Our Partners
Background
Authomize continuously monitors client organizations’ identities, access privileges, assets, and activities, to secure all apps and cloud services. It seamlessly connects to a client’s apps and cloud services, and collects all relevant information to graph’s data-lake to help client organization security teams achieve Zero Trust.
Authomize provides organizations with comprehensive observability, actionable insights, and remediation automation, enabling adherence to security and compliance requirements.
The Challenge
uthomize needed a solution that would facilitate rapid launch of their Kubernetes-based application platform for complex deployments in AWS making sure to establish AWS Best Practices foundations and to enable robust and reliable application deployments that meet Companies’ security and compliance requirements.
Authomize knew they needed a partner who had a deep level of expertise in the cloud platform, Kubernetes, Helm, and Infrastructure as Code to maximize their success on Amazon Web Services.
Our Solution
Authomize engaged OpsGuru, a certified AWS Premier Partner, due to the team’s extensive AWS experience and a proven track record with complex workload migrations.
With OpsGuru’s help, Authomize was able to migrate its Kubernetes workloads to AWS with a simple and manageable resources hierarchy using Terraform and Helm for all of their environments.
High-Level Overview Of Accounts And Networking
High-Level Overview Of Traffic Flow
OpsGuru worked alongside the Authomize engineering team to review and customize their infrastructure code and software development lifecycles. This process ensured that Authomize was able to rapidly deploy workloads to development and production environments leveraging AWS advanced features.
- Account Isolation
Environment-specific AWS accounts allowed resources grouping within environments as well as workload isolation. A centralized shared services account was used for the CI/CD and as a centralized container image repository for the environment-specific AWS accounts.
- Network Design
Implemented VPCs in each AWS account, with utilization of AWS PrivateLink to safely interact with AWS services such as S3, and VPC peering to inter-connect environment-specific VPCs with a shared services VPC.
- Kubernetes Baseline
Implemented infrastructure components and configuration management solution for frictionless management of the Amazon EKS clusters with configurable Amazon EC2 managed node groups.
- Efficient Load Balancing
Implemented nginx-ingress Ingress Controller within the EKS clusters to utilize Amazon ELB load balancing for the ingress resources and services of type loadbalancer.
- Secrets and Configuration management
Utilized AWS Systems Manager Parameter Store and AWS Secrets Manager for configuration storage of the Kuberenetes secrets through Kubernetes Secrets Store CSI Driver with AWS provider.
OpsGuru then assisted the Authomize team in their migration to the newly built AWS platform by extending the existing Helm charts to support deployment into AWS EKS.
After the completion of the project, OpsGuru provided comprehensive training sessions for Authomize’s team as well as documentation and operational playbooks for the newly designed systems. The training and documentation included the operation of EKS, short-lived credentials with IRSA and observability tools, among other topics.
The Result
As a result of the collaboration between the teams, Authomize was able to rapidly migrate the existing Azure AKS workloads to EKS, without any side effects or downtime in the process. All the components have been successfully deployed and validated allowing Authomize to effortlessly continue with their platform development on AWS.