Infrastructure security modernization at scale
Industry
Financial Services
Teams & Services
Tech & Tools
Ansible / AWS EC2 Image Builder / Systems Manager
Key Data Points
The Vision
Bringing CI/CD to infrastructure security
The Goal
Leveraging EC2 ImageBuilder Pipelines for Infrastructure Security and Modernization at Scale
The Challenge
Our customer in the cloud communications industry runs their incredibly robust and secure platform on AWS. As a global customer engagement platform that services over 250,000 customers, having a highly secure foundation is critical to the organization’s success. The client was facing the challenge of building highly secured Amazon Machine Images based on the latest Amazon Linux image. A need existed for an automated image building process that secures the base image based on the CIS Level 1 Benchmark.
The Solution
Protagona first planned a discovery session with the client’s engineering team to determine their current image building process. We determined that while they did have a base AMI build pipeline, they were using Amazon Linux 1 and they were not securing the images based on the CIS benchmark.
We began building out the solution by creating a secure image based on the newest Amazon Linux 2022 AMI. Using Ansible playbooks, we were able to execute automatic rules against the image. The rules were created based on the CIS level 1 benchmark sections.
After the playbooks were finished, our team focused on automating the image building process using AWS Image Builder, Systems Manager Automations and scanning these AMIs using AWS Inspector. All infrastructure was built in Terraform and built in easy-to-adopt modules for the client engineering team.