AWS DevOps – BAM

AWS DevOps Solutions

bam

The Problem

Balyasny Asset Management (BAM) has continued to grow their AWS journey as they mature. They needed a way to continue to innovation while ensuring a secure AWS environment that continuously adheres to regulatory compliance. In addition to ensuring the compliance of the environment, BAM was facing rising cloud costs and needed additional AWS expertise.

The Proposed Solution

AHEAD and BAM collaboratively worked together to address the three problems by utilizing AHEAD’s CoPilot Advisory Service.
The service addresses three common challenges of the public cloud– Financial Management, Cross Account Visibility, and Security and Compliance–while also providing education and support with direct access to an AHEAD AWS expert using ChatOps via Slack. BAM is assigned a named Cloud Engineer, along with access to AHEAD’s comprehensive team of certified cloud experts to focus on the desired business outcomes. Meetings would be held weekly to discuss progress on initiatives and opportunities for improvements.

Cost

  • Cost projection and analysis
  • Right-sizing recommendations
  • Fully customizable dashboards
  • Budget analysis and altering
  • Multi-account cost views for all cost data
  • Consolidated billing with chargeback options
  • Predictive analytics with recommendations to reduce spend and optimize reserved instances
  • Historical cost trending analysis reporting
  • Budget alerts tied to business rules, accounts, users, or other customable metrics
  • Configurable custom reporting with automated delivery
  • Business unit, application, environment spending breakdown
  • Flexible time-based summary reporting

Inventory

  • Inventory and resource alerts
  • Multi-account asset dashboard
  • Summary and detailed resource reporting
  • Customizable resource report builder
  • Cross account inventory reporting
  • Historical record of resources and configurations
  • Geographic resource distribution map
  • Tagged resource overview with filtering and drill down
  • Untagged resource overview with filtering and drill down
  • History of resources, configurations, and environment
  • Daily resource, configuration, and environment change reports

Security

  • 100+ security and configuration vulnerability checks
  • 450+ automated best practice checks, including CIS benchmark validation
  • Near real-time alerting on modifications to environmental configurations
  • Summarized multi-account security views for Visualization of all cloud assets/configurations
  • Customizable compliance engine for additional controls and regulations
  • Printable assessment reports
  • Indefinite audit log retention during services
  • Network security known Internal port alerts
  • Admin port exposed alerts, un-encrypted known and unknown port alerts

In addition, best-of-breed 3rd party and native tools for cost, security, and compliance would be deployed to perform continuous analysis and monitoring of the client’s AWS environments.

Alerts from all data sources are consolidated into a single ServiceNow portal for correlation and remediation. Fronting the portal will be the AHEAD proprietary Message Proxy and Message Processor, developed using AWS services: SNS and Lambda.
The Message Proxy in each of BAM’s relevant accounts and regions and will communicate via SNS to the Message Processor in the AHEAD-managed CoPilot Production AWS account. The Message Processor will ingest the messages received from all of BAM’s AWS accounts for analysis and correlation before forwarding to the ServiceNow portal.

  • Continuous compliance monitoring could be developed for a number of regulatory and best practice standards, including PCI, HIPAA, and CIS Benchmarks.
  • Cost analysis can be performed on a quarterly basis, to include rightsizing recommendations for EC2 and reserved instance recommendations for EC2, Redshift, RDS, and ElastiCache.
  • Monthly spend analysis could include a breakdown of spend by account, AWS service, and client-defined cost centers.

Finally, enablement hours allow the BAM team to offload routine tasks to the AHEAD Cloud Engineering team and new requests.
For example, BAM needed chargeback / visibility into their ECS environment. Through CoPilot, BAM was able to quickly request additional help and receive business results.

The Result

Increased security

  • Continuous compliance monitoring every 15 minutes across BAM’s AWS accounts
  • As a result, compliance alignment increased by 44% and continues to rise throughout the duration of the service.

 
Financial Management

  • Chargeback reports for each cost center
  • 20% projected savings based on recommendations, rightsizing and reserved instances, gained from CoPilot recommendations

 
Inventory and Enablement

  • Schedule touchpoint and reviews of their AWS environment
  • Frictionless requests to AHEAD SMEs, via CoPilot portal, to enhance BAM’s AWS operational experience
  • ChatOps availability to AHEAD SMEs for guidance and advice