A multinational recruiting firm required a large hybrid deployment to support their main business functions in North America - including, but not limited to, payroll, finance, and time tracking. AWS CloudFormation is used to manage all environments - including production - across several AWS accounts and AWS regions. We took a ‘microservices approach’ to the creation of the templates used to deploy and maintain the environment. Virtually all aspects of the AWS deployment are managed via small, easy to operate and maintain CloudFormation templates.
To simplify deployment, we developed a Continuous Integration/Deployment (CI/CD) solution based on GitLab. To reduce management overhead, the GitLab infrastructure resides in Curious Orbit’s AWS account and uses IAM roles to deploy CloudFormation templates into our customers' accounts. To provide separation of duty and meet change management requirements, all CloudFormation deployments are managed via Change Sets. Before deployment, each commit is validated using the CloudFormation validate command. Once verified, we generate Change Sets, which are reviewed by the customer and either accepted or rejected. The customer is responsible for executing each change in their own environments.
In addition to Change Sets, we deploy Stack Policies and set Stack termination protection to help protect resources which are being maintained via AWS CloudFormation.
Here’s an overview of how an automated deployment works:
Virtually all workloads are deployed and supported by CloudFormation using the deployment strategy described above. By using ‘Infrastructure as Code’, the customer can maintain their strict security requirements and leverage the source controlled templates as part of their audit process - both internal as well as external.
Like what you read? Why not subscribe to the weekly Orbit newsletter and get content before everyone else?