out an AWS environment.

eCloud’s deliverable identifies risk, operational inefficiencies and opportunities for cost optimization, and recommends changes that mitigate risk and improve the workload performance while optimizing costs.

The Strategy

Security

Hannon Hill’s primary objective was ensuring a sound security posture. eCloud discovered 143 EC2 instances without an IAM profile attached and S3 buckets without default encryption enabled. AWSConfig, CloudWatch, and CloudTrail were also not enabled. Without these key services being enabled, Hannon Hill had limited insights into monitoring, performance, and security incidents.

Reliability and Performance Efficiency

Another stated goal was to increase uptime and platform availability. eCloud identified that Hannon Hill lived only in a single Availability Zone, without snapshots or backups scheduled, and with only a single load balancer. Uptime was at-risk.

Cost Optimization

The final review area cost. Idle EC2 instances were identified, as well as EBS volumes attached to stopped EC2 instances and expired Reserved Instances (RIs).

Assessment Remedies

Security Remediation

Results of the Well-Architected Review aligned the Hannon Hill team and eCloud Managed Solutions in assigning first priority to shoring up security. eCloud worked with Hannon Hill to encrypt the unencrypted S3 buckets while defining an IAM role for EC2 instances without an IAM profile attached, then attaching the EC2 instances to the new IAM profile. eCloud also ensured that encryption in transit was operating and configured properly.

Increased Reliability and Performance Efficiency

To increase the availability of mission-critical applications, eCloud leveraged a best practice and configured a multi-AZ approach with application load balancing (ALB) across two AZs, leveraging Route53. To monitor uptime and security requirements and prevent attacks and intrusions, eCloud re-configured a combination of Amazon WAF, and enabled CloudWatch and CloudTrail.

CloudWatch ensures that all performance functions of an application are monitored for operational efficiency and speed. It logs events and sends alerts so that additional resources can be dedicated to the application if there is a need to rapidly scale up. WAF security rules were put in place to control web application traffic to each application. CloudTrail, on the other hand, monitors the back end of the application, ensuring governance, compliance, and operational and risk auditing services are all being performed. The WAR identified that CloudTrail wasn’t enabled.

While CloudWatch looks at application demands, CloudTrail notes AWS account activity, including changes to the Management Console, SDKs, and command-line tools. – (By enabling these monitoring services, the client now has automated eyes on their application security and performance.)

Cost Reduction

Once the remediation steps were deployed and tested, eCloud implemented cloud storage policies to leverage cost optimization best practices, continuous evaluation, and EC2 right sizing. Idle resources and resources attached to stopped instances were shut down. In order to lower costs, rules were built for S3, Infrequent S3, and Glacier. A Reserved Instances (RI) strategy was adopted for existing EC2 and RDS instances, along with future resources. A compliance-driven backup solution, identified by the Well-Architected Review framework, was also built.

Proven Results

With eCloud Managed Solution’s guidance and direction, Hannon Hill increased application uptime availability, improved security, and optimized costs. Since the remediation, the expected cost savings were delivered and security posture improved. Solutions were delivered to increase application availability and uptime, and a backup solution is in place.

The eCloud Managed Solutions team is dedicated to our client’s success. Due to the AWS Well-Architected Framework and flexibility of the AWS Platform, eCloud Managed Solutions was able to remediate Hannon Hill’s environment and achieve its goals of increased availability in a cost-effective way.

Due to the success of the Well-Architected Review process, Hannon Hill entrusts eCloud Managed Solutions with continuous cost optimization and security monitoring.

Hannon Hill increased application uptime availability, improved security, and optimized costs, including a projected annual savings of 26%. By enabling CloudWatch and CloudTrail monitoring services, the client now has automated eyes on their application security and performance.