Main technologies used
- AWS Config
- AWS Lambda
- Implementing a consistent compliance policy across the entire organization (over 50 accounts)
- reduction in governance costs
- Identifying unused and non-compliant resources
How to smoothly manage compliance in the cloud
Our client is a bank, which decided to move its services to the public cloud. Previously, there had been a lot of distributed and independent resources on premise, so one of the biggest challenges after the migration was to implement a new governance and compliance policy consistent across the entire organization. The core of our solution was AWS Config and tag management.
Always know what’s going on with AWS Config
AWS Config is a really useful tool that helps you audit the configuration of your resources and determine whether they are compliant with your internal regulations. Moreover, tagging your solution helps you identify and manage them more smoothly. We decided to implement AWS Config within important accounts to monitor resources like EC2 (instances, interfaces), EBS (volumes, snapshots) as well as RDS (instances).
Another crucial client’s requirement was for the solution to be scalable so that it can be easily deployed on other accounts when needed. This was achieved thanks to the use of AWS API and Terraform.
We also ensured that if any anomalies are detected, the Client is swiftly notified using SNS Topics (information sent to teams responsible for fixes and reaction) and SES (if the owner tag exists, owner receives notification directly). The client’s support and maintenance team were also instructed on how to react to those notification emails so that the remediation actions are efficient. All the data is easily available from the level of AWS Config aggregator master accounts.
The solution works with AWS Lambda, which is triggered by periodic and event-based rules and can be easily implemented for new services.
Our solution also ensures that:
- all configuration changes for all resource types are recorded,
- global resources are monitored,
- annotations are used,
- data is aggregated on the AWS master account.
Results and Benefits
The solution allowed the client to recognize the unused resource that generated unnecessary costs as well as the ones that were non-compliant and posed a security risk. As a result, the compliance & governance portion of AWS cost usage was reduced. An increased awareness of how infrastructure is used enabled the institution to optimize how compliance & governance is handled.
Tameshi is Advanced AWS Consulting Partner focusing on supporting financial institutions on their cloud journey. Tameshi team has unique competencies to assist its clients in digital transformation, cost optimization & cloud infrastructure audit as well as in the compliance area. Tameshi is also AWS Lambda, API Gateway and Config Partner. This confirms its expertise and a proven track record in building and migrating solutions to architecture running on serverless computing as well as auditing and evaluating the configuration of clients’ AWS resources.
Tameshi is a proud partner of companies including Luminor, Medicalgorithmics, the European Space Agency and many more.