Luc Pâquet
CLiENT
LOGISCO is a real estate group that has been involved in the construction and management of residential and commercial buildings for over 50 years. In addition to offering quality rental spaces and strategic locations for its buildings, LOGISCO carefully selects land on both the South Shore and the North Shore of Quebec City. The company's fully integrated model includes land acquisition, building design and construction, and property management.
Challenge
A critical part of LOGISCO’s business is in customer facing digital interfaces that manage their customer’s journey. Digital solutions are in place to market, sell, and manage customers. As software and IT are not their primary business, they faced significant challenges in delivering value to their customers.
Time to market, quality and security were their main challenges as they did not have the DevOps or Cloud skills to properly address these challenges. The absence of DevOps expertise was hindering the smooth delivery of value to customers, creating unacceptably long lead time to market, and LOGISCO aimed to enhance velocity but lacked a clear strategy to do so.
Moreover, the company lacked experience with AWS Public Cloud technologies, and as such, was struggling with quality and security issues. These challenges necessitated a strategic Cloud & DevOps transformation.
SOLUTION
Levio's proposed solution for LOGISCO involved the implementation of various DevOps practices within the AWS environment, enhancing infrastructure provisioning, development, and delivery efficiency.
Firstly, Levio introduced Infrastructure as Code (IaC) practices to replace manual infrastructure provisioning that was nonstandard and non-repeatable. Automated infrastructure provisioning leveraging HashiCorp Terraform ensured repeatability, security, and governance. A dedicated IaC pipeline was established to provision all necessary infrastructure on AWS Cloud. Leveraging Infrastructure as Code (IaC) pipelines driven by GitLab, every Cloud resource deployed in LOGISCO's AWS accounts is provisioned efficiently by a Self-Hosted Runner running on spot instances, contributing to cost reduction.
To ensure proper separation of duties and governance, four distinct and secure AWS environments—shared services, DevOps, non-PROD, and PROD—were provisioned using AWS Control Tower. To further address security standards, centralized Identity and Access Management (IAM) roles were introduced, connecting AWS Single Sign-On (SSO) to the corporate Azure Active Directory.
To address time to market (velocity) and quality challenges, Levio designed and implemented new CI/CD pipelines using Gitlab's Software as a Service (SaaS) solution to streamline and automate the software build, test, and deployments. Gitlab runners deployed in the DevOps account were utilized for secure and controlled execution of pipeline steps, adhering to role-based access control (RBAC) best practices and principles of least privileges (PoLP).
Quality has been significantly enhanced through the implementation of code review best practices at both the infrastructure and application levels. Terraform code is stored in a GitLab repository, and prior to deployments to the development environment, it undergoes review by two engineers.
Continuous integration processes have been implemented, wherein on every code change push to the repository, the pipeline runs tests, code quality checks, and infrastructure checks (Terraform plan). Consistency is maintained as Docker images are built by the pipeline, pushed to Amazon Elastic Container Registry (ECR), and appropriately tagged to track changes.
AWS SERVICES
AWS Public Cloud was selected as the cloud provider for this project. The entire solution strategically employed AWS managed services to reduce maintenance burden, streamline operations and minimize learning curve.
Multiple AWS managed services were used to not only achieve these goals but to accelerate project completion. Additionally, third-party applications like Gitlab/Gitlab Pipeline (SaaS), HashiCorp Terraform, and Cloudflare as a Web Application Firewall (WAF) were seamlessly integrated into the solution, ensuring a comprehensive and efficient deployment ecosystem for LOGISCO.
The following AWS Services were used to achieve a Cloud-native, resilient, secure and easy to operate solution:
- AWS EC2 Spot Instance (for Gitlab Runner)
- ECS Fargate for compute
- AWS Lambda
- ECR
- RDS
- SNS
- SQS
- DocumentDB
- API Gateway
- AWS Organization
- AWS SSO
- CloudWatch
ACHIEVEMENTS
The implemented solution by Levio has resulted in a transformative outcome for LOGISCO. Automated infrastructure provisioning has been achieved, leading to the establishment of a repeatable, auditable, and immutable infrastructure, which has increased levels of security and governance.
Security measures have been significantly bolstered through the implementation of Role-Based Access Control (RBAC) and the principles of least privilege. Different IaC scripts with distinct owners have been established, categorizing network components, shared infrastructure services, and application-specific components. This segregation ensures a secure and organized approach to infrastructure management.
Furthermore, CI/CD pipelines have been introduced to increase velocity and quality. Automated quality gates, where code deployment pauses if a gate fails, are in place to prevent the propagation of bugs, and multiple environments were created to achieve a solid promotion workflow.
Manual provisioning of Cloud infrastructure and manual deployments have been eliminated, ensuring streamlined and controlled build, test, and deployment processes, contributing to LOGISCO's overall ability to deliver value to their customers quickly, securely and with high quality.
Automated infrastructure provisioning has reduced environment deployment times from an inconsistent high number to 6 minutes. This has also allowed new standards for governance and security to be put in place which has increased security posture.
Prior to this project, long build times were greatly affecting the velocity and impeding the delivery of new features to production. Now, the build time has been notably cut down to 16 minutes, incorporating code quality and security scanning as supplementary stages in the process.
The lead time from code merge to change being available in target environment has also been reduced so that developers can get feedback sooner and address quality issues early in the cycle. Change Failure rates in production were significantly reduced and are mostly nonexistent.
About Levio
Levio is a digital native organizational transformation firm. As a true partner from start to finish, our goal is a long-lasting transformation that’s right for your business model. We provide a tailored approach, streamlined execution and a commitment to deliver digital transformation ventures that create value and measurable achievements.