How Anglepoint Drove Efficiency in AWS GovCloud FinOps Management
Company Profile
Over the past few years, this large organization has invested millions in Amazon Web Services and other cloud platforms. Despite having a robust FinOps practice, they required additional staff to meet their ambitious cost savings goals and increased efficiency to better serve their users.
Engineers spent significant time on routine administrative tasks such as updating GovCloud account credentials across hundreds of AWS accounts to ensure compliance. To address this, Anglepoint developed a script that updates hundreds of AWS account credentials in just a few minutes each quarter, achieving nearly 100% time savings.
The organization operates a very large AWS environment, with a significant portion residing within the secure GovCloud section. They manage over 400 individual accounts within the AWS GovCloud environment. Their cloud management platform, CloudHealth, needed visibility into these 400 accounts to allow cloud managers to control and optimize AWS assets.
Given the specific requirements of GovCloud, granting CloudHealth access to the data without creating 400 IAM (Identity and Access Management) accounts, which need their credentials updated every 90 days to comply with security standards, posed a challenge.
With over 400 accounts, an AWS administrator would require 35 hours every quarter to manage these credentials. The organization needed additional resources to handle this workload, prompting them to seek Anglepoint’s assistance in developing an automated solution to streamline the process and enhance cloud data accessibility for managers.
Anglepoint collaborated closely with the organization’s cloud architects, who managed the AWS IAM accounts, to define the requirements needed to maintain a connection to CloudHealth. Utilizing Python, our FinOps experts designed a fully documented script that systematically analyzed each of the 400+ IAM accounts and introduced a new, randomly generated credential to each account.
Following the completion of credential generation, the script would remove the old credential, ensuring each IAM account was equipped with a fresh set of credentials compliant for the next 90 days. This arrangement allowed CloudHealth to access the crucial data from the accounts, enabling owners to continue optimizing and monitoring their respective AWS assets.
The FinOps engineers have the potential to further develop the script to manage additional aspects of the IAM accounts if necessary, and it can also be fully automated. This streamlined solution reduced the time required from 35 hours to just 7 minutes per quarter, resulting in 99.7% time savings and freeing engineers to focus on higher-value tasks.
[Anglepoint] reduced the time required from 35 hours to just 7 minutes per quarter, resulting in 99.7% time savings and freeing engineers to focus on higher-value tasks.