About the Client
As part of its ongoing cloud modernisation journey, a Malaysian bank needed to optimise the onboarding and management of containerised applications on AWS. Sourced Group an Amdocs Company (Sourced) was engaged under the AWS Migration Acceleration Program (MAP) to help the bank scale its presence on Amazon Web Services (AWS) while maintaining cloud compliance. Outcomes include:
- Optimising and accelerating container-based cloud migration with a tailored Amazon Elastic Kubernetes Service (Amazon EKS) platform.
- Ensuring containerised applications routinely satisfy relevant financial services regulations.
- Empowering the bank’s internal teams to achieve more in the cloud by reducing the container management burden.
Challenge: Compliance At Risk Due to Kubernetes Complexity
The bank was eager to scale its container-led migration to AWS. However, limited in-house expertise with Kubernetes, the open-source tool for automated deployment, scaling, and management of containerised applications, was causing concern. Achieving consistent enforcement of rules across Kubernetes clusters is hard for inexperienced users. The problem becomes more pronounced as the number and complexity of containerised applications grows.
Using Kubernetes consistently at scale requires deep knowledge of the tool and of the hyperscaler cloud platform. Sourced was engaged to assist the bank based on demonstrable expertise in both areas. Our task was to build a dedicated Amazon EKS platform that would allow the bank to confidently onboard and manage containerised applications in line with financial services industry requirements.
Solution: Simplifying Container Management with Amazon EKS
Sourced built an Amazon EKS platform with the ability to automate important processes and bake in security features so container onboarding would be compliant by design. This involved the use of modern cloud-native tools and approaches to underpin reliable, repeatable processes such as cluster provisioning and workload onboarding and deployment.
A key part of the solution was optimisation of the workload onboarding process to manage application lifecycles and deployment into different Kubernetes environments. For instance, we created a single point for the platform team to automatically onboard workloads into multiple Kubernetes clusters using a pipelines approach.
We also introduced an ‘App-of-Apps’ pattern for centralised governance and compliance using the open-source Kubernetes-native continuous deployment tool ArgoCD. With this model, a central application becomes the reference point for other applications. Argo projects are configured to inherit controls from parent projects, resulting in consistent management of guardrails. This enables inherent compliance with any relevant financial services regulations.
Close collaboration with the in-house team ensured the platform was tailored to the bank’s specific needs while facilitating knowledge transfer.
Outcome: Strong Foundations for Compliant Container-led Migration
With a tailored Amazon EKS platform in place, the bank is ready to escalate and accelerate its container-led cloud migration. Processes have been streamlined and simplified to ensure compliance measures are more robust and less onerous for platform and application teams to uphold. Additional benefits include enhanced observability and cost visibility. Together, these features and capabilities ensure the bank’s cloud operations are compliant and have the capacity to deliver tangible business value more quickly.
