Filmstro had been working with AWS for several years before approaching Ubertas Consulting.
Despite being able to service their own requirements in terms of functionality, such as processing and serving assets to the website and desktop application, they were doing so from just a single environment and VPC (production). Resources were deployed into public subnets too, with little understanding of how to privatise these.
Another cause for the engagement was a desire to migrate away from EC2 instances and a heavy reliance on large EFS volumes for asset storage (currently 1.2TiB), in a bid to improvement cost optimisation.
AWS DataSync copies this data into a small EFS volume. When the containers execute, the EFS contents are batch-processed by the containers. There is a second DataSync task that exports processed files to another S3 bucket, which acts as source for AWS CloudFront.
Filmstro will eventually remove the dependency on EFS themselves, at a later date, given the high relative complexity of this refactoring. Each environment has been given its own CloudFront distribution and Web Application Firewall. Rules can therefore be customised on each firewall, in order to keep unsolicited use of CloudFront to a minimum. All deployed resources are private-by-default.
Finally, a Windows build server was migrated into the same private subnets. This can also only access via the VPN.
Filmstro are now in a better position to: begin building release pipelines; audit and categorise their short and long-term storage policies & lifecycles; utilise their new multiple environments in far more secure way than before; enjoy a reduced maintenance overhead and technical debt; leverage AWS managed services and serverless.
The overall benefits include:
- No more public resources.
- Least-privilege access on internal networks (improved security groups).
- S3 buckets are private; more secure than EFS mounted by a public EC2 instance.
- Firewalled CloudFront will block unwanted traffic.
- No EC2 instance removes maintenance overhead (e.g. OS patching).
- S3 storage cheaper than EFS; options for lifecycle policies and intelligent tiering.
- (Eventual) removal of EFS; once Node.js runtime can be refactored.
- ECS cheaper than EC2; old EC2 can be decommissioned in favour of short-running Fargate containers.
- Multiple environments will reduce errors in production.
- Multiple environments will help to reduce file storage costs (only store what’s needed in each environment).
- Use of managed services and severless technologies requires significantly less maintenance than the previous stack.
- Costs can now be tracked per environment
Filmstro is a SaaS and desktop application vendor, offering a unique music editing and digital composition service for multimedia producers.
This small company has been in existence for approximately 5 years, and hosts a website, proprietary SaaS and audio processing services on AWS. There is also a proprietary desktop application that loads assets from AWS.
Why Ubertas Consulting?
Ubertas Consulting is a Cloud consultancy specialising in Amazon Web Services.
As an Advanced Partner, AWS Channel Reseller (Solution Provider Program) and Well-Architected Framework Program Partner, our mission is to assist companies drive innovation and build new capabilities through embracing Cloud-native technologies and modernising with Amazon Web Services (AWS). Our consultancy services span the breadth of AWS technologies and range from advisory through to full implementation as we assist customers in applying the foundations of Well-Architected to migrate and operate their mission-critical workloads in the Cloud.
To find out more about Ubertas Consulting and take your next steps to being Well-Architected, get in touch via the form below. We’d love to help.
Contact us for a free consultation
"*" indicates required fields