Security, auditability and traceability – the main pillars for reliable, resilient and cost-efficient cloud infrastructure

“The immutable infrastructure has numerous advantages including consistency across different environments, no configuration drift, eliminates snowflake servers, simplifies deployments and rollbacks, among others,” said HeleCloud AWS Consultant Daniel Rankov at the 9th AWS Bulgaria meetup on 22 Feb 2018 in Sofia. The event was hosted by HeleCloud. Daniel Rankov led a session during the event and shared his team’s know-how and experience in using Infrastructure as Code with Terraform, packing images with Packer, running security scans with AWS Inspector, and deploying databases and stateful services in ASG.

Daniel Rankov presented a HeleCloud case study for immutable infrastructure deployment on AWS focused on security, auditability and traceability. The team approached the project by slicing the task into four layers:

  • AWS infrastructure
  • AWS account security
  • Operating system
  • Deployment and bootstrap

The project followed strict “Infrastructure as a Code” and “Immutability” principles in order to minimise the risk of human error, accidental access or loss of data. The major challenge was building and managing infrastructure focused on security. HeleCloud team build an AMI Factory to set a consistent and repeatable process of creating AMIs. The HeleCloud team implemented an innovative and cost-efficient approach for the deployment process taking security as the focal point.

Which AWS features and issues to keep an eye on when building reliable, resilient and cost-efficient cloud infrastructure can be found in the attached “Immutable infrastructure on AWS” presentation”.

About HeleCloud

HeleCloud™ is an Amazon Web Services technology consultancy with offices in Maidenhead, UK, and Sofia, Bulgaria that helps enterprises of all sizes establish Cloud vision, and execute Cloud strategies through their industry-leading Cloud Roadmap methodology. HeleCloud™ also provides Cloud managed services to further amplify Cloud benefits and enable enterprises to focus on their core business and customers.