error saving file!error saving file!error saving file!error saving file! RLAws Blogs Archives - Relevance Lab

Your address will show here +12 34 56 78
2020 Blog, Blog, Featured, RLAws Blogs, ServiceOne

Automate User On-boarding on AWS using Jira Service Desk

By on

July, 2020

- 2020 Blog, Blog, Featured, RLAws Blogs, ServiceOne

As enterprises adopt popular Agile and DevOps tools and solutions from Atlassian, it is essential to create an end to end automation pipeline covering ITSM workflows. Integration of Software Development Lifecycle (SDLC) tools, with cloud infrastructure platforms like AWS, can provide faster software deliveries with CI/CD, infrastructure automation and continuous production monitoring. RLCatalyst Intelligent Automation solutions complement the platform with an enterprise BOTs Automation solution and a mature end-to-end monitoring Command Centre solution. This blog details out an integrated solution between AWS Service Management Connector for Jira Service Desk enterprise workflows of User Onboarding + Asset Provisioning lifecycle.

The AWS Service Management Connector for Jira Service Desk (Jira SD) allows Jira Service Desk end-users to provision, manage, and operate AWS resources natively via Atlassian’s Jira Service Desk. Jira Service Desk Cloud module supports AWS Service Catalog Connector, and the Jira Service Desk Data Centre & Server module supports AWS Service Management Connector.

Jira SD admins can create and provide secured, governed AWS resources to end-users via service catalog, execute automation playbooks via AWS system manager and finally track the resources in a Config Item view powered by AWS config.

On downloading the connector from the Atlassian marketplace for no additional cost, you need to connect it with your AWS account, preferably governed by AWS Control Tower for enhanced security.

The AWS Service Catalog allows you to provision or terminate and centrally manage commonly deployed AWS resources like workspaces. AWS resources like workspaces can be pre-approved, provisioned or terminated based on approval.

Similarly, the AWS Service Management Connector allows Jira SD users to fulfil all the related operational activities. Some of them are listed below.


  • Migrate or Manage CloudWatch Agent.
  • Manage Amazon Inspector Agent.
  • Apply Ansible Playbooks or Chef Recipes on AWS managed instances.
  • Apply Patches from baseline.
  • Change the standby state of an EC2 instance in an auto-scaling group.
  • Attach an additional EBS Volume to the EC2 instance.
  • Attach IAM to an Instance.
  • Install or Uninstall a Distributor package.
  • Configure CloudTrail Logging.
  • Export Metrics and log files from your instances to Amazon CloudWatch.
  • Configure an instance to work with containers and Dockers.
  • Enable or disable live patching on Linux EC2 instances.
  • Configure S3 bucket logging.
  • Enable or disable Windows Updates.
  • Copy Snapshot created.
  • Create DynamoDB backup.
  • Create a new AMI from an EC2 instance.
  • Create an RDS snapshot for an RDS instance.
  • Create an incident in ServiceNow.


As shown in the above diagram, Relevance Lab helps enterprises already on AWS & Jira Service Desk, to integrate the two using AWS Service Management Connector. The integration enables a seamless process to create custom workflows like the creation of auto-approval, cost-based approval and role-based approval. Likewise, raise an incident in case of any failure of the resources provisioned or terminated and create change requests for every update of the workloads.

Benefits of AWS Service Management Connector for Jira Service Desk:

  • Free and Out of Box (OOB) feature without any add-on cost.
  • Support multiple AWS accounts and ensure governance through AWS CT.
  • Provision and Maintenance of AWS resources through one platform (Jira SD).
  • Easy to use by the IT admins without in-depth knowledge of AWS platform.
  • Multiple Portfolios and Service Catalogs for different departments within an Organization.
  • Represent Config Items in a tree structure.
  • Run most of the automated documents in AWS system manager through Jira SD.

The end to end orchestration of User Onboarding and Asset provisioning leverages the out of box features for AWS and Atlassian tools. However, for many real-world scenarios, the complex workflows need integration with other third-party tools like AD, OKTA, HR systems (Workday/Taleo) and compliance solutions. In situations that require more complex workflows and third-party integrations RLCatalyst BOTs solution is integrated with AWS and Atlassian solutions to provide lifecycle automation and observability post provisioning.


Conclusion:
Relevance Lab is a partner of AWS and a DevOps specialist company implementing Atlassian solutions. We help organizations adopt AWS Service Management Connector with ITSM tools like Jira Service Desk and ServiceNow. Integration of AWS Service Management Connector provides a common interface and ease for all L1 and L2 activities for the ITSM users to manage AWS resources. Our RLCatalyst based Intelligent Automation and Command Centre complement these solutions to bring in greater efficiencies.


Click here for a demo video.

For more details, please feel free to reach out to marketing@relevancelab.com

0
2020 Blog, Governance360, Blog, Command blog, Featured, RLAws Blogs

SECURE AND INTELLIGENT AWS CLOUD MANAGEMENT WITH CONTROL TOWER AND CUSTOMIZATION FOR CONTROL TOWER FEATURE

By on

June, 2020

- 2020 Blog, Governance360, Blog, Command blog, Featured, RLAws Blogs

For Large Enterprise and SMBs with multiple AWS accounts, monitoring and managing multi-accounts is a huge challenge as these are managed across multiple teams running too few hundreds in some organizations.


AWS Control Tower helps Organizations set up, manage, monitor, and govern a secured multi-account using AWS best practices.



Benefits of AWS Control Tower

  • Automate the setup of multiple AWS environments in few clicks with AWS best practices
  • Enforce governance and compliance using guardrails
  • Centralized logging and policy management
  • Simplified workflows for standardized account provisioning
  • Perform Security Audits using Identity & Access Management
  • Ability to customize Control Tower landing zone even after initial deployment

Features of AWS Control Tower

a) AWS Control Tower automates the setup of a new landing zone which includes,


  • Creating a multi-account environment using AWS Organizations
  • Identity management using AWS Single Sign-On (SSO) default directory
  • Federated access to accounts using AWS SSO
    • Centralized logging from AWS CloudTrail, and AWS Config stored in Amazon S3
  • Enable cross-account security audits using AWS IAM and AWS SSO

b) Account Factory


  • This helps to automate the provisioning of new accounts in the organization.
  • A configurable account template that helps to standardize the provisioning of new accounts with pre-approved account configurations.

c) Guardrails


  • Pre-bundled governance rules for security, operations, and compliance which can be applied to Organization Units or a specific group of accounts.
  • Preventive Guardrails – Prevent policy violations through enforcement. Implemented using AWS CloudFormation and Service Control Policies
  • Detective Guardrails – Detect policy violations and alert in the dashboard using AWS Config rules

d) 3 types of Guidance (Applied on Guardrails)


  • Mandatory Guardrails – Always Enforced. Enabled by default on landing zone creation.
  • Strongly recommended Guardrails – Enforce best practices for well-architected, multi-account environments. Not enabled by default on landing zone creation.
  • Elective guardrails – To track actions that are restricted. Not enabled by default on landing zone creation.

e) Dashboard


  • Gives complete visibility of the AWS Environment
  • Can view the number of OUs (Organization Units) and accounts provisioned
  • Guardrails enabled
  • Check the list of non-compliant resources based on guardrails enabled.

e) Customizations for Control Tower


  • Gives complete visibility of the AWS Environment
  • Trigger workflow during an AWS Control Tower Lifecycle event such as adding a new managed account
  • Trigger customizations to AWS Control Tower using user provided configuration changes

Steps to setup AWS CT


Setting up a Control Tower on a new account is relatively simpler when compared to setting it up on an existing account. Once Control Tower is set up, the landing zone should have the following.


  • 2 Organizational Units
  • 3 accounts, a master account and isolated accounts for log archive and security audit
  • 20 preventive guardrails to enforce policies
  • 2 detective guardrails to detect config violations

Steps to customize AWS CT
Customizations to a Control Tower can be done using an AWS CloudFormation template at OU and Account levels and service control policies (SCPs) at the OU level. The setup for enabling CT customizations is provided within an AWS CloudFormation template which creates AWS CodePipeline, AWS CodeBuild projects, AWS Step Functions, AWS Lambda functions, an Amazon EventBridge Event rule, an AWS SQS queue, an Amazon S3 or AWS CodeCommit repository to hold the custom resource package file.
Once the setup is done, customizations to AWS CT can be done as follows

  • 2 Organizational Units
  • Upload a custom package file to Amazon S3 or AWS CodeCommit repository
  • The above action triggers the AWS CodePipeline workflow and corresponding CI/CD pipeline for SCPs and CloudFormation StackSets to implement the customizations
  • Alternately when a new account is added, a Control Tower Lifecycle event triggers the AWS CodePipeline workflow via the Amazon EventBridge, AWS SQS and AWS Lambda


The next step is to create a new Organizational unit and then create a new account using the account factory and map it to the OU that was created. Once this is done, you can start setting up your resources and any non-compliance starts reflecting in the Noncompliant resources’ dashboard. In addition to this, any deviation to the standard AWS best practices would be reflected in the dashboard.


Conclusion
With many of the organizations opting for and using AWS cloud services, AWS Control Tower with the centralized management service and ability to customize the initially deployed configurations, offers the simplest way to set up and govern multiple AWS accounts on an ongoing basis securely through beneficial features and established best practices. Provisioning new AWS accounts are as simple as clicking a few buttons while agreeing to the organization’s requirements and policies. Relevance Lab can help your organization to build AWS Control Tower and migrate your existing accounts to Control Tower.

For a demo of Control Tower usage in your organization click here

For more details, please feel free to reach out to marketing@relevancelab.com



0
2020 Blog, Blog, Featured, RLAws Blogs, ServiceNow

Intelligent Automation For User And Workspace Onboarding

By on

May, 2020

- 2020 Blog, Blog, Featured, RLAws Blogs, ServiceNow

Using ServiceNow, AWS Service Catalog and RLCatalyst to create a 1-Click model


AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS. These IT services can include everything from virtual machine images, servers, software, and databases to complete multi-tier application architectures. AWS Service Catalog allows you to manage commonly deployed IT services centrally. It helps you achieve consistent governance and meet your compliance requirements while enabling users to implement only the approved IT services they need quickly.


Working closely with AWS and ServiceNow partnership teams, we have created an integrated solution for enterprises to enable Frictionless User Onboarding and Offboarding in these challenging times of COVID-19. The solution brings together the following building blocks.


Automation:


  • Auto-notification from HR systems for new Employee Onboarding or Offboarding or with Self Service Portals.
  • Workflow Automation in ServiceNow for user-driven or event generated request handling and auto-workflow trigger.
  • Cloud automation with appropriate compliance and policy checks.
  • Orchestration dealing with multiple enterprise systems adapters, complex workflows with integrated approval management based on company policies.
  • Hyper-Automation using a “Service Bus” Model with BOTs across Cloud and Datacenter workloads of Systems and Apps. These cover End User Computing devices (desktops) & Servers with a combination of Windows and Linux workloads.

Integration Service Bus:


  • Integration with Taleo or Workday HR systems that manage the People Management workflows.
  • Integration with Organization Identify and Access Management Tools (Active Directory, SSO, IDAM).
  • Integration with existing ITSM Tools, CMDB/Asset Management and Self Service Portals.
  • Integration with Cloud Infrastructure and Hybrid setups with appropriate policy controls with cost & governance management.
  • Integration with Automated Vulnerability and Patch management lifecycle for all Dynamic Assets.

Intelligent Compliance:


  • Existing SOX processes for assets and resource access controls and compliance.
  • Software Asset Management (SAM) controls as appropriate for the organization (Dynamic Systems and Software CMDB updates).

The following diagram explains the end to end orchestration.



In the sample flow simulated both single-user and bulk user onboarding is supported with an automated multi-stage process that covers Service request creation, AD User provisioning, AWS Workspace provisioning, and notification to end-user post provisioning.


Using RLCatalyst Intelligent automation product the entire solution can be downloaded by customers from a marketplace and enabled in their environments. It is pre-bundled for deployment inside a secure customer environment and includes:


  • A ServiceNow plug-in.
  • An RL BOTs server deployment.
  • AWS Service Catalog integration and BOTs server deployment inside a secure environment of the customer.

For more details, please feel free to reach out to marketing@relevancelab.com

0