AWS CONTROL TOWER AND ACCOUNT PROVISIONING AUTOMATION
“The end result of this project is what we hope to accomplish with every project: it went very well. Hours were budgeted well, the consultant was ready to go each day, and communication was excellent. 1Strategy brought the right combination of technical ability and interpersonal skills. We made progress every single day.”
– Randall Autry, SVP of Architecture and Cloud Strategy, MasterControl
Everything MasterControl does is designed to help life sciences organizations develop, manufacture, and commercialize products that help people live longer, healthier, and more enjoyable lives. MasterControl solutions are used by five of the largest regulatory and applied research bodies in the United States. A leading software-as-a-service (SaaS) provider, MasterControl’s mission is to bring life-changing products to more people sooner. It does this by providing cloud-based solutions that help organizations digitize, automate and connect quality and compliance processes across the regulated product development life cycle.
MasterControl wanted to maximize innovation while minimizing exposure to risk. They needed a solution to give their developers the option to explore and learn within AWS without adding security risks or breaking existing infrastructure or applications. MasterControl was also looking to simplify account management in AWS and have better visibility into costs.
Why Amazon Web Services and 1Strategy
MasterControl had a team that researched which cloud provider best fit their feature and fault tolerance requirements. They determined that AWS offers the most tools and services that MasterControl could leverage for their products. MasterControl was also impressed by how much AWS invests in their customers.
MasterControl was introduced to 1Strategy by previous 1Strategy customers in Utah. They ultimately decided to work with 1Strategy because of their reputation for deep AWS expertise and delivering high quality projects. “1Strategy stepped in and helped us get where we need to be. We’ve worked with other consultants in the past and the level of dedication that 1Strategy had was amazing,” said Randall Autry, SVP of Architecture and Cloud Strategy at MasterControl.
Wanting to give developers freedom to explore, build, and develop on AWS, 1Strategy designed a multi-account platform. AWS Control Tower, AWS Organizations, AWS Service Catalog, AWS Step Functions, AWS Lambda, and AWS CloudFormation provide the basis for the platform. This multi-account structure allows developers to utilize individual accounts and provides greater flexibility and enhanced security. “Control Tower is brand-new, and it’s a solid product, overall, for being so new. We experienced some minor setbacks, but the AWS team has done a great job fixing little nuances and bugs quickly,” said Jared James, Site Reliability Engineer at MasterControl.
Diagram representing AWS Control Tower, AWS Organizations, and AWS SSO configurations. Accounts are organized into separate Organizational Units (OUs). Each OU has various Control Tower Guard Rails and Service Control Policies in place to enhance the security of accounts in their respective OUs.
Using AWS Service Catalog, AWS Step Functions, and AWS Lambda, the 1Strategy team was able to provide an account vending machine to provision new AWS accounts through Control Tower’s Account Factory. The account vending machine allows AWS administrators to provide a list of users that need accounts as input and then the vending machine provisions accounts for those users automatically with necessary guard rails and restrictions in place.
AWS Single Sign-On (SSO) has allowed MasterControl to have a single-entry point for developers, and a place to control IAM role access for all accounts. Developers have the autonomy to explore and build in their individual and team accounts, but still have sufficient guardrails and restrictions in place to reduce spending and to protect themselves and the company from unnecessary risk.
MasterControl management has better visibility into their AWS spending thanks to consolidated billing and AWS Cost Explorer reports. Visibility into costs has decreased overhead for tracking specific service costs. It has made unusual charges easier to identify quickly. “We don’t just pay the bill anymore. We are more aware of where costs are coming from,” said Chris Gibbons, Development Operations Manager at MasterControl.
Additionally, the multi-account structure has significantly reduced the usage of a single, less restrictive AWS account and has increased platform security by reducing the blast radius to individual developer accounts, rather than one large account. During a recent security game day, MasterControl was able to put their new platform to the test. “Control Tower and AWS SSO has given us tremendous visibility and control during a simulated event that could have been catastrophic,” said Gibbons. “It took 15 minutes to lock down 60 accounts.” MasterControl reports that the new platform has made the organization more security conscious and it has had a positive effect on security culture and focus.
“Normally, I’d expect to step in and redirect the project every so often to make sure things were on track, but I didn’t have to do that at all for this project,” said Autry. “Focus was really good with the scope and 1Strategy was great at sticking to the objectives.”
“The end result of this project is what we hope to accomplish with every project: it went very well. Hours were budgeted well, the consultant was ready to go each day, and communication was excellent. 1Strategy brought the right combination of technical ability and interpersonal skills. We made progress every single day,” said Autry. This new platform gives MasterControl a solid AWS foundation to build from and allows them to continue to push forward with their cloud initiatives and goals.
1Strategy is Premier Consulting Partner in the Amazon Web Services (AWS) Partner Network (APN). Focusing exclusively on AWS, 1Strategy helps businesses architect, migrate, and optimize their workloads, creating scalable, cost-effective, secure, and reliable solutions. 1Strategy also helps customers get real value from their data using comprehensive machine learning models and artificial intelligence. 1Strategy holds the AWS DevOps, Migration, Data & Analytics, Well Architected, and Machine Learning Competencies, and is a partner of the AWS Public Sector Program. With experts having deployed AWS solutions since 2007, 1Strategy is a leader in custom training—providing customers with the knowledge, tools, and best practices to manage those solutions over time. 1Strategy is a TEKsystems Global Services company with teams in Seattle and Salt Lake City, supporting customers throughout the US and across every vertical.