Devops & IAC
CASE Study: How IaC hepled push one of the largest Insurance giants to the next level
This article was written by Scott Tate, one of the leaders of this project with one of the largest insurance companies in North America
Over the last 12 months, Blndspt Consulting has been revolutionizing technology for one of the largest insurance companies in North America.
How you ask? What could warrant such a bold statement? In a word (or an acronym), IaC (and mastery over it). Blndspt has worked with this agency to completely overhaul its entire infrastructure automation process with Pulumi, AWS CDK, Terraform, CloudFormation, and AWS.
How can IaC provide such improvements?
Iac, or Infrastructure as Code, is a relatively new concept that models environments WITH code. Sure, some form of IaC has been around for 10 years in the form of declarative JSON, YAML, or HCL (TerraForm). However, only in the last few years have IMPERATIVE tools become mainstream. With IaC, you model environments with TypeScript, Python, .Net, and many others. Using tools like Pulumi or AWS CDK, 500 lines of declarative script now become 10 lines of imperative code.
In his advanced PluralSight course on the AWS CDK, Scott teaches how to build imperative IaC stacks at massive scale, demonstrating that an AWS VPC can be created in 5-10 lines of code (as opposed to 500 lines of CloudFormation JSON).
So again, why does this beget the bold improvements stated above?
I’m glad you asked! (again). Yes I digress from time to time. In short, this company comes from a very long history of on premises data centers in tandem with a very long track record of hardware virtualization. In short, building a new environment for a new project literally takes them months.
How can you be innovative when building an environment takes months?
New projects, new technologies, new directions….how can you steer a large ship when you simply cannot fail fast and turn it quickly enough? You can’t! Simply building new infrastructure can cost more than the concept project or technology. As such, Blndspt, using Pulumi and AWS CDK, helped this organization automate the creation of all of their environments to the cloud with repository based IaC. In the past, to build an environment, 20 different requests were required, and the process took over a month. Now, the process is fully automated and takes a button click that kicks off a simple approval workflow and then acquires and builds the entire environment in real time.
100% Automated Infrastructure – ROI
Think for a moment how much it would cost to build an environment that takes over a month to build. What if you need 2, 3, or 4 of them for dev, test, stage, etc. Costs are now growing into the 5 figure annual range just for the environment! Now imagine the resources required to maintain these environments? That just put us into the annual 6 figure range. With automated and fully managed IaC, these numbers are all but removed. Environments become ‘immutable’ and can be destroyed and recreated with a button click. Would you like to chat with your boss or financial representatives in terms of 1,000 to 10,000% returns on investment? Careful, that’s promotion territory!
The Coolest Part – IaC Driven by UI
Ok so we’re all a little technical, and we get enamored by whizbang flashy tech. If you’ve ever used ANY cloud portal in existence (AWS, Azure, Google, IBM), you know that this is just what it is, a dispassionate portal that lets you click-build a set of resources that are likely over-provisioned, don’t follow corporate governance standards, cost more than you are allowed to spend, and immediately become ‘rogue environments’. Does that sound about right? Did you react like the rest and simply run out and implement AWS Landing Zone in your environment to try and impart an element of control using a giant hammer? As a result of this lack of overall governance, Blndspt created a User Interface to allow the organization to build environments from a pre-set (fully supported) set of resources and constructs (environment management system). These can be as simple as highly confidential 7-year retention S3 buckets, to full web and application servers behind VPC’s and VNet’s. Click, click, click, provision. And that’s it. You as a developer (or DevOps engineer) now have a fully integrated environment you needed to do your job with a few UI clicks. And, when you need to add or remove resources, the UI allows this and then re-deploys the change. No more rogue environments. No more drift (to coin an AWS term if you were that person mentioned above that used Landing Zone as a big hammer)…just fully supported, fully governed, fully cost-conscious environments with which you can now innovate and turn that big ship as quickly as your imagination will allow.
Tech Talk: Pulumi/CDK/CloudFormation/Terraform
Whether we like it or not, politics will always impede our progress (the larger and older the org, the more impact it has). Some engineers are familiar with CloudFormation, others are familiar with TerraForm. Some have pure developers and some are limited to ‘DevOps’ roles. In light of this, Blndspt combined several technologies to allow for this entropy pulling in all proverbial directions. Stacks (imperative) are created in Pulumi or AWS CDK, allowing developers to use TypeScript or Python, and DevOps engineers to focus on CloudFormation and Terraform (declarative). Terraform stacks are able to be deconstructed into Pulumi (with TF2Pulumi), and AWS CloudFormation stacks are able to be represented in both AWS CDK as well as CloudFormation forms. Everyone is happy. Politics “schmolitics”, Silo “schmilo”. At the end of the day, environments remain fully governed and capable of being created and destroyed with a button click. In order to accomplish all of this, we built an entire set of API’s to control and manage the AWS CDK. Recently, Pulumi has built their Python API for this very purpose. We are proud to say that we too built the AWS/Python API’s for ‘automating the automation’. We jokingly call this “IaCaC”, or “Infrastructure as Code as Code”.
Let’s face it. Environments, on average, are more than a web server and a database server. In the real world, environments have complex networking, message queuing, exposed frontends, caching, content delivery networks, fail over, fault tolerance, etc. (not to mention requirements around PCI, FERPA, HIPAA, ISO, etc.) As a result, building integrated IaC can be complicated for these types of ‘typical’ environments. Blndspt has built some of the most complex environments with IaC you can imagine. Think about hybrid cloud, with on premises Oracle databases communicating fully with cloud resources. Think about Docker and Kubernetes clusters that span multiple cloud providers, and/or cloud and on premises.
Why Blndspt? To put it simply, we consider ourselves to be the best IaC consultants in the world. We work directly with Pulumi. We work directly with AWS on furthering CDK advanced usage. We build courses to teach you how to use these tools. We are Pulumi, Microsoft, and AWS partners for this reason.
Don’t Believe Us?
We don’t mind. Just reach out to us and we can show you how IaC automation can trigger efficiencies and cost savings that are considered promotion-worthy!
We love AWS. We love Microsoft. We also love writing stories about IaC success, especially when it can make such an impact for one of the largest insurance companies in the world.
However, from our vantage, both of these giants want you to play in their pools. We cannot afford to specialize in our line of work. To that end, Blndspt and Pulumi have become very close partners to build cloud-agnostic IaC. Watch for upcoming announcements on how Blndspt and Pulumi plan to work more closely together to bring you the most advanced automation tools and skills in the world (on any cloud).
(I like to joke about the platypus and the penguin. Is that classic or what?)
1553 Platte Street, Suite 300
Denver, CO 80202
(720) 574 - 9900
1553 Platte Street, Suite 202
Denver, CO 80202