Contact

Handy

Transforming manual systems & processes into automated pipeline.

Handy engaged Credera to transform a manually initiated systems imaging and replacement process into a scheduled, automated pipeline. The client achieved an improved security posture and the ability to remediate vulnerabilities on running instances.

At a Glance

Handy engaged Credera to transform a manually initiated systems imaging and replacement process into a scheduled, automated pipeline. The client achieved an improved security posture and the ability to remediate vulnerabilities on running instances, allowing them to meet regulatory requirements and serve as a DevSecOps center of excellence within the wider organization.

The Challenge

Increasing efficiency in systems across multiple AWS accounts and environments.

When updating base images used by systems across multiple AWS accounts and environments, Handy required many individual steps to produce a golden image and update running instances. New AMI builds were triggered manually, and each stack then needed to be edited and updated separately—even though they manage infrastructure as code using CloudFormation. The full update process could take days to roll out across the entire systems landscape, which made it difficult to execute regularly scheduled updates and to respond swiftly to security vulnerabilities.

The Solution

Developing automated pipeline solution.

Credera worked with Handy to design and build an automated mechanism for updating images and systems. Using Amazon EC2 Image Builder pipelines, AMIs would be built from the latest up-to-date managed images, customized with internally developed playbooks, automatically tested, and immediately distributed to organization accounts. Completed builds would trigger automated staging for systems changes and notify operations teams for approval in convenient, auditable, chat-based channels. Once approved, running systems would be gracefully replaced with updated instances, with minimal user impact. This allowed for the process to occur on an automated schedule, in compliance with the client’s regulatory requirements, and it could also be triggered on demand for high priority response (e.g., CVE remediation, etc.).

All client instances would be onboarded to security patch baseline compliance monitoring, integrated with AWS Security Hub for centralized visibility across multiple accounts.

The Results

Reducing time to build and increasing speed of deployments.

After adopting this solution, Handy reduced the time to update the entire EC2 fleet, across multiple accounts and environments, from days to hours.

Additional results included:

  • Security Posture: This improved their ability to respond to newly published threats and vulnerabilities while also helping to achieve regulatory compliance goals through regularly scheduled update processes and reporting. In turn, systems were kept more secure with lower risk to customer data.

  • Reporting & Visibility: By onboarding all provisioned systems to AWS Systems Manager Patch Manager and integrating multiple accounts with AWS Security Hub, full organization-level visibility was achieved for patch baseline compliance. Security teams were quickly aware of any systems running with vulnerabilities or missing patches, which could be remediated on demand.

  • Faster Deployments: In addition to reducing time to build images and replace running instances, any new systems provisioning would take advantage of the latest customized images. Since image builds were refreshed regularly and ran automated testing, new deployments could proceed faster with higher levels of confidence.

Related case studies

Conversation Icon

Contact Us

Ready to achieve your vision? We're here to help.

We'd love to start a conversation. Fill out the form and we'll connect you with the right person.

Searching for a new career?

View job openings