PROBLEM DESCRIPTION
Our client is a tech-driven logistics company that delivers smart, creative supply chain solutions. Given the need to implement a project with a serverless architecture running on Azure Cloud and aware of their little experience providing the infrastructure for this type of Azure cloud architectures, the client turned to 3XM for advice.
After an assessment of all the resources in the client’s cloud, they became aware of the absence of Cloud Governance standards in the organization. The way to manage the infrastructure was a manual process and without inter-project standards, depending on different people, permissions and required roles. This led to the artisanal management of resources and little attachment to best practices, so it was proposed to take this project as the first step on the road to establish Cloud Governance standards in the organization.
IMPLEMENTED SOLUTION
The solution allowed the creation of infrastructure development in a fast way, considering good practices and complying with the requirements of Serverless and Cloud Governance in Azure standards.
For this purpose, an Infrastructure as Code (IaC) approach was used, which allowed keeping a detailed record of changes in the infrastructure and replicating/deploying it with minimum effort. The resources necessary for the operation of a static website hosted on a Storage Blob and its operation with CDN were deployed. Azure functions with test code were deployed from a ZIP file and its integration with Azure SQL server.
Cloud governance
Regarding Cloud Governance, resources were deployed to support the best practices in terms of handling permissions and user accesses, as well as compliance standards for existing and new resources.
Built-In Roles such as Reader, Contributor and Owner were assigned to the created groups.
A custom Role with specific permissions for Developer was created and assigned to the group created for these users.
The scope of the roles was limited to the resource group that contains the resources for this specific project so that they do not affect other existing resources.
The creation and allocation of Policies to Audit existing resources and new created resources was carried out, in a way that the client can monitor the level of compliance of the resources according to the definitions of each policy (Location, Tag, Size, etcetera).
In addition, the solution included extensive documentation to allow not only to configure the necessary prerequisites and deploy the infrastructure but also to understand and transfer good practices from the solution to future customer projects with the aim of gradually establishing a Cloud Governance at the organization level.
OBTAINED BENEFITS
These are some of the benefits achieved:
- Azure Functions were used, which allows for automatic scaling without the need for additional considerations.
- Infra as code was used for the provision of the infrastructure, which allows tracking the changes in the infra and replicating/deploying it with minimum effort.
- Possibility of creating multiple environments in an easy way.
- Detailed documentation of the new infrastructure was generated.
- Compliance monitoring of resources through Azure Policies.
- Roles Assignment to existing users.
- In addition to the documentation, video call sessions were held / videos were provided as Knowledge transfer (KT), following the documentation demonstrating how to carry out deployments/configurations.
TECHNOLOGY STACK
- Serverless
- Terraform
- .NET Core
- Azure
- Azure Resource Groups
- CDN
- Storage Account
- Storage Blob
- Functions
- Azure SQL
- Key Vault
- App Service Plan
- Azure Active Directory
– Users
– User Groups - Azure Roles
– Builtin Roles
– Custom Roles - Policies
