New Tech Solutions, Inc. (NTS) AWS Managed Services (MS) are made up of a flexible and scalable team to meet customers’ needs for certified AWS Solutions Architects, SecOps, DevOps, and system administrators. NTS’ MS team is thoughtfully designed to augment in-house customer IT staff and aligning with business and technical needs. NTS’ expertise and tool sets can deliver consistent monitoring, alerting, optimizing, securing, cost saving, and deploying of AWS workloads for any sized environment. An example of this can be seen through a customer requirement to regularly patch a mission critical application part of an AWS Auto Scaling Group (ASG) with zero down-time SLA for the maintenance. NTS’ MS team
The customer was relying on a lengthy and error prone task to manually apply monthly OS security patches. Not only was this process difficult but it left the application limited as the physical servers were taken out of rotation to complete the patching. Now that the customer’s application was migrated to AWS they turned to NTS MS to optimize this process while maintaining security compliance and enhancing application availability during maintenance. With the application workload in the cloud the customer was still relying on similar manual steps to patch an AMI and update the instances in the ASG Launch Configuration (LC) with it. Manual steps which were not tied to a set schedule and included: manually launching an instance from a Golden AMI copy, patch the instance, stop the instance, create an AMI copy of the instance, manage AMI copies and instances, find ASG and manually copy new AMI ID, and finally OS reboots one at a time to try and keep application availability at peak performance.
Understanding the security and availability requirements of the application in AWS, NTS’ MS team elected to use AWS Lambda, Automation Document, SSM Patch Manager, and custom IAM Roles to patch the Red Hat Enterprise Linux (RHEL) instances in the ASG. To successfully automate this process using AWS services, NTS’ MS team created the following end-to-end solution:
AWS IAM Roles to:
AWS Systems Manager:
Once the Automation steps are executed successfully per the Maintenance window an SNS Topic notifies the NTS MS team to initiate an ASG Refresh. The Refresh is a controlled manner in which instances in the ASG are replaced (deregistered) with the newly patched AMIs from the automation process. New instances are initialized and introduced to the ASG one at a time to conform with the requirement that a minimum of 3 application servers are available at all times.
NTS’ automation of AWS and Vendor patching has solidified the customers security posture related to OS patching. This once labor-intensive manual process is now fully automated saving the customer time and money while allowing the critical application to remain highly available and scalable during maintenance. The resulting success the NTS MS team was able to provide gave the customer multiple technical and business victories.