“Ubertas have returned us to utilising separate environments, migrated us away from our ageing EC2 and introduced us to serverless with Fargate ECS containers. They’ve helped us start our journey from EFS to S3 buckets, so we can reduce our ongoing storage costs. We are now more secure too, because we are no longer deploying resources into public subnets, and are using the provided VPN client to connect securely to our private resources. Our designated Ubertas Solution Architect worked with us closely each day, including with our our website and software engineers, in order to better understand us and our business.”

Seb Jaeger, CEO & Founder at Filmstro

About Filmstro

Filmstro is a SaaS and desktop application vendor, offering a unique music editing and digital composition service for multimedia producers.

This small company has been in existence for approximately 5 years, and hosts a website, proprietary SaaS and audio processing services on AWS. There is also a proprietary desktop application that loads assets from AWS.

The Challenge

Filmstro had been working with AWS for several years before approaching Ubertas Consulting. Despite being able to service their own requirements in terms of functionality, such as processing and serving assets to the website and desktop application, they were doing so from just a single environment and VPC (production). Resources were deployed into public subnets too, with little understanding of how to privatise these.

Another cause for the engagement was a desire to migrate away from EC2 instances and a heavy reliance on large EFS volumes for asset storage (currently 1.2TiB), in a bid to improvement cost optimisation.

The Approach

Ubertas Consulting provisioned two new CloudFormation templated VPCs – staging and production – replete with private and public subnets, internet gateway, NAT gateway and baseline security groups.

Into each VPC, they deployed a new ECS Fargate (serverless) stack to run containerised versions of Filmstro’s audio processing software. Given the batch-processing nature of this workload, the ECS tasks were configured to run on a poll, which can be adjusted by the client per environment.

In each environment, there is a new S3 bucket for raw file uploads. AWS DataSync copies this data into a small EFS volume. When the containers execute, the EFS contents are batch-processed by the containers. There is a second DataSync task that exports processed files to another S3 bucket, which acts as source for AWS CloudFront.

Filmstro will eventually remove the dependency on EFS themselves, at a later date, given the high relative complexity of this refactoring.

Each environment has been given its own CloudFront distribution and Web Application Firewall. Rules can therefore be customised on each firewall, in order to keep unsolicited use of CloudFront to a minimum.

All deployed resources are private-by-default.

Finally, a Windows build server was migrated into the same private subnets. This can also only access via the VPN.

The Results

Filmstro are now in a better position to: begin building release pipelines; audit and categorise their short and long-term storage policies & lifecycles; utilise their new multiple environments in far more secure way than before; enjoy a reduced maintenance overhead and technical debt; leverage AWS managed services and serverless.

The overall benefits include:

  • Security enhancement: no more public resources
  • Security enhancement: least-privilege access on internal networks (improved security groups)
  • Security enhancement: S3 buckets are private; more secure than EFS mounted by a public EC2 instance
  • Security enhancement: firewalled CloudFront will block unwanted traffic
  • Security enhancement: no EC2 instance removes maintenance overhead (e.g. OS patching)
  • Cost Optimisation: S3 storage cheaper than EFS; options for lifecycle policies and intelligent tiering
  • Cost Optimisation: (Eventual) removal of EFS; once Node.js runtime can be refactored
  • Cost Optimisation: ECS cheaper than EC2; old EC2 can be decommissioned in favour of short-running Fargate containers
  • Operational benefit: multiple environments will reduce errors in production
  • Operational benefit: multiple environments will help to reduce file storage costs (only store what’s needed in each environment)
  • Operational benefit: use of managed services and severless technologies requires significantly less maintenance than the previous stack
  • Operational benefit: costs can now be tracked per environment

AWS Well-Architected Framework Partner Program

When designing and building Cloud platforms on AWS customers can benefit from the best practices driven from thousands of deployments across and embodied in the Well-Architected Framework. Aligning to the Well-Architected Framework often starts with a review and Ubertas Consulting provide this service to customers at zero charge/cost as our commitment to the program.

Why Ubertas Consulting

Ubertas Consulting is a Cloud consultancy specialising in Amazon Web Services.

As an Advanced Partner, AWS Channel Reseller (Solution Provider Program) and Well-Architected Framework Program Partner, our mission is to assist companies drive innovation and build new capabilities through embracing “Cloud Native” technologies and modernising with Amazon Web Services (AWS).

Our consultancy services span the breadth of AWS technologies and range from advisory through to full implementation as we assist customers in applying the foundations of Well-Architected to migrate and operate their mission critical workloads in the Cloud.

To find out more about Ubertas Consulting and take your next steps to being Well-Architected, get in touch via the form below. We’d love to help.