Today we’d like to share the story of how the DevOps team at Flux7 worked with a Fortune enterprise customer to help them automate their AWS VPC creation, which reduced several days of manual, repetitive tasks into a simple user interface, concluding with a single click. Saving this firm days of manpower has meant that these resources can now be used for more strategic, business-impacting activities. Read on as we share a business view into this AWS case study.
Before we dive in to this manufacturer’s AWS VPC best practices project, let’s quickly review. AWS VPC (Virtual Private Cloud) is the Amazon service that allows operators to provision a logically separated section of the AWS cloud where they can launch AWS resources in a virtual network that they define. AWS VPC offers a variety of connectivity options (e.g. direct to the Internet, to a data center, other VPCs, etc.) and has all the benefits of the AWS platform, with scalability and more.
Like many organizations, our Fortune 500 customer used AWS VPC to simplify communication, increase security and reduce compliance scope. However, prior to this project, the team had a highly manual provisioning process that would involve several days worth of tasks, many of which were highly repetitive. To faithfully execute this several-day process, documentation was needed. And, indeed, this firm had a highly documented process for deploying AWS VPCs.
Yet, a manual process opens the door to human error. And an error would often result in the process needing to start over from the beginning, which in turn meant that even more resources would be consumed in the process. The first step in automating VPC provisioning for this firm was to create templates from its documented process with code replacing documentation.
As new things were added to the process, they were added to the code, remediating the problem of outdated documentation. Further, this allowed new processes to be flawlessly followed, rather than operators forgetting to include a new step or following an old process out of habit. Last, the automated process allowed us to codify institutional knowledge, decreasing issues caused when people leave the organization while simultaneously growing the number of operators who are now able to effectively deploy a VPC.
AWS VPC Automation
VPC automation was created as a serverless API using AWS API Gateway to process incoming requests, AWS Step Functions to coordinate the actions, and AWS Lambda to perform the functions. The entire infrastructure was deployed using Jenkins. In addition, we applied best practices to the new VPC process, including:
- Defining parameters with constraints,
- Organizing parameters into groups as appropriate,
- Deploying a default stack policy of allow changes to be modified,
- Passing secrets through AWS Parameter Store or by using a NoEcho parameter, and
- Deploying the same stack in production and non-production environments.
Create User Interface
We then created a front-end user interface for the company which contains everything in one screen that an operator needs in order to create a VPC. Filling out the form and clicking “Create” results in a VPC provisioned with the required parameters. From here, everything else happens on the back-end with automation.
More than a simple UI change, this transformational change was also applied to automatically provision Transit VPCs -- which connect multiple VPCs that might be geographically diverse or in separate AWS accounts to a common VPC -- and associate existing VPCs to it. In addition, Flux7 helped this manufacturer audit jobs running on a VPC. And, we automated the process of increasing VPC IP limits, giving additional IP space through additional subnets or VPC peering, when specific rules are triggered.
We concluded the project with knowledge transfer, teaching the firm’s teams how to use the new interface for easy VPC creation as well as an overview of the backend should future changes be needed to the VPC creation templates. We included team members from development, operations and security in the training, showing all teams how the process works and addresses their team’s specific goals. This team approach was well received and ensured initial and ongoing success, with teams across the organization bought-in to the new automation and able to work together to make changes in the future for ongoing success.
Taking VPC provisioning from many days to a single click freed up important resources for this company. Moreover, the use of templates and automation added consistency to the process, while vastly decreasing the opportunity for human error -- and the need to start the process all over again. In all, VPC automation has been a transformational change that removed the team’s reliance on documentation and internal experts who had specific tribal knowledge, making the overall team more agile and responsive to business needs. Moreover, this change is paving the path to use of other AWS services, like AWS Organizations, that will provide the firm even greater security and business-unit level control.
For additional reading on AWS Case Studies where Flux7 helped increase automation for better resource utilization and enhanced security:
- Voyant Grows Data Security and Customer Satisfaction with Advanced AWS services
- Microservices Speed Market Responsiveness for Financial Service Leader
- TN Marketing Scales Performance, Elasticity and Security through AWS CloudFront, ELB and WAF expertise
- RentACenter Builds Innovation, Availability and Security-By-Design
- AWS Service Catalog Increases Developer Productivity and Business Responsiveness