Automated AWS & AZURE customized landing zones and security 

About the client

An automotive manufacturer with $25.5 B annual revenue across 19 countries.

Key challenges

The client adopted a cloud first strategy and selected AWS & AZURE as strategic cloud vendors. Key challenges included a lack of control over the AWS and AZURE subscription creation process; inconsistencies in their security, compliance, governance, and logging capabilities, a lack of automation capability, and an absence of self-service mechanisms.

Solution

Part of the cloud transformation programme, we designed customized AWS and AZURE landing zones including Active Directory and Okta integration alongside a centralized account and subscription creation process.

We centralized Security, Guardrails, and Compliance using Infrastructure-as-a-Code (IAC) principles and landing zone architectures.

We then set up a cloud-agnostic Jenkins pipeline and automated day-to-day tasks, leveraging Terraform and Ansible as part of the core toolchain.

Outcome

On successful implementation the project delivered tangible benefits in four key areas:

1. Reduction of the account creation process from weeks to hours.
2. Reduction of the enterprise security risk to zero thanks to strict governance, compliance, and alerting functionality.
3. Enabled self-service provisioning for faster request and resolution, reducing the process times from 2 weeks to 3 days.
4. An 80% reduction in unwanted accounts per annum from 100 to 20.