Making evidence-based analytics that help organisations manage a wide variety of risks puts a strain of multiple cloud environments. Risilience needed to better understand their use of the cloud, ensuring that their current environments and infrastructures were built intelligently, and able to cope with growth, whilst being cost effective.

This challenge presented Firemind with the ability to perform a full architecture and optimisation report, working across 6 individual accounts within AWS.

Firemind was chosen due to our experience in assessing the quality and modernisation options available within existing architectures. Over the years, we have undergone a wide variety of workshops for businesses, spanning migration best practices, modernisation next steps, magic wand workshops and more.

Risilience needed a partner like Firemind who could quickly ascertain the quality of architecture in use, as well as work through the best cost optimisations for a company that was growing and scaling in in cloud demands.

During this project, Firemind reviewed the architecture, configuration and utilisation of services and resources across the 6 accounts within the Risilience AWS organization. The goal was to reveal methods to enhance security, optimise performance, review scalability, assess reliability and business continuity, and to cost optimise.

Overall, Risilience was doing an excellent job in managing and provisioning their AWS services and resources. A lot of recommended methods and best practices were being followed, using Ansible to manage IaC deployment of their environments provided a good level of consistency across accounts,
and everything was well organised with strong and manageable naming conventions.

The time spent on this review project looked more closely at services in use and resource relationships and configuration. The recommendations assembled in our report were focused on methods of being Cloud Native, full resilience and scalability, and taking full advantage of the AWS environment and the services available in AWS that enhanced or improved on more traditional server centric methodologies.

In addition, a lot of focus was put into cost optimisation. Not only reducing the current spend and making better use of the services and resources in place, but also ensuring that costs can be managed and did not grow exponentially as the business grew. Essentially, we wanted to help Risilience ensure that as the business scales, costs remain manageable, proportional and can avoid any financial surprises that would require a drastic change to infrastructure design, resource selection or operations.

To view some of the main benefits, view the value adds below.

Right-sizing was an easy win for Risilience. Adjusting the size of compute and database tiers deployed into the environments will not only save them money, but open budget to apply more effective scaling solutions. Amazon EC2 is the most over-provisioned service, and probably the easiest to adjust inside the current CICD pipeline. The only thing to review and test in preparation for this change was the statefulness of the Risilience application.

The network/VPC configuration was one of the few major concerns in regards to Risilience security. Their placement of some resources on a public subnet should be avoided, and anything that can be moved into a private subnet should be moved as soon as possible. Resources that are only connecting to other resources do not need to be publicly exposed, and servers that do need to be accessed for login to Risilience,
should be associated with a load balancer to ensure there is added security and a secure connection for all authorised traffic with a Client VPN for staff/dev access.

Some additional organisational advice was to use tagging policies (SCP) or adding additional tags to resources deployed from Ansible (environment, owner, version, etc.), and to enable logging wherever possible with a defined retention policy on logs (EC2, RDS, MQ, etc).