Uplifting DevOps for academyEX
academyEX was created to address the imbalance of what children were learning at school and the skills that the future requires by introducing them to collaborative, creative, hands-on digital discovery and problem-solving. Now their suite of programmes is rapidly expanding as they identify and seek to build capability in the classroom, the workplace, and beyond, and enable New Zealanders to lead change.
To enable this transformation, academyEX has an AWS Cloud environment that would benefit from adopting best practices to be Well Architected, Cost Optimised and Secure.
With current resource constraints and the challenge with attracting, retaining and training suitably skilled AWS experts in-house, academyEx have engaged CMD Managed Services/DevOps Management, which will asses/uplift the legacy tech, alleviate cyber security risks and privacy concerns, along with helping to leverage underutilised tech.
Initial discovery has established the following high level requirements, that will be assessed and prioritised during the establishment phase of this service:
- Removal of legacy technologies
- Uplift of automation, and CI/CD
- Establish best practice monitoring capabilities
- Uplift security posture
- Cost optimization
- Establish best practice documentation and assist with upskilling team members
- Establish any new tooling as part of DevOps as a Service, e.g. PagerDuty
- Establish SSO capabilities
- Network Patterns: VPC / account basic isolation. Double layer (public / isolated) subnets planned upgrade to 3 layers and adding NAT GW.
- DNS and URI Structures: Subdomains used for each component. academyEX manages domains for each customer. DNS is managed in cloudflare.
- Security and Monitoring: Onboarded to MS monitoring
- Metrics Reporting: From MS reporting
- Availability: Using RDS and Fargate
Key Products/Services we used
- Amazon Virtual Private Cloud
- Environment segregation
- Amazon API Gateway
- Proxy for lambdas
- Amazon Elastic Container Service (ECS) – Fargate
- Run academyEX’s product components → Laravel: API + Frontend
- AWS Lambda
- Used for third party integration endpoints (eg: captcha)
- Amazon Relational Database Service (RDS).
- Hold each customer’s products DBs
- Hold multimedia assets per product component type
- Elastic transcoder
- Processes all of the platform’s video assets.
- AWS Key Management Service
- Added for backup and uplift
- AWS Certificate Manager
- Attached to Load balancers
Third party applications or solutions used
- Cloudflare Managed WAF
- Google recaptcha
CMD have assisted academyEx to continue their cloud platforms’ development objectives through the ongoing design of resilient architecture, implementing strong controls and operational processes, and creating an efficient infrastructure platform that can be deployed in a repeatable pattern using customised automation tool chains.