By Jeff M.
ActioNet is proud to announce our latest achievement with our AWS Partnership, CloudFormation Service Delivery Designation! This new designation fits in perfectly with the ActioNet core value to Sustain Service Delivery Excellence. We continually expand our capabilities and expertise to ensure we provide the excellence you need. What is a CloudFormation Service Delivery Designation and what does it mean for me? Great question. From the AWS website: AWS CloudFormation Partners | AWS Service Delivery | Amazon Web Services
“The AWS Service Delivery Program is designed to validate AWS Partners that have deep technical knowledge, experience, and proven success in delivering specific AWS services to customers.”
In short, AWS agrees we are competent, efficient, capable, and proven when it comes to CloudFormation. They have reviewed our processes, reviewed our case studies, and approved our CloudFormation Service Delivery Designation.
CloudFormation is used to create Infrastructure as Code (IaC) and allows you to design, build, and create your infrastructure as code, just like any other application. Using IaC creates multiple improvements in your operations, cost control, optimization capabilities, audit capabilities, disaster recovery and more. It allows for repeatable deployment capabilities with full confidence the deployments will work every time. Using IaC allows you to create your entire infrastructure in a text base format which is then implemented in the AWS console or via API. This means your infrastructure is stored in a code repository like CodeCommit or Git allowing for version-controlled infrastructure which can then be tied into your ticketing and deployment systems. CI/CD pipelines can now be leveraged not just for application but for infrastructure as well. Tickets and version-controlled commits can be assigned to specific improvements in infrastructure allowing for better auditing and tracking as well as more rapid rollbacks if something goes awry.
By parameterizing CloudFormation templates you can easily deploy identical stacks to multiple environments. Have you ever had concerns that dev was different from test which is different from production? Using IaC allows you to deploy identical copies of infrastructure to all your environments ensuring applications that work in the Dev environment will work in Production as well.
Disaster Recovery is a concern for any program. CloudFormation can assist here as well. ActioNet helps clients achieve extremely rapid disaster recovery by frequently testing redeployment of entire stacks in lower environments. For example: our test environments are entirely disposable. After a round of testing we can delete the stack which terminates the environment. Then, when developers are ready, we redeploy the entire environment, literally, with the push of a button. This ensures not only that the application is tested in a pristine state but also continually tests your IaC functionality ensuring it works and is ready for any DR crisis.
CloudFormation saves money! Turing down test, or even development, when not in use can bring substantial cost savings to a program. For example, developers aren’t developing overnight, and neither is testing yet you’re paying for those resources when not in use. Why? Set your environment to terminate at 8pm and reinstate it at 6AM, Monday through Friday. This cuts development and testing infrastructure costs in half. This also ensure your infrastructure can be rehydrated daily. As developers create new CloudFormation templates they are added to a library or CMDB which other developers can access to encourage code reuse at all levels further cutting development time.
CloudFormation improves your security posture. Since we know we can rehydrate rapidly, if Cyber detects an intrusion we can simply isolate that system for analysis and redeploy a fresh copy of the environment. Once the attack vector has been determined can apply the fix via IaC and redeploy clean systems. This tactic can be applied to STIG changes as well. Apply the STIG change by updating the template to harden your system and redeploy it all in Dev, prove it out, move to test, and finally production! Penetration testing gets even easier. Spin up a new Penetration Testing environment and let the testers do their thing. Since it’s a separate environment there is no concern about a system going down. When they are done simply delete the environment. When it comes to OS hardening, IaC STIGs allow you to keep libraries of hardening scripts which can be reapplied repeatedly with predictable results. Cyber can now keep a suite of hardened secure images ready for use.
IaC allows you to leverage CI/CD pipelines. You make small, incremental changes and deploy them continually. Tied to a Blue/Green deployment cycle you can keep your infrastructure up to date with the latest improvements and efficiencies which significantly reduces technical debt. If an OS is reaching End of Life you can spin up a new environment and test the application on a new OS by simply selecting a new Amazon Machine Image (AMI) from AWS. This ease of environmental builds creates an enhancement mindset culture. Product owners and developers are confident they can try new things without compromising existing systems. Fantastic for ITIL Continuous Improvement.
ActioNet helps enforce CloudFormation best practices to ensure applications are properly tagged prior to deployment, are atomic, and parameterized. Built in agreed upon tagging structures allow for tracking of who owns what, how much an application costs, and can facilitate automated patching and auditing capabilities. We don’t even allow systems to be deployed without proper tags no matter how small. This significantly reduces Shadow IT in the cloud. We create templates which are atomic in nature. This means they are small components which can be deployed over and over and easily be integrated with other systems. Think Legos. And parameterization creates maximum reusability across all environments and applications.
ActioNet, as a ServiceNow Elite Partner, integrates tightly with CloudFormation. New templates are added as configuration items for use, and reuse. Customers can order entire infrastructures from a prebuilt set of Service Catalog entries. As they are deployed, they are automatically added to a CMDB and tracked. Since we enforce proper tagging administrators know who to talk to about those systems.
ActioNet has leveraged our CloudFormation capabilities in support of our customers across the United States and around the world. We know how to make IaC work. Our CMMI-DEV and CMMI-SVC Level 4 Assessed capabilities brings to the table a strong understanding of process maturity. We have successfully helped implement, train, and maintain systems across the government and are ready to help you achieve more. For more information, please go to https://www.actionet.com/what-we-do-main/cloud-solutions.