Government Cloud Establishment

James Bromberger Posted 24 October 2019

In early 2018, a government department in Western Australia was looking to develop several cloud-based proof of concept (POC) projects in the public cloud space.

The first project was an architecture to manage the payments for services from several disparate source systems, voice, IVR, and customer relations officers to process via an online payments processor and store the results of the transaction within their existing database.

Modis were engaged to help set up the AWS environments and provide best practice technical guidance to the on-site development team and architecture team in creating a suitable AWS based architecture. Along with the best practice guidance, Modis developed an open source dashboard solution to monitor the AWS based services being consumed.

The Challenge

The Modis team was tasked to create an AWS based environment that is highly secure and PCI compliant against the DSS 3.2 standard, following AWS Best Practices and principles in a very short amount of time. Considerable architectural guidance and best practices already learned at other WA government agencies were presented and adopted by DoT.

The Solution

Modis staff had already pioneered a multi-account best practice template with other government customers, so when AWS announced AWS Organisations in mid-2018, Modis were on hand to set up the organisational structure for the multi account environments, ensuring the customer fully realised the benefits of the structure and security best practices.

Architectural guidance to fully utilise the low cost serverless architecture, along with best practices in creating a completely resilient and secure environment were adopted by the customer.

As part of the solutions created, the architectural patterns included many managed components, such as the Simple Queue Service (SQS), Simple Storage Service (S3), AWS Lambda for serverless execution, EC2 and VPC for VM based service operation, CloudWatch, CloudFront for web Content Delivery, and Route53 for reliable and scalable DNS.

The SQS service provided an extremely fault tolerant, lose coupling of services, providing legacy on premise systems to establish outbound connections for data flow integration rather than incoming connections, meeting the customer’s security team preference.

The first of four AWS based projects went live September 2018 supported by a fully templated dashboard visualisation project created by Modis to monitor, visualise and alert on services and conditions that occurred. As expected, the provisioned AWS based services and architecture proved extremely resilient and reliable, especially during unexpected events with the on-premises infrastructure occurred.

For the cloud-based network (VPC), a three-Availability-Zone balanced network was created, complete with optimised private access for services such as AWS Simple Storage Service (S3). All internet access by either protocol was enforced as one way using managed outbound IPv4 NAT Gateways, or Egress-Only IPv6 gateways, mapped automatically via routing tables, and again managed via CloudFormation templates.

The dashboarding solution selected was Grafana, was hosted on the smallest AWS EC2 machine at that time (a t2.nano) within a subnet only accessible via a connection to an Application Load balancer. EC2 machine scheduling was accomplished using an instance scheduler template only turning the dashboard host on and off during required business hours to optimise service costs.

Outcome and Results

With this in place, the customer had confidence in the engineering, reliability and cost effectiveness of well-designed and managed cloud environments. The cost of operation of their payment processing environment came in at less than $10/month. However more importantly, the team were freed up to investigate latency on their payment services provider, having evidence and visualisation for time delays with various types of transactions, and helping their service provider improve their service.

Find out how Modis can provide you with innovative AWS cloud based solutions and servicesModis has been an AWS Advanced Tier Partner since 2014. Modis' AWS Cloud Consulting services encompasses fundamentals of cyber security, fault tolerant digital system architecture, modernisation, traditional virtual machine or through to modern Serverless approaches, commercial off-the-shelf software operation to bespoke software development, delivered with high throughput, repeatable DevOps approaches to operations. With over half a decade of running critical authoritative government data sets that affects the lives of millions of citizens and the economies of the state, Modis has one of the most mature, experienced and recognised consulting service providers in the world. More importantly, we like to work very closely with our customers, not providing something to purchase, but taking a deep understanding of their business, and providing the recommendations and implementations to ensure a modern, efficient, reliable and secure environment for digital business systems.Contact us
We operate around the world. Would you like to find out more about your local office?Find out about Modis