Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News Zurich Insurance Group's Journey with Scalable Account Vending and AWS Account Factory for Terraform

Zurich Insurance Group's Journey with Scalable Account Vending and AWS Account Factory for Terraform

This item in japanese

AWS recently highlighted Zurich Insurance Group's use of AWS Account Factory for Terraform, which enabled them to attain the desired performance parameters needed to facilitate the provisioning of more than 3000 accounts. Zurich Insurance Group streamlined its Cloud Adoption Strategy by using the Scalable Account Vending solution, automating the process of setting up new AWS environments easily.

In a blog post, Raffaele Garofalo, senior solutions architect, and John Duckmanton, senior cloud infrastructure architect at AWS, provided an overview of the migration journey. In 2022, Zurich launched a multi-year initiative aimed at fast-tracking its digital transformation and innovation by moving 1,000 workloads, including essential insurance and SAP tasks to AWS.

The initiative further aimed to standardize reusable Terraform-prebuilt patterns and services, simplifying migration and enhancing reusability. Zurich's shift to self-service DevSecOps for infrastructure meant setting up DevSecOps environments in Azure DevOps and Terraform Cloud for workloads lacking them, thereby accelerating adoption. The Scalable Account Vending (SAV) solution made it easier and faster to set up AWS accounts using AWS Account Factory for Terraform. It also ensured a uniform process across different business units, reducing the effort needed for support and allowing everyone to use the best methods.

Submitting a single Jira Service Management request by the workload owner initiated the provisioning of the complete cloud workload environment, equipping it with all essential resources needed for migrating a workload to AWS. This comprehensive solution was deployed as infrastructure-as-code, managed through Zurich Insurance Group’s standard Azure DevOps CI/CD pipeline.

Source: How Zurich Insurance Group built their Scalable Account Vending process using AWS Account Factory for Terraform

The AWS Control Tower Account Factory for Terraform (AFT) operates by creating a new AWS account whenever a Terraform configuration request is submitted to its account request GIT repository. Each configuration request includes all necessary details and metadata to accurately categorize the AWS account within the appropriate organizational structure and assign it to the correct cost center.

The AWS Control Tower Account Factory for Terraform (AFT) adopts a GitOps methodology for the provisioning and initial setup of new AWS accounts with Terraform. It has processes for account creation and resource deployment in these accounts, utilizing global and account-specific customizations via Terraform modules. The modifications to these modules carry the risk of introducing errors that may affect accounts provisioned this way.

To minimize the above risk, Zurich Insurance Group adopted GitFlow. It involved a procedure of pull requests, reviews, and merges for modifying production configurations to prevent disruptive changes. Any changes undergo testing in lower-level environments before being rolled out to production.

We saw an engaging discussion on Reddit, where the tech community shared their insights and opinions on using the Account Factory for Terraform with AWS. One comment discussed the merits and potential challenges of undertaking the migration to AFT. Another discussion focused on understanding AFT's main goal, managing multiple accounts efficiently.

Streamlining into a single ITSM request, Zurich Insurance Group CCOE enhanced SLA and customer satisfaction, cut support time and effort, and fortified their AWS security through automated DevSecOps. Based in Zurich, Switzerland, the company specializes in life and P&C insurance.

About the Author

Rate this Article