How can you enable users on AWS in way that adheres to governance controls but without adding obstacles to innovation?
The Platform Services business unit are responsible for the delivery of global platforms to enable enhanced productivity and value delivery at enterprise scale. The team seek to drive value by combining ServiceNOW and automation for AWS to enable improvements for request fulfilment where the requirements are considered simplex.
The team want to develop a capability that will support semi or fully automated provisioning for existing operational teams in addition to providing a path to self-service provisioning for internal development teams with more advanced AWS adoption.
Key to the challenge was a requirement that the solution provide a mechanism to enable "Day 2" operations within the organization from the existing support teams.
Hestio combined modern Infrastructure-as-Code practices, automation and native AWS services to create an Infrastructure Vending Machine for AWS that will included:
- Creation of automation pipelines for Infrastructure As Code (IAC) based provisioning
- Development of templated support for the provisioning of IaaS resources (EC2 VMs, S3 Buckets, RDS Databases, etc) into target AWS accounts using Spoke VPCs as part of an existing Hub & Spoke model
- Enhancements to the existing GitLab Image Factory for additional VM images required for simplex stack product offerings
The capability was delivered as a functional set of automation pipelines that provided a mechanism to allow the capability to be inserted into existing manual processes within the organization for resource provisioning.
The design summary below illustrates how this capability can be inserted into the existing process (#1) to automate resource provisioning. It can also provide for post provisioning activities for those teams that have adopted Infrastructure as Code (IAC) practices (#7)
This scope of work is aimed at delivering the "Day 1" operations solution the design has taken "Day 2" requirements (e.g. modifying disk size) into account.
ServiceNOW captures payload and is responsible for triggering pipeline.
The provisioning pipeline itself is codified which provides support for both API triggered pipelines from ServiceNOW (target state) and curated provisioning via web forms.
Input parameters from the trigger are used to select from a list of codified blueprints
New stacks of resources are provisioned using the selected blueprint. Terraform, open sources tools and codified infrastructure are combined with input parameters to provision resources into target AWS account
Code, config and (optionally) state are injected into new Git repository to represent the entire stack in it's codified state
Stack is then pushed back into a secure stack registry with source control support (GitLab)
Further changes can then be made using same toolset by DevOps and Operations teams
Business benefits for the customer
The customer create a mechanism to enable other teams within the organization to serve some of their own infrastructure needs on AWS, without adding additional obstacles or barriers to innovation.
The engineering and operational teams get a solution that delivered outcomes compatible with the same technology (Terraform) already in use for more complex workloads in AWS.
At Hestio, we have taken our experience with designing and building on cloud to codify these patterns and made them available as a low-code pattern library for AWS. Why spend time and effort on reinventing the wheel when it's already a solved problem? Would you start developing office productivity software in a world where Microsoft Office already exists?
If you'd like to find out more about the products and services Hestio has to offer, select one of the options below.