Transforming Cybersecurity with AWS Graviton
The Company
Meet a cutting-edge SaaS platform revolutionizing cybersecurity operations with advanced AI and automation. With the expert support of 2bcloud, recognized under the AWS Graviton Service Delivery Program, the company has enhanced security infrastructures by optimizing MITRE ATT&CK coverage and revealing hidden detection gaps. This transition to Graviton was facilitated by 2bcloud’s proven expertise in cloud solutions, allowing for a seamless adoption process without the need for additional infrastructure investment.
The Challenges
The company faced several critical challenges:
- Lengthy Test Durations: Their tests were taking longer than desired.
- Testing in Pull Requests (PRs): They needed to run a full suite of tests during PRs to ensure code quality.
- High API Latency: Slow API responses were degrading the user experience.
Solution Requirements
They were in search of a solution that:
- Reduces Costs: Prioritizes significant operational cost savings.
- Future-Proofs Technology: Keeps their system competitive amid rapid technological changes.
Original Architecture
Their infrastructure on AWS consisted of:
- AWS EKS for container orchestration (v1.27).
- AWS Lambda for serverless functions.
- Messaging Queue Stack for efficient, asynchronous processing.
- GitHub Actions for streamlined continuous integration (CI), with some CI processes on external runners hosted on EKS.
- ArgoCD for robust automation in continuous deployment (CD).
Why AWS Graviton?
The switch to AWS Graviton was driven by:
- Price-Performance Advantage: Dramatic cost reductions coupled with improved performance.
- Strategic Investment: Alignment with the latest advancements in cloud computing.
Migration Strategy
- Managed Services: Services like Amazon RDS and Elasticache were migrated to Graviton seamlessly with point-and-click actions, without any downtime.
- EC2 Compute: This more complex migration included several phases:
-
- Validation: Using the Porting Advisor for Graviton to assess code compatibility.
- Multi-Platform Image Build: Building multi-architecture container images with Docker Buildx to support both x86 and Arm64 architectures.
- Deployment and Troubleshooting: Managing deployments and Graviton instances in the EKS cluster with Terraform, using a phased rollout with weighted target groups to ensure a smooth transition.
Validation and Build Process
We leveraged the Porting Advisor for Graviton to analyze our code and dependencies, ensuring compatibility without requiring code modification. Our multi-arch images were then built using Docker Buildx, creating a unified image that supports multiple architectures and pushing it to Amazon’s ECR registry.
Deployment and Troubleshooting
We crafted an updated EKS cluster using Terraform and strategically deployed Graviton instances. Our phased traffic migration strategy through ELB’s weighted target groups ensured a controlled and health-monitored rollout, progressively increasing the traffic to the new cluster.
Results
- Latency Improvement: We saw a 48.2% reduction in latency.
- Cost Savings: Achieved about 15% in cost savings, moving from a C5.2xlarge instance at $0.34 per hour to a C7g.2xlarge at $0.29 per hour.
Key Takeaways
- Update Regularly: Keeping software up-to-date has proven crucial in avoiding performance bottlenecks.
- Use the Porting Advisor: This tool offers valuable early insights for necessary code adjustments.
- Implement Gradual Deployment Strategies: Employing strategies like canary or blue-green releases helps minimize deployment risks.
- Monitor and Adjust: Utilizing CloudWatch metrics enables continuous performance optimization.
Summary
AWS Graviton’s remarkable capabilities extend across various demanding applications, from web services to intensive data analytics. With its efficiency and cost-effectiveness, Graviton is becoming a cornerstone for businesses aiming to stay competitive and sustainable in the tech-driven market.