CUSTOMER SUCCESS STORY
AWS CI/CD BEST PRACTICE BY A&B
The customer is a universal bank with a balance sheet of 6000 million Euro and with more than 250 branches in Germany.
The client has acknowledged that they intend to migrate their workloads into the cloud, yet the In order to utilize the AWS in a meaningful capacity, all regulatory concerns have to be addressed. For each process and security measure of the client-established workloads and environment, an equal (or better) target environment has to be set up on AWS in order to green light any meaningful migration.
With more than 6B in their balance sheet, the client can not risk any security trade-offs and AWS adoption must be secure from the beginning.
We implemented a complete automated CI/CD deployment pipeline in this project for the customer. We advised on AWS security and IAM settings in order to enable custom permission and access settings.
Each pipeline had to be monitored and audited using AWS Cloudwatch and Cloudtrail. Notifications and warnings had to be delivered using hooks to SQS queues for Lambda-delivery onto messaging systems.
Credentials should be gathered from secure storage (Systems Manager Parameter Store/Secret Manager), KMS encryption had to be prepared for use inside and outside of the pipeline to secure artifacts.
The pipelines had been subject to mandatory compliance checks using a third-party scanner. In order to pass these tests, blueprints have been designed to prepare compliant IAM roles, Security Groups and other frequently used AWS resources.
Audit logging, monitoring, alerting, call tracing using Cloudwatch, Cloudtrail, X-Ray and their suitable processing, dashboarding and archiving solutions (S3, Athena, Cloudwatch insights, Message dispatching using Event-trigger-Lambda-Chat bridges, etc), SCPs as guard rails, network inspection using Guardduty, Ingress protection using WAF/Shield, workload security with Detective and Systems Manager and inventory tracking with AWS Config.
We’ve been the first AWS partner in DACH, focussing crystal clear on Cloud Security. We’re providing cloud security expert advice to C-level executives, management roles, product teams and engineers. We integrate and enable.
Pimp your existing CI/CD pipeline to the next level! Alice&Bob.Company continuously monitors and improves your current CI/CD pipelines.
We continuously integrate automated and scalable Cloud Security into your software development lifecycle.