Professional Documents
Culture Documents
Solution – round 3
AWS native Cloud capabilities Security by design Accenture – PSA Build Infrastructure right sizing
Accenture best practices and tools Highly available infrastructure Integration with PSA ecosystem Cost control & optimization
EGVO principles re-used 24/7 L3 operations Possible reversibility
The below slides present the orientations and assumptions that has been taken for the initial design in order to
contribute to the business case
Although it has been done by following best practices and by taking into account PSA main expectations and
concerns, several workstreams are already identified to fully assess security compliance & technical feasibility
3 availability
zone in
Ireland on
separate DC
Edge location
to improve
performance
AWS complementary
tooling for
infrastructure
operations
Monitoring
AWS WAF Amazon Cognito
ElastiCache for
Amazon Memcached
Route 53 Alarm
Discovery
EC2
Instances
Amazon AWS IAM Elastic Load Module X
Balancing EC2 Automation
CloudFront
Instances Oracle RDS AWS Config
Module Y
PSA DNS
Role
Qualys
Amazon S3
AWS Shield AWS
CloudTrail
VPN Connection
3rd
Parties Web
PSA Datacenters PSA tools channel
➢ Workstream 1 : Authentication & federation (AWS Cognito vs PSA tools, MFA etc.)
➢ Workstream 2 : AWS-PSA-3rd parties integrations (VPN, media exchange etc.)
➢ Workstream 3 : Continuity & resilience (DRP, Cyber attack prevention & resolution)
➢ Workstream 4 : Reversibility (AWS native services, Accenture tools & operations)
Amazon Route 53 is a highly available and scalable Domain Amazon Cognito lets you add user sign-up, sign-in, and access
Name System (DNS) web service. More control to your web and mobile apps quickly and easily. More
Amazon CloudFront is a web service that speeds up distribution You can use AWS IAM to securely control individual and group
of your static and dynamic web content. More access to your AWS resources More
AWS WAF is a web application firewall that helps protect web Elastic Load Balancing automatically distributes incoming
applications from attacks. More application traffic across multiple targets, such as Amazon EC2
instances. More
AWS WAF Elastic Load
Balancing
AWS Shield is a managed service that provides protection Amazon Simple Storage Service (Amazon S3) is an object
against Distributed Denial of Service (DDoS) attacks. More storage service that offers industry-leading scalability, data
availability, security, and performance. More
AWS Shield Amazon S3
Amazon Virtual Private Cloud (Amazon VPC) lets you provision Memcached is an easy-to-use, high-performance, in-memory
a logically isolated section of the AWS Cloud where you can data store. More
launch AWS resources in a virtual network that you define. More
VPC Memcached
Private subnets allow to logically isolate applicative components Amazon CloudWatch is a monitoring and management service
for an enhanced security built for developers, system operators, site reliability engineers
(SRE), and IT managers. More
Private AWS
Subnets Cloudwatch
Amazon Elastic Compute Cloud (Amazon EC2) is a web service AWS Config is a service that enables you to assess, audit, and
that provides secure, resizable compute capacity in the cloud. evaluate the configurations of your AWS resources. More
More
AWS EC2 AWS
Config
VPC – eu-west-1
Guidewire DB Datahub
Info center
(out of scope)
Billing center online Billing center batch
AZ / eu-west-1a
Same to AZ / eu-west-1a
for high availability
ELB AZ / eu-west-1b