AWS Environment Setup For Tonkin+Taylor
AWS Environment Setup For Tonkin+Taylor
Read the project details which talks about the set up of AWS environment for the client. We used Control Tower, Adhering to AWS NIST Compliance for multi account, Multi environment use
Implementation
About Client
AWS Environment Setup
Tonkin + Taylor is New Zealand’s leading environment and engineering consultancy with offices located globally. They shape interfaces between people and the environment which includes earth, water and air. They have won awards like Beaton Client Choice Award for Best Provider to Government and Community-2022 and IPWEA Award for Excellence in Water Projects for the Papakura Water Treatment Plan- 2021.
- https://www.tonkintaylor.co.nz/
- Location: New Zealand
Project Background
Scope & Requirement
- Setting up AWS environment for multi account, Multi environment setup
- Ensure the all AWS accounts follow same set of policies and adhering to all legal and regulatory compliance.
- Setup connectivity between different AWS accounts and on-prem network
- Setup AWS security hub to provide a comprehensive view of security state
- The Tonkin + Taylor On-Premise to Cloud Migration project aims to modernize and optimize the company’s IT infrastructure by migrating its existing on-premise systems to a cloud-based environment. The key objectives include reducing operational costs, enhancing scalability, improving system performance, and ensuring business continuity through a secure, reliable, and accessible cloud platform.
Implementation
Technology and Architecture
Technology/ Services used
- We used AWS services and helped them to setup below
- Cloud: AWS
- Organization setup: Control tower
- AWS SSO for authentication using existing AzureAD credentials
- Policies setup: Created AWS service control policies
- Templates created for using common AWS services
Security & Compliance:
- Tagging Policies
- AWS config for compliance checks
- NIST compliance
- Guardrails
- Security Hub
Network Architecture
- Site to Site VPN Architecture using Transit Gateway
- Distributed AWS Network Firewall
- Monitoring with Cloud Watch and VPC flow logs.
Backup and Recovery
Cost Optimization
Code Management, Deployment
Challenges of AWS Environment Setup
- It was a bit of a challenge to ensure the new environment meets all of the compliance criteria and still remain cost effective.
- As per best practices we need to have a set of Unique machines and each may need to have its own VPC but that may incur a cost to the client. So we discussed and agreed for a specific 75% to be achieved which would be deemed as acceptable
- We have some non compliance being generated by standard AWS services
- We got below feedback from AWS support . “It was reported that there are some policies and roles which are created by control tower and are created using best practices and there is no harm or security issue which arises it. Sometimes the conformance pack you use does shows the by default created policies to be non-compliant and you can ignore that for the time being. To make it compliant we have to either delete or the modify these roles/policies and since these roles and policies managed by the Control Tower, it is recommended not to manually update/delete the roles attached. Diving deeper into the issue, I could refer that the Control Tower managed artifacts feature heavily on the compliance failure list and there is no way to specifically exclude Control Tower managed artifacts from the compliance checking. Checking further with the internal team, I found that they are aware of the issue and there has been an ongoing feature request to exclude Control Tower managed artifacts from the compliance checking to avoid these such security findings. ” So based on this feedback we ensured to make a note that the non compliance being shown may not be an accurate one and these would be treated as exceptions.
Project Completion
Duration
- May 2024 to July 2024 ~ 3 months
Deliverables
- Implemented AWS Control tower with Org Unit structure and Service control policies
- Implemented AWS Config with NIST conformance pack
- Implemented AWS Security Hub
- Implemented Site to Site VPN using AWS Transit Gateway
- Handover and Support documents were provided
- Develop a detailed migration roadmap outlining timelines, key milestones, and risk mitigation strategies.
- Plan for data migration, including data validation, security protocols, and minimal downtime during the migration process.
- Establish contingency plans for legacy systems and ensure rollback strategies are in place specifically for multiple end user public facing apps they were planning to create.
Support
- 1 month extended support
- A template for Cloud formation stack to create more AWS resources using the available stacks
- Screen sharing sessions with demo of how the services and new workloads can be deployed.
- Offer support during the initial transition phase post-migration.
- Provide ongoing technical support, monitoring, and optimization services.
Testimonial
Santosh Dixit
Digitization delivery lead
Next Phase
We are now looking at the next phase of the project which involves:
- Launching new digital products with the help of AWS environments which have been setup
- Any adhoc change requests for managing the cloud environment
If You Are Looking For Similar Services? Please Get In Touch
Testimonial
Peritos is a team of highly skilled developers, technical experts, and delivery managers. We’ve been very impressed with their commitment. Their developers and delivery managers have conducted themselves with professionalism and diligence at all times, and the quality of the work they have performed has been excellent. Many times, they proposed better solutions, which resulted in better and faster products. Peritos is a reliable AWS Partner. You can trust and be satisfied.
“We are very happy with the results of this major IT project with Peritos Solutions. Their staff gained a good knowledge of our business and processes. They were able to work with many of our diverse team members and launch Business Central ERP on time and on budget according to our requirements. We will be using them again for future projects and additional development actions. Thank you!”
The project was completed on time and as per the agreed budget. The communication was excellent, as was the dedication to quickly turning around the required report development. The overall experience was good, and I would definitely work with the Peritos Team again.
Share us
Get A Quote
Proud projects that
make us stand out
Recent Home
Recent Home
Recent Home
Recent Home
Thinking about a project? Get in touch with us.
Connect with Us Today through the Details Below or Fill
Out the Form for a Prompt Response
Book Free Consultation
Guaranteed response within 8 business hours.
Trusted by Startups and Fortune 500 companies
We can handle projects of all complexities.
Startups to Fortune 500, we have worked with all.
Top 1% industry talent to ensure your digital success.
