The Challenge

Vodafone Group Public Cloud Services(PCS) team manages the global public cloud estate of Vodafone all over the world. Business divisions and the local market’s journey to AWS cloud starts with an AWS account to be provisioned, configured and hardened with security baselines and guardrails by the PCS team. The team needs to evolve an innovative self-service solution to enable everyone in Vodafone wherever they are in the world to create an AWS account within minutes.


The Solution

Self-Serve Multi Master AWS Account Provisioning and Management for Vodafone Group Datamellon worked with the PCS team to design and build a serverless self-service solution with ServiceNow Service Catalog integration. The solution - Self-Serve Multi Master AWS Account Provisioning and Management for Vodafone Group was developed with suites of AWS managed serverless services below:



API Integration

Amazon API Gateway was used to create, publish, monitor and secure all the solution APIs which ServiceNow Service Catalog consumes for application access and functionality from the backend services powered by AWS Lambda. API Gateway handles all the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls, including traffic management, CORS support, authorization and access control, throttling, monitoring, and API version management.



Compute

The application backend logic was implemented with AWS Lambda. AWS Lambda automatically runs the application code without requiring us to provision or manage servers. Lambda continuously scales with sub second metering and consistent performance.



Database

Amazon DynamoDB Global Tables with deployments in two regions.
Fully managed NoSQL service that provides fast and predictable performance with seamless scalability.
DynamoDB performs all of the necessary tasks to maintain and propagate ongoing data changes between the tables across the regions.


Deployment

The solution was deployed with AWS native continuous integration and continuous deployment (CI/CD) toolchains of AWS CodeCommit, CodePipeline and CodeBuild. Deployment artifacts are stored in Amazon Simple Storage Service (Amazon S3). Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security and performance.


Security

All data is encrypted at rest and in transit. Deployment artifacts are encrypted with strong, self-signed cryptographic customer keys managed by AWS KMS. User access management was implemented with Amazon Cognito. A simple and secure user sign-up, sign-in, and access control.



The Benefits

The solution enables everyone in Vodafone irrespective of location or time in the world to create an AWS account baked with Vodafone security guardrails under their group function or local market master account within minutes without any interaction with any member of the PCS team. The solution freed up a significant amount of time for the PCS team to focus on other innovative solutions and fast tracked the AWS cloud journey for various group functions and local markets in Vodafone.