Organizations using manual or partially automated infrastructure often experience deployment delays that impact time-to-market. This can affect their ability to maintain consistent security and compliance processes. Organizations need both agility and governance to innovate on AWS. A multi-account strategy helps improve resource isolation, security, and compliance while helping organizations meet regulatory requirements and track costs.
CloudEQ, an AWS Partner in AWS Marketplace, addresses these challenges by integrating AWS landing zone with automated DevOps pipelines. The Automated DevOps Pipeline solution in AWS Marketplace uses AWS Well-Architected Framework practices to deploy secure, compliant AWS environments by combining a multi-account landing zone with infrastructure as code using Terraform and CI/CD pipelines using GitHub Actions.
The AWS Well-Architected Framework helps organizations build solutions that deliver across security, performance, operations, and cost optimization. These solutions include automated monitoring and proactive issue detection to reduce operational overhead. By implementing Well-Architected solutions, organizations can focus on innovation while working with adaptable cloud infrastructure.This post explains how to accelerate software delivery and improve governance using CloudEQ’s DevOps Pipeline Automation solution.
When developers commit infrastructure code to GitHub, an automated CI/CD workflow is triggered. The pipeline runs a Bridgecrew security scan to identify misconfigurations and executes a Terraform plan to preview changes. After manual approval, the pipeline runs Terraform apply to provision AWS infrastructure. Terraform state files are stored in Amazon S3 with state locking for consistency and collaboration.
Figure 1: Architecture diagram
Developers define infrastructure as code (IaC) using Terraform and commit it to a GitHub repository. This enables version control and collaboration while maintaining consistency across environments.
When a change is pushed, a GitHub Actions workflow is triggered. The pipeline connects securely to AWS using OpenID Connect (OIDC), eliminating the need for long-lived credentials.
The pipeline performs an automated Bridgecrew (Checkov) scan to validate Terraform code against security and compliance best practices before deployment.
The workflow runs Terraform plan to preview infrastructure changes. This step helps teams understand what resources will be created or modified.
A manual approval gate ensures that changes are reviewed before applying them, adding governance control to the automation process.
Once approved, the pipeline executes terraform apply to deploy the infrastructure. Terraform state files are securely stored in an Amazon S3 bucket, ensuring reliable state management and collaboration.
To begin, make sure you have your AWS multi-account structure and tooling ready:
Next, set up the GitHub Actions workflow that will deploy the landing zone infrastructure:
Complete the following steps to deploy and validate the landing zone:
With the landing zone in place, you can use similar pipelines to deploy and manage workloads in your member accounts. This section provides an example of how to deploy an Amazon Elastic Kubernetes Service (Amazon EKS) cluster using the pipeline module provided:
Figure 2: Terraform Plan Output
Figure 3: Trend Micro vulnerabilities on Terraform Plan
Figure 4: Trend Micro vulnerabilities on the Trend-Micro dashboard
CloudEQ’s DevOps pipeline automation with the AWS Well-Architected Framework helps organizations scale on AWS while maintaining governance. This solution can reduce deployment times and includes automated checks to support compliance requirements. The AWS Validated DevOps Pipeline Automation helps organizations align their applications with AWS Well-Architected practices.
Get started with CloudEQ DevOps Pipeline Automation in AWS Marketplace.
To learn more about the solution, contact CloudEQ through the Request private offer option in AWS Marketplace. Our team will discuss your requirements and guide you through implementation.
Ryan Dsouza is a principal solutions architect in the Cloud Optimization organization at Amazon Web Services (AWS). Based in New York City, Ryan helps customers design, develop, and operate more secure, scalable, and innovative solutions using the breadth and depth of AWS capabilities to deliver measurable business outcomes. He is actively engaged in developing strategies, guidance, and tools to help customers architect solutions that optimize for performance, cost-efficiency, security, resilience, and operational excellence, adhering to the AWS Cloud Adoption Framework and AWS Well-Architected Framework
Priyanka Sanjeev is a technical program manager in the Cloud Optimization organization at Amazon Web Services (AWS). Based in Seattle, Priyanka spearheaded from concept to deliver the Well-Architected Validated Solutions initiative, in which mechanisms such as automated reviews and remediations and enablement of the Well-Architected Framework were integrated into the solution build and delivery lifecycle. Solutions built following these principles stay Well-Architected through the lifecycle of the workload
Kevin Mead is CloudEQ’s growth architect, with 20 years of experience crafting strategic solutions for Fortune 500 companies. He’s the visionary who identifies opportunities and turns them into business gold. As VP of Business Development, Kevin ensures that CloudEQ’s innovative cloud solutions are tailored to meet each client’s unique needs, driving transformative change and ensuring long-term partnerships. Kevin’s leadership is built on one simple principle: delivering unprecedented value to our clients and partners alike
