Cloud architecture review and cost optimisations for Risilience

  • Customer
  • Industry
  • Service
  • Segment
  • Author
  • Risilience
  • IT
  • Architecture
  • SMB
  • Jodie Rhodes
Explore more
At a glance

Risilience offers a deeptech analytics platform that helps companies manage enterprise risk and navigate climate change challenges.  It provides science-based scenarios and analytics to transform risk into strategic advantage.

Challenge

Risilience needed to better understand their use of the cloud and ensure their current cloud environments and infrastructure were built intelligently, able to cope with growth, and cost-effective.

Solution

Firemind conducted a full architecture and cost optimisation review across Risilience’s 6 AWS accounts, focusing on enhancing security, optimising performance, reviewing scalability.

Services used
  • Amazon EC2
  • Amazon RDS
  • Amazon MQ 
  • AWS CloudFormation
Outcomes
  • 6 AWS accounts optimised within the assessment
  • 50% savings found across compute costs with right-sizing.
Business challenges

Addressing cloud strain and scalability challenges

Making evidence-based analytics that help organisations manage a wide variety of risks puts a strain of multiple cloud environments. Risilience needed to better understand their use of the cloud, ensuring that their current environments and infrastructures were built intelligently, and able to cope with growth, whilst being cost effective.

This challenge presented Firemind with the ability to perform a full architecture and optimisation report, working across 6 individual accounts within AWS.

What our customers say

Hear directly from those who’ve experienced our services. Discover how we’ve made a difference for our clients.

Solution

Optimising AWS architecture for security, scalability, and cost efficiency

During this project, Firemind reviewed the architecture, configuration and utilisation of services and resources across the 6 accounts within the Risilience AWS organisation. The goal was to reveal methods to enhance security, optimise performance, review scalability, assess reliability and business continuity, and to cost optimise.

Overall, Risilience was doing an excellent job in managing and provisioning their AWS services and resources. A lot of recommended methods and best practices were being followed, using Ansible to manage IaC deployment of their environments provided a good level of consistency across accounts, and everything was well organised with strong and manageable naming conventions.

The time spent on this review project looked more closely at services in use and resource relationships and configuration. The recommendations assembled in our report were focused on methods of being Cloud Native, full resilience and scalability, and taking full advantage of the AWS environment and the services available in AWS that enhanced or improved on more traditional server centric methodologies.

In addition, a lot of focus was put into cost optimisation. Not only reducing the current spend and making better use of the services and resources in place, but also ensuring that costs can be managed and did not grow exponentially as the business grew. Essentially, we wanted to help Risilience ensure that as the business scales, costs remain manageable, proportional and can avoid any financial surprises that would require a drastic change to infrastructure design, resource selection or operations.

Right-sizing

Right-sizing was an easy win for Risilience. Adjusting the size of compute and database tiers deployed into the environments will not only save them money, but open budget to apply more effective scaling solutions. Amazon EC2 is the most over-provisioned service, and probably the easiest to adjust inside the current CICD pipeline. The only thing to review and test in preparation for this change was the statefulness of the Risilience application.

Security highlights

The network/VPC configuration was one of the few major concerns in regards to Risilience security. Their placement of some resources on a public subnet should be avoided, and anything that can be moved into a private subnet should be moved as soon as possible. Resources that are only connecting to other resources do not need to be publicly exposed, and servers that do need to be accessed for login to Risilience, should be associated with a load balancer to ensure there is added security and a secure connection for all authorised traffic with a Client VPN for staff/dev access.

Organisation upgrades

Some additional organisational advice was to use tagging policies (SCP) or adding additional tags to resources deployed from Ansible (environment, owner, version, etc.), and to enable logging wherever possible with a defined retention policy on logs (EC2, RDS, MQ, etc).

Get in touch

Want to learn more?

Seen a specific case study or insight and want to learn more? Or thinking about your next project? Drop us a message!